Hi..
I wanted to ask for more information on "net cache samlogon" and its
relation to "winbind cache time".
I assumed that samlogon is the winbind login cache.? I assume that when
you login to the system, winbind gets the login information (including,
for example, users groups) from the DC, and caches it locally.? I
expected that after "winbind cache time" (300s by default) that
winbind
would clear the entry from samlogon cache so that when the user logs in
the next time, a new samlogon entry is created. I believe that after
joining a host to the domain, it appears to work like that.? However, at
some point later, things break.? This isn't on one machine, but multiple
machines.? A user will login, having been added to a group, and they
won't appear in that group.? Wait hours, and they still won't appear in
that group.? Do a "net cache samlogon list", get the users SID, delete
the SID from samlogon cache, have the user log out and back in, and it
magically works - the user is now in the required groups.? However, when
the user logs back in, do a "net cache samlogon list" and there
won't be
an entry for the user anymore.? Just wondering if I could get some
clarity on whether I'm wrong in the way this should work, or if there's
maybe a bug? ? IF that's the case, can I turn off the samlogon cache
completely? I could write a small script that clears it at regular
intervals, but I feel like winbind intends to do that itself and
probably should.
Thanks for any help,
Jason.