[Samba] winbind samlogon issue

Ralph Boehme slow at samba.org
Thu Feb 18 15:13:15 UTC 2021

Am 2/18/21 um 3:44 PM schrieb Jason Keltz:
> On 2/18/2021 1:06 AM, Ralph Boehme wrote:
>> Am 2/18/21 um 2:03 AM schrieb Jason Keltz via samba:
>>> If I regularly clear the samlogon cache, I believe I get the updated 
>>> groups, so it's like the equivalent of expiring it.  I'd rather if I 
>>> didn't have to do it, but at least there is a way.  It would be 
>>> preferable, of course, if the samlogon cache expired on its own using 
>>> the winbind cache time.   With SSSD, I think setting 
>>> "entry_cache_timeout" would do the same thing as me manually clearing 
>>> the samlogon cache in winbind.  Lots of fun.
>> in case this wasn't clear: a login *always* updates the cache. 
> Hi Ralph,
> Thanks for your message and clarification.  Apparently, I misunderstood. 
> That's not the way it's working for me all the time.

fwiw, the cache is updated with an *SMB* login! Not on ssh login or similar.

Another variable in the mix could be nscd who might be caching group 
membership info. So while debugging, make sure to stop nscd.

If groups are not updated upon SMB login, something unexpected is going on.


Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210218/7826c5a6/OpenPGP_signature.sig>

More information about the samba mailing list