similar to: netsamlogon_cache.tdb & winbind.

I have 4 Samba 4.7.0 DCs. I have 3 clients using samba-winbind.x86_64 0:4.6.2-11.el7_4 with an identical configuration, which produce inconsistent user group membership for multiple users. I've tried using all 4 DCs explicitly (e.g., realm = dc01.mediture.dom), net cache flush and restarting winbind. I've also tested cloning a user and setting up the user as identical as possible:

I think we're suffering from bug 8641 at the moment: https://bugzilla.samba.org/show_bug.cgi?id=8641 where the netsamlogon_cache.tdb entries are not expiring. We use AD groups for our (redhat) server auth, and also use server-side group auth for NFS (with the --manage-gids flag). So if a user is not in a group on the server, they're denied access to files as per group permissions.

====================================================== "Nothing you wear is more important than your smile." Connie Stevens ====================================================== Release Announcements ===================== This is the first stable release of Samba 4.6. Please read the release notes carefully before upgrading. UPGRADING ========= ID Mapping ---------- We

====================================================== "Nothing you wear is more important than your smile." Connie Stevens ====================================================== Release Announcements ===================== This is the first stable release of Samba 4.6. Please read the release notes carefully before upgrading. UPGRADING ========= ID Mapping ---------- We

Hello, i am using samba 3.0.9 (winbind in particular) on RHES server for a squid project : to authenticate users or check in they are member of some groups on AD W2K servers. It has been working fine for one year. Last week, we have defined new AD groups to use for this project. The problem that i am facing, is that for some users, the check to see if the user is in the group is working fine,

W dniu 2019-07-18 o?21:39, ?ukasz Michalski via samba pisze: > W dniu 2019-07-18 o?21:22, Rowland penny via samba pisze: > >> On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: >>> W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >>> >>> I changed uid, sAMAccountName, msFU30Name from 'foo' to 'bar' using >>> ADUC

Folks; using samba+winbindd+pam+nsswitch to make several Linux servers authenticate against an AD domain, I do have my setup mostly working now: - AD users are able to ssh into the machine. - wbinfo -g / -u does list all domain users. - getent group / getent passwd does list Unix and AD users. However, after changing some users group memberships in AD, I didn't manage to propagate this

On 18/07/2019 20:20, ?ukasz Michalski via samba wrote: > W dniu 2019-07-18 o?18:46, Rowland penny via samba pisze: >> On 18/07/2019 17:36, Kris Lou via samba wrote: >>> Might have something to do with this bug: >>> https://bugzilla.samba.org/show_bug.cgi?id=11482 >>> >>> You can find and make the relevant changes with ADSI Edit. >>>

Hi, I'm running Samba Active Directory 4.16.9 with packages from Sernet. Domain members are Linux servers (Ubuntu 20.04, RHEL 8) with Sernet Samba 4.16.x. I'm getting crazy with group memberships syncing from AD to Linux members. It is completely random as when changes in AD group are visible in Linux OS (or more precise: winbind), it might take minutes, hours or days as when these

Hello subscribers, we have a problem with keeping our group memberships up to date. If we e.g. remove a group membership from a user, we don?t see any change when trying "wbinfo -r j.doe" or "groups j.doe". Even after hours there ist no update. We also tried restarting smb, nmb, winbindd. Anyone has an idea? Some additional info: |samba/winbind-version: 3.2.0-17.fc9

Hello Samba team ! I'm network administrator in a french high school where I store my user/group ID using rfc2307. My client stations use Winbind to query rfc2307 attributes. Each new years, as all my students move to another class, almost all my user's gid are updated in AD. This gid is very important in my network because pam_mount mount only the share corresponding the to user's

Hello, according to 'man smb.conf': Default: winbind cache time = 300 I have not changed it in smb.conf, but when I remove some user from some group, command "groups DOMAIN+user" still shows that user belongs to the group even after a few hours after removing the user from that group. Any ideas why? samba 3.0.15pre2. Regards, Nerijus

Hi All: I have problems with maintain tdb files. From samba doc, these files are = classified into persistent and temporary. From the man page of smbd, = these file are classified into persistent and not. However, there are = some files no need to backup but need to be persistent = (netsamlogon_cache.tdb), and some files need to backup but not need to = be persisten (registry.tdb). There are also

Hi, Just noticed, I am unable to use nested groups when relying on RFC2307 for filesystem permissions, am I wright? What have I missed? (Samba 4.12 on Buster, 2008R2 domain level) Any migration path to stop using RFC2307 and go to pure idmap without loosing all permissions on a 6T filesystem? Is that a solution? Regards, -- *Marcio Merlone*

August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba at lists.samba.org> wrote: > On Fri, 25 Aug 2017 13:54:21 +0000 > "A. James Lewis" <james at fsck.co.uk> wrote: > >> It's not offline.... and groups do usually filter through... >> sometimes immediately, sometimes never... but usually with a >> significant delay... >>

Hai, Can anyone tell me the "adviced" extra package versions for this release. I did a checkup at : https://www.samba.org/ftp/?C=M;O=D And i noticed the following. Ldb from 1.1.27 to 1.1.28, as mentiond in the changelog Talloc from 2.1.8 to 2.1.9, not mentioned in the changelog. Tdb 1.3.11 to 1.3.12, not mentioned in the changelog. Tevent 0.9.31 stays at 0.9.31 no change.

Mandi! Rowland Penny via samba In chel di` si favelave... > > I'm again a bit confused... ;-((( > Yes I can see that ;-) ;-) Sorry for the late answer, but i was busy on other things... > Hope this helps, but feel free to ask any questions. I try to summarize: a) as i supposed 'RFC2307 group membership' are totally ignored by samba, so i can use RFC2307 schema to

Hey again all, After the rather excellent assistance from a few of you on the list over the last week... I wonder if you will be able to answer the cause of another rather long standing issue I've had for a long while. We have a couple of Linux hosts using winbind for authentication, and AD groups for access to various privileges... but for some reason or another... possible firewalls

Mandi! Rowland Penny via samba In chel di` si favelave... Sorry, i come back to that: > Not sure what you are getting at here, if you add a user to a group in > AD, you not only get a record in the group object, you also get a > record in the users object > > dn: CN=Unixgroup,CN=Users,DC=samdom,DC=example,DC=com > ..... > member: CN=Rowland

Hey, I have 2 trusted domains to deal with, "DEV" and "TODEV", and I have configured smb.conf like this:- [global] workgroup = MAIN security = ADS realm = MAIN.DOMAIN.LOCAL idmap config *:backend = tdb idmap config *:range = 95000-99999 idmap config MAIN:backend = rid idmap config MAIN:range = 100000-999999 idmap config DEV:backend = rid idmap config DEV:range =