On Wed, 7 Apr 2021, Harald Hannelius via samba wrote:
>
> On Thu, 24 Sep 2020, Rowland penny via samba wrote:
>
>> On 24/09/2020 12:30, L.P.H. van Belle via samba wrote:
>>> This test also needs the info on.. which backend? ..
>> I was using the 'ad' backend, but I think this doesn't make
any difference
>>>
>>> And, did you login/logout again after adding the user.
>> No, I didn't, but the only way I could get the user to show up as a
member
>> of the group was to run 'wbinfo -a username' which amounts to
>> re-authenticating.
>
> I have been struggling with this for months, and this one user didn't
ever
> get their group-membership updated on one member-server for some reason.
>
> If I added this user to a group in AD, the user did show up in the group on
> another member-server, verified by checking with 'id username'.
>
> The user must have re-authenticated since September 2020.
>
> I now set the password for the user to a password I know, used 'wbinfo
-a
> username' on the problematic member-server and the user membership
finally
> got updated. The resynched the password-hash from LDAP back to the original
> one.
>
> Something fishy is going on, but I don't know where to look. And since
this
> isn't a bug I can't do anything more than try to describe how to
circumvent
> this non-bug :)
I got bitten by this again. I added uses to a newly created group, but the
member server never sees the new membership. This time I googled and found
this thread from 2014 on the first hit;
https://samba.samba.narkive.com/eqkNlbnm/new-group-membership-not-taken-into-account-on-member-servers
Exactly the same problem. So I tried this;
service winbind stop
rm /var/cache/samba/netsamlogon_cache.tdb
service winbind start
Suggested by Hans-Kristian Bakke. And low and behold, the user immediately
got the new membership. All of the users actually.
member server;
# smbd -V
Version 4.13.13-Debian
domain controller;
# smbd -V
Version 4.17.10-Debian
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
