Ralph Boehme
2023-Jun-30 14:23 UTC
[Samba] Group memberships on Linux AD Member (syncing randomly)
Hi Matthias, On 6/30/23 15:40, Matthias Leopold via samba wrote:> Can someone explain what is happening or where I need to tune?this is by design. :) The only reliable way (lacking S4U2SELF support) to get group membership for an AD user, is using the group list the DC passes along to us as part of the authentication process. We're trying extra hard to store this data *persistently* in the SAM-logon cache and not in an easily user flushable cache. -slow -- Ralph Boehme, Samba Team https://samba.org/ SerNet Samba Team Lead https://sernet.de/en/team-samba SAMBA+ Samba packages https://samba.plus/ SAMBA+ AIX Webinar https://samba.plus/samba-webinars -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20230630/b2d5abdb/OpenPGP_signature.sig>
Matthias Leopold
2023-Jul-03 09:43 UTC
[Samba] Group memberships on Linux AD Member (syncing randomly)
Thanks for explaining, I wasn't aware of this. Maybe this should be mentioned more prominently in the docs (I hope I didn't overlook anything). Matthias Am 30.06.23 um 16:23 schrieb Ralph Boehme via samba:> Hi Matthias, > > On 6/30/23 15:40, Matthias Leopold via samba wrote: >> Can someone explain what is happening or where I need to tune? > > this is by design. :) > > The only reliable way (lacking S4U2SELF support) to get group membership > for an AD user, is using the group list the DC passes along to us as > part of the authentication process. > > We're trying extra hard to store this data *persistently* in the > SAM-logon cache and not in an easily user flushable cache. > > -slow > >