[Samba] LDAP + SSSD + Winbind group membership updating
a.moz at mailhaven.su
a.moz at mailhaven.su
Sun May 18 10:33:30 UTC 2025
Christian Naumer via samba wrote:
> Hi there,
> I seem to remember that Winbind only looks up the groups at login. If
> this is true what you are trying to do will never work. See
> "https://www.flofaber.com/log/group-membership-not-updating-in-winbind".
>
> In AD with Kerberos the groups probably updated when the ticket is
> renewed. That might explain why it works when you restart > SMB.
Thanks for the details. I've seen that article. I didn't manage to
trigger a one time update by 'net cache samlogon delete'. My net cache
samlogon list was empty during the user session. I don't know why.
I need to use Samba on non-domain machines as well, e.g., from outside
of the corporate security perimeter. That's why I can't use Kerberos.
If it's possible by restarting smb is there any chance some part of the
auth code can be cycled on a time interval basis (via a small patch)?
More information about the samba
mailing list