On Wed, Oct 09, 2002 at 03:05:40PM -0700, Jiu Zheng wrote: > > > I have a win2k domain controller, and winbindd is running on a FreeBSD box. > > > After a user has been authentiacted (using "wbinfo -a username%password"), > > > when "Member of" for this user is modified from the domain controller, > > > "wbinfo -r username" won't returns the new groups, unless you remove file > > > "winbindd_cache.tdb" then restart winbindd. It seems like winbindd > > > wouldn't try to refetch the group information after it is cached. > > > > > > I post this message to [EMAIL PROTECTED] a few days ago and no reply > > > yet. Could anyone look into this please? > > > > (Assuming Samba 3.0, I'm not quite sure what ended up in 2.2) > > 2.2.5 does not have such a problem. > > > > > Yes, this behaviour is by design. Perhaps we need to reconsider the > > design. The problem is that we wanted to avoid an expencive call to the > > DC for every login, particularly as we are given a full list of the > > users groups in the reply to the authenticaion request. > > > > The problem is that it seems the old information is kept in cache forever. > If we try to avoid expensive calls, can we define a timeout value so we > don't it very often?
It looks like winbindd is not noticing the SAM id change when the DC is updated..... I don't think not updating the groups is by design. The UNIX user is logging off then on again to see the change aren't they. Jeremy
