[Samba] Persistent Winbind gid cache
Rowland Penny
rpenny at samba.org
Mon Oct 8 13:56:27 UTC 2018
On Mon, 8 Oct 2018 15:26:28 +0200
Prunk Dump via samba <samba at lists.samba.org> wrote:
> Hello Samba team !
>
> I'm network administrator in a french high school where I store my
> user/group ID using rfc2307. My client stations use Winbind to query
> rfc2307 attributes.
>
> Each new years, as all my students move to another class, almost all
> my user's gid are updated in AD.
>
> This gid is very important in my network because pam_mount mount only
> the share corresponding the to user's gid.
>
> I don't know why, but sometimes the old gid ( from the previous year
> ) is attributed by pam_mount to the user so the wrong share are
> mounted. So I suspect some persistent Winbind cache.
>
> From the documentation :
> -> idmap cache time default to one week
> -> winbind cache time default to 5 minutes
>
> But after nearly two months I still experience some bad group
> attribution.
>
> All my servers and clients are Debian Stretch with Samba-4.5.12.
> Is there some case (ex : slow server response) where Winbind use a
> cached uid/gid even if the cache time is over ?
>
As always, posting the smb.conf would be a big help.
You seem to be talking about a users gidNumber, but, until Samba 4.6.0,
every users effective primary group was Domain Users.
The only cache used has a time default and the DC is contacted after
this time, unless 'winbind offline logon = yes' is set and a DC cannot
be contacted.
So, more info please.
Rowland
More information about the samba
mailing list