[Samba] Samba with Winbind Doesn't See New AD Groups
Ralph Boehme
slow at samba.org
Wed Oct 16 19:32:19 UTC 2019
On 10/16/19 9:04 PM, Rowland penny via samba wrote:
> On 16/10/2019 19:37, Ralph Boehme via samba wrote:
>> On 10/16/19 8:10 PM, Bill Riner wrote:
>>> I am logged in as root to one of the clustered Samba servers.
>>> Normally when a group is added to AD, it shows up using
>>>
>>> # getent -s winbind group {group_name}
>>>
>>> In this case, the group Drug_Discovery_Team_Meetings exists in AD,
>>> but I don’t see it using getent.
>> re-login that user over SMB.
>>
>>
>> -slow
>>
> I do not think that will help, ...
if the user has logged in before over SMB, there will be a netsamlogon
cache entry containing the user's groups as passed to us by a DC as part
of the PAC. Samba will use this cached group info until the user logs in
again (over SMB) which will tell us the updated groups from AD.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
More information about the samba
mailing list