> > I have a win2k domain controller, and winbindd is running on a FreeBSD box. > > After a user has been authentiacted (using "wbinfo -a username%password"), > > when "Member of" for this user is modified from the domain controller, > > "wbinfo -r username" won't returns the new groups, unless you remove file > > "winbindd_cache.tdb" then restart winbindd. It seems like winbindd > > wouldn't try to refetch the group information after it is cached. > > > > I post this message to [EMAIL PROTECTED] a few days ago and no reply > > yet. Could anyone look into this please? > > (Assuming Samba 3.0, I'm not quite sure what ended up in 2.2)
2.2.5 does not have such a problem. > > Yes, this behaviour is by design. Perhaps we need to reconsider the > design. The problem is that we wanted to avoid an expencive call to the > DC for every login, particularly as we are given a full list of the > users groups in the reply to the authenticaion request. > The problem is that it seems the old information is kept in cache forever. If we try to avoid expensive calls, can we define a timeout value so we don't it very often? > In particular, when we are not using LDAP and Active Directory, it > appears that there is no other way to reterive these groups. BTW, I > think the problematic file is netlogon_unigroup.tdb. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] > Student Network Administrator, Hawker College [EMAIL PROTECTED] > http://samba.org http://build.samba.org http://hawkerc.net >
