[Samba] winbind samlogon issue
Ralph Boehme
slow at samba.org
Thu Feb 18 15:13:15 UTC 2021
Am 2/18/21 um 3:44 PM schrieb Jason Keltz:
> On 2/18/2021 1:06 AM, Ralph Boehme wrote:
>
>> Am 2/18/21 um 2:03 AM schrieb Jason Keltz via samba:
>>> If I regularly clear the samlogon cache, I believe I get the updated
>>> groups, so it's like the equivalent of expiring it. I'd rather if I
>>> didn't have to do it, but at least there is a way. It would be
>>> preferable, of course, if the samlogon cache expired on its own using
>>> the winbind cache time. With SSSD, I think setting
>>> "entry_cache_timeout" would do the same thing as me manually clearing
>>> the samlogon cache in winbind. Lots of fun.
>> in case this wasn't clear: a login *always* updates the cache.
>
> Hi Ralph,
>
> Thanks for your message and clarification. Apparently, I misunderstood.
> That's not the way it's working for me all the time.
fwiw, the cache is updated with an *SMB* login! Not on ssh login or similar.
Another variable in the mix could be nscd who might be caching group
membership info. So while debugging, make sure to stop nscd.
If groups are not updated upon SMB login, something unexpected is going on.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
Samba Developer, SerNet GmbH https://sernet.de/en/samba/
GPG-Fingerprint FAE2C6088A24252051C559E4AA1E9B7126399E46
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210218/7826c5a6/OpenPGP_signature.sig>
More information about the samba
mailing list