I'm having this same problem, but it's new. Using 3.4.2 Debian packages, recently upgraded. I never had any type of LDAP group caching problem until the last 2 weeks. I added a user to an LDAP group as normal because they needed access to a new share. Cleared the nscd caches as normal. The service definition uses
force group = +groupName valid users = @admins, @groupName write list = @admins, @groupName All of the people previously in @groupName retain access to the share. The person I just added cannot access it. getent, groups, etc all return the correct group membership. If I add the account explicitly to valid users & write list, it works as soon as I do an smbd reload. Did some behavior change or have we stumbled on a new bug? Wes On Monday 30 November 2009 07:29:33 am davefu wrote: > > Hi, thanks for answering. > > I have only 1 Samba server. When I mentioned changes on groups, I meant on > LDAP server. LDAP is used on both system and samba environments. When > changing groups on users, those changes are instant on the system > environment, but not on Samba. > > - I create a new "Folder A", with full permissions for "Group A" > - "User B" (belonging to group B), logs via SSH to the server, and can't > access the "Folder A". > - "User B" logs via Samba using his Windows desktop machine, and can't > access the "Folder A" (previously configured inside a Samba Resource). > - Now I add "User B" to "Group A" via LDAP. He belongs now to "Group A" and > "Group B". > - Getent group | grep "User B" shows correctly both groups on the user. > - "User B" correctly access "Folder A", write files, etc via console, ssh, > or any kind of regular system authentication (since system is using pam > libraries, configured to use LDAP as backend). > - "User B" still can't access "Folder A" in any way. Samba has cached "User > B" credentials, and haven't checked LDAP again for a while. The only option > is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP > info about that user again. > > Hope this little story explains my problem better. > Sorry for my english. > > Thanks! > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba