I've been playing with joining RHEL4 (CentOS) machines to a Win2k3 Active Directory.
I've got everything pretty well squared away, except that the linux box never seems to see changes to users' group memberships. For example, I created a user, testuser, who initially just a member of Domain Users. I logged into the linux box with testuser successfully and both 'id' and 'wbinfo' displayed correct information. I then logged out and using AD Users and Groups, I added testuser to a new global group, testgroup. Logging back into the linux box as testuser, I checked both 'id' and 'wbinfo' and the new group membership is not reflected. I understand that by default winbind caches such things for 5 minutes, and since I have not changed this value, I waited for at least 5 minutes and tried again with the same results. Just to be sure, I even let it sit over night, but the new group membership still does not show up. The reason this is important to me is because I've set up Domain Admins in /etc/sudoers. If a user is added to the Domain Admins group, or removed for that matter, and this isn't reflected, that'd be bad. Is there any way to even force the cache to clear? smb.conf: [global] workgroup = LINUXAUTHTEST realm = LINUXAUTHTEST.AD server string = Samba Server security = ADS password server = linuxauthtestdc.linuxauthtest.ad log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No printcap name = /etc/printcap preferred master = No local master = No domain master = No dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/bash winbind use default domain = Yes cups options = raw krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = LINUXAUTHTEST.AD dns_lookup_realm = false dns_lookup_kdc = false [realms] EXAMPLE.COM = { kdc = kerberos.example.com:88 admin_server = kerberos.example.com:749 default_domain = example.com } LINUXAUTHTEST.AD = { kdc = linuxauthtestdc.linuxauthtest.ad:88 admin_server = linuxauthtestdc.linuxauthtest.ad:749 } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } uname -a Linux LinuxTestVM 2.6.9-55.ELsmp #1 SMP Wed May 2 14:28:44 EDT 2007 i686 i686 i386 GNU/Linux winbindd --version Version 3.0.10-1.4E.12.2 Any insight would be appreciated. Kris ___________________________________________ Kristoffer Knigga Systems Administrator Arrow Financial Services [EMAIL PROTECTED] 847-324-7962 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba