samba - Feb 2021 - winbind samlogon issue

On Wed, 2021-02-17 at 19:19 -0500, Jason Keltz via samba
wrote:
> 
> I wanted to ask for more information on "net cache samlogon" and
its
> 
> relation to "winbind cache time".
None.  This information is sticky until the next login, forever.

We would like to eventually refresh this information via a ticket
obtained with S4U2Self, but we can't right now.

At one point we were thinking to totally remove the ability to find out
much about users who hadn't ever logged in, because the alternatives
are unreliable, but this never proceeded.

I hope this helps,

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

On 2/17/2021 7:32 PM, Andrew Bartlett via samba wrote:
> On Wed, 2021-02-17 at 19:19 -0500, Jason Keltz via samba wrote:
>> I wanted to ask for more information on "net cache samlogon"
and its
>>
>> relation to "winbind cache time".
> None.  This information is sticky until the next login, forever.
>
> We would like to eventually refresh this information via a ticket
> obtained with S4U2Self, but we can't right now.
>
> At one point we were thinking to totally remove the ability to find out
> much about users who hadn't ever logged in, because the alternatives
> are unreliable, but this never proceeded.
>
> I hope this helps,
>
Hi Andrew,

So if I need to refresh the users groups on each login, would I then 
need to clear these samlogon entries on my own? ? Can I tell winbind not 
to store them in the first place?

Why does it appear that without doing this, the users groups get updated 
sometimes and not other times?

And then what is the "winbind cache time" ?

Thanks,

Jason.