[Samba] Groupmembership remains

Tobias Kirchhofer collect at shift.agency
Thu Nov 11 14:05:43 UTC 2021 

On 11 Nov 2021, at 11:29, L.P.H. van Belle via samba wrote:

> This sound like a "caching" thingy..
>
> What do you see if you, dont login but run a wbinfo -ug or
> a getent passwd user/group

We experience the same issue. Changes at group membership are not 
available for a client until the user is logged in again.

Strange is, that if we `net cache flush` and even stop winbindd; remove 
winbindd_*tdb; start winbindd the same old information is again there.

On the domain controller side everything is instantly available also 
replicated to other domain controller.

Domain controller:
1. Add user to a group
2. `id username`
- Group is there

File server:
2. `id username`
- Group is not there
3. Login with as username
- Group is there

Is this by design?

4.15.2-SerNet-RedHat-6.el8

Greetings,

Tobias


> Is it updated then? (before you login).
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stefan Kania via samba
>> Verzonden: donderdag 11 november 2021 10:28
>> Aan: samba at lists.samba.org >> samba
>> Onderwerp: [Samba] Groupmembership remains
>>
>> Hi to all,
>>
>> I have a strange problem: I put a user in a group, then
>> listing the user
>> with "id user" on a Linux-client which is member of the domain. The
>> command is showing the groupmembership. Then I remove the
>> groupmembership. On the DC everything is fine, the user is no longer
>> member of the group, the memberOf attribute is also deleted from the
>> ldap-object. On the client the user is still member of the group when
>> looking with "id user". The groupmembership with "id user" stays 
>> until
>> the user is logging in to the client. Did I miss something,
>> or is it as bug?
>>
>>
>> Stefan
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
collect at shift.agency

More information about the samba mailing list