Hi All, I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In general thing are working well. However, when winbind caching is enabled (default), group membership does not appear to update, i.e. "wbinfo -r bob" and "groups bob" don't reflect changes in ADS group membership. "getent group groupname" does show the correct info on the second query. Always takes 2 queries regardless of elapsed time. With winbind caching off, each command returns correctly the first time (though slowly).
Using tcpdump with winbind caching enabled, I can "see" the ADS domain controller being queried when winbind cache time expires when each command is executed. However, the "wbinfo" and "groups" results are not updated no matter the amount of elapsed time. It should be noted that if I stop winbind and delete *.tdb then restart, updated info is returned by "wbinfo" and "groups" but again, next changes will not be reflected. Why do I care? I am trying to use pam_listfile.so to control what ADS accounts can log on to the box (by group membership). Pam_listfile is not "seeing" updated group membership when winbind caching is enabled. Somewhat ironically pam_winbind.so "sees" things correctly I suppose because it never consults the cache. What am I missing? Thanks for the help, Noal Some potentially relevant settings from smb.conf include: idmap backend = idmap_rid:APP=17000000-40000000 winbind enum users = yes winbind enum groups = yes idmap uid = 17000000-40000000 idmap gid = 17000000-40000000 winbind use default domain = yes winbind cache time = 30 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba