[Samba] Samba with Winbind Doesn't See New AD Groups

Ralph Boehme slow at samba.org
Wed Oct 16 19:32:19 UTC 2019


On 10/16/19 9:04 PM, Rowland penny via samba wrote:
> On 16/10/2019 19:37, Ralph Boehme via samba wrote:
>> On 10/16/19 8:10 PM, Bill Riner wrote:
>>> I am logged in as root to one of the clustered Samba servers. 
>>> Normally when a group is added to AD, it shows up using
>>>
>>> # getent -s winbind group {group_name}
>>>
>>> In this case, the group Drug_Discovery_Team_Meetings exists in AD,
>>> but I don’t see it using getent.
>> re-login that user over SMB.
>>
>>
>> -slow
>>
> I do not think that will help, ...

if the user has logged in before over SMB, there will be a netsamlogon
cache entry containing the user's groups as passed to us by a DC as part
of the PAC. Samba will use this cached group info until the user logs in
again (over SMB) which will tell us the updated groups from AD.

-slow

-- 
Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46



More information about the samba mailing list