[Samba] Samba with Winbind Doesn't See New AD Groups

Ralph Boehme slow at samba.org
Wed Oct 16 19:32:19 UTC 2019

On 10/16/19 9:04 PM, Rowland penny via samba wrote:
> On 16/10/2019 19:37, Ralph Boehme via samba wrote:
>> On 10/16/19 8:10 PM, Bill Riner wrote:
>>> I am logged in as root to one of the clustered Samba servers. 
>>> Normally when a group is added to AD, it shows up using
>>> # getent -s winbind group {group_name}
>>> In this case, the group Drug_Discovery_Team_Meetings exists in AD,
>>> but I don’t see it using getent.
>> re-login that user over SMB.
>> -slow
> I do not think that will help, ...

if the user has logged in before over SMB, there will be a netsamlogon
cache entry containing the user's groups as passed to us by a DC as part
of the PAC. Samba will use this cached group info until the user logs in
again (over SMB) which will tell us the updated groups from AD.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

More information about the samba mailing list