[Samba] Winbind group cache

Rowland penny rpenny at samba.org
Thu Jul 16 07:34:52 UTC 2020

On 16/07/2020 08:06, Ian Coetzee via samba wrote:
> On Wed, 15 Jul 2020 at 15:29, Rowland penny via samba <samba at lists.samba.org>
> wrote:
>> On 15/07/2020 13:59, Ian Coetzee via samba wrote:
>>> Hi All,
>>> I have hit a snag with winbind's group caching on AD on one of our
>> client's
>>> infrastructure.
>>> We have a client that is using AD groups to control ssh access to
>> servers.
>>> The client is running a lot of different bugfix and build versions in the
>>> 3.6 branch all running on RHEL using rpm's.
>>> I have seen this issue cropping up in the ML from time to time and most
>> of
>>> the solutions are to rm /var/lib/samba/netsamlogon_cache.tdb.
>>> Is there perhaps another way to tell winbind to invalidate the cache (or
>>> ignore it all together)?
>>> I would prefer to not rm this file from a nightly cron (which is the
>>> current solution in place)
>>> I have petitioned the client to update the samba version to samba 4, but
>> it
>>> does not look like they want to bite.
>>> Kind regards
>>> Ian Coetzee
>> Just tell them that RHEL/Centos 6 goes EOL in November ;-)
>> They really should upgrade, there have been numerous CVE's that have not
>> been backported to 3.6.x because it is EOL.
>> There have also been numerous bugfixes that haven't been backported.
>> Rowland
> Hi Roland,
> Thank you for the reply, I will see about getting them to upgrade, but so
> far there has been no luck - they can't afford to be offline, so they don't
> want updates -
> Will an update to samba 4.x fix the caching issue?
> Kind regards
> Ian Coetzee

Very probably, but if it doesn't, at least you stand a chance of getting 
it fixed, you have no chance at the moment.

As for the cost, well, what is going to cost if the network collapses ?


More information about the samba mailing list