Two Samba AD i AD DS mode running Version 4.9.5-Debian. Three member-servers running Samba Version 4.9.5-Debian. I'm adding users to a group, and most of them look ok when I check with 'id username' on the member-servers. Also 'samba-tool group show' and 'user show' looks OK to me, the user has the correct memberOf attribute and the DN is also member of the group-object. However, on the member-server 'id username' doesn't show this group. 'id username' shows this group for all other users in this group. I have a test member-server that _does_ show the user to be a member of the group. I have restarted smbd, nmbd and winbindd on the member-server to no avail. Is there some timeout of a cache that has to be purged or waited for, or why doesn't the group membership show up on the member servers almost immediately? -- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
On 17/06/2020 11:39, Harald Hannelius via samba wrote:> > > However, on the member-server 'id username' doesn't show this group. > 'id username' shows this group for all other users in this group.So, it wasn't just me ;-) Can you wait until tomorrow, the group should appear by then, if it does, can you create a bug report ? Rowland
On Wed, 17 Jun 2020, Rowland penny via samba wrote:> On 17/06/2020 11:39, Harald Hannelius via samba wrote: >> >> >> However, on the member-server 'id username' doesn't show this group. 'id >> username' shows this group for all other users in this group. > > So, it wasn't just me ;-)Sorry, You lost me here. Has this been discussed recently? I'm in the middle of so many projects I haven't had time to sit and follow this list as much as I'd like to.> Can you wait until tomorrow, the group should appear by then, if it does, can > you create a bug report ?Well, I'm on vacation starting two hours from now but I can probably check this tomorrow anyways :) I read somewhere that there's some caching going on, but there was no real solution on how to purge this cache other than have the client log out of their computer and on again. I have asked my colleague to do this, so it might be that waiting until tomorrow won't work. -- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020