Hello, according to 'man smb.conf': Default: winbind cache time = 300 I have not changed it in smb.conf, but when I remove some user from some group, command "groups DOMAIN+user" still shows that user belongs to the group even after a few hours after removing the user from that group. Any ideas why? samba 3.0.15pre2. Regards, Nerijus
On Wed, 4 May 2005 03:37:52 +0300 (EEST) Nerijus Baliunas <nerijus@users.sourceforge.net> wrote:> according to 'man smb.conf': Default: winbind cache time = 300 > > I have not changed it in smb.conf, but when I remove some user > from some group, command "groups DOMAIN+user" still shows > that user belongs to the group even after a few hours after removing > the user from that group. Any ideas why? > samba 3.0.15pre2.BTW, it happens even if I restart winbind (i.e. changes to group membership reflect only after a few hours). I understand that everyone is busy (I wrote a few messages with real problems during a few weeks and got only one response, and I can understand that), but does it work for everyone else? I.e., if you remove user from group, is the user still able to access files accessible by group only? Nerijus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nerijus Baliunas wrote:> On Sat, 07 May 2005 11:20:14 -0500 "Gerald (Jerry) Carter" <jerry@samba.org> wrote: > >>| BTW, it happens even if I restart winbind (i.e. >>| changes to group membership reflect only after a few hours). >> >>Try removing the netsamlogon_cache.tdb file and see if the >>behavior is more consistent. If so, please let me know and >>we'll work harder on fixing this. > > Yes, removing netsamlogon_cache.tdb and restarting winbind helped. > BTW, can I remove netsamlogon_cache.tdb when winbind is running?No. The file is mmap()'d by winbindd. However, the cache is updated everytime the user logs in using NTLM authentication. We need to expire cached entries based on a reference count of the active sessions. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjh6LIR7qMdg1EfYRAtS6AJ0cq9vs/Qj8WCqwmK3jy8DZ7ZqNXACfZyJF tOnhQYBDGAUjqZH5J5Rh5U4=rkQ1 -----END PGP SIGNATURE-----