[Samba] SOLVED (kind of) Re: Odd behavior on group membership

[Marcio Vogel Merlone dos Santos]

So,

My problem started on squid not seeing group changes "on the fly". The 
link Rowland provided says the user must authenticate to winbind see the 
new groups, so my workaround was to query ldap directly and bypass 
winbind, or in other words, use ext_ldap_group_acl instead of 
ext_wbinfo_group_acl.

Best regards.

Em 28/11/2018 11:32, Rowland Penny escreveu:
> On Wed, 28 Nov 2018 10:12:39 -0200
> Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote:
>
>> Hi Rowland, thank you for your prompt reply,
>>
>> I sent you the testparam output hence lots of defaults (i presumed
>> would be better), here is crude smb.conf:
>>
>> root at araucaria:~# cat /etc/samba/smb.conf
>> [global]
>>       netbios name = ARAUCARIA
>>       realm = AD.TLD
>>       server role = active directory domain controller
>>       workgroup = A1
>>       server services = -dns
>>       ldap server require strong auth = no
>>       wins support = yes
>>       ntlm auth = yes
>>       log file = /var/log/samba/%m.log
>>       log level = 1 auth_audit:3 auth_json_audit:3
>>       idmap_ldb:use rfc2307 = yes
>>       idmap config * : backend = tdb
>>       template shell = /bin/bash
>>       template homedir = /home/usuarios/%U
>>
>
> OK, You cannot get a correct list of a users supplementary groups
> unless the user has logged into the computer, see here (under 'winbind
> changes' near the bottom of the page):
>
> https://wiki.samba.org/index.php/Samba_4.6_Features_added/changed
>
> Rowland
>   
-- 
*Marcio Merlone*
TI - Administrador de redes

*A1 Engenharia - Unidade Corporativa*
Fone: 	+55 41 3616-3797
Cel: 	+55 41 99689-0036

https://a1.ind.br/ <https://a1.ind.br>