I recently upgraded to 3.0.4-6.3E from 3.0.2 on RedHat Enterprise 3 and ever
since I have been experiencing a strange winbind issue.
It looks like winbind is not updating the group memberships properly. If I
look at a user using "wbinfo -r DOMAIN+User" I get the following:
11001
11026
11030
11033
11034
11035
11042
11043
11048
11049
Now if I delete any groups or add the user to any additional groups and run
the command again I get:
11001
11026
11030
11033
11034
11035
11042
11043
11048
11049
No Change! It is not updating. But there is more.... If I run "getent group
| grep <GROUP I REMOVED USER FROM>" The group shows the change. So
for
whatever reason wbinfo is not updating while I can see all the changes with
getent. Now one last thing, this is happening on all three of our samba
servers (Same versions relatively same configs) and it was not happening
until after upgrading to the new version of samba (In fact one of the
servers joined the domain under this new version of samba). So I do not
think recreating the tdb files will be a permanent fix.
Here is my Config (Edited to protect the innocent):
[global]
log level = 1
log file = /var/log/samba/%m.log
realm = domain.net
workgroup = DOMAIN
security = ADS
encrypt passwords = yes
password server = dc0.domain.net dc1.domain.net
server string = File Server
socket options = TCP_NODELAY SO_KEEPALIVE
kernel oplocks = yes
oplocks = yes
veto oplock files
/*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v
sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/*
.DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt
/*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P
CBDOC/
interfaces = eth0*,lo
bind interfaces only = yes
#host msdfs = yes
# strict locking
# strict sync
# separate domain and username with +, like DOMAIN+username
winbind separator = +
# use uids from 11000 to 19000 for domain users
idmap uid = 11000-19000
# use gids from 11000 to 19000 for domain groups
idmap gid = 11000-19000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /mnt/share/Applied_Minds/Users/%U
template shell = /bin/bash
[Company_Share]
comment = Company Name Corporate
path = /mnt/share/Company_Share
create mask = 0770
directory mask = 0770
public = yes
writable = yes