Hello,
Following to this old post (Tue Jul 6 02:22:22 MDT 2010), here is the
solution I found :
- stop nscd : /etc/init.d/nscd stop
- restart samb : /etc/init.d/samba restart
- start nscd : /etc/init.d/nscd start
...in this order !
Roland.
Hello,
When I modify a user account adding him to a customized group, there
is a delay which can be up to 2 hours to take effect.
- the user account is already created with smbldap-useradd.
- the user account is modified later (with smbldap-usermod), adding
him to a group which has the right "allow log on through terminal
services properties" on the local security policy
The samba server act as a PDC.
I've tried a lot of things to bypass the delay :
- restart of samba
- restart of openldap
- gpupdate /force on windows server
- modify the delay in GPO : group policy refresh interval for users
and for computers
- purge of samba cache in /var/cache/samba
- purge of nscd cache in /var/cache nscd
If I give the right directly to the user on windows server, it take
effect immediatly and I can log on Terminal Server.
The error message I have when the policy hasn't take yet effect is
"to log on this remote computer, you must be granted the allow log on
through terminal services right. By default, members of the Remote
Desktop Users group have this right. If you are not a member of remote
desktop users group ot another group that has this right, or if the
remote desktop user group does not have this right, you must be granted
this right manually".
It seem that there is a cache for groups.
What service can be responsible of this delay ? Terminal server, GPO,
samba, ldap, some cache,... ?
Thank you for your help or advice
---
Roland JARRY
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba