Hello, We use samba 3.2.5 on Debian Lenny with LDAP backend (OpenLDAP 2.4.11). Access to files and directories are granted via ACLs.
For example, we have a directory "projekt-my-test": # getfacl projekt-my-test # file: projekt-my-test/ # owner: root # group: Domain\040Admins user::rwx group::rwx group:projekt-my-test-rw:rwx mask::rwx other::--- So, I added a user to the group "projekt-my-test-rw" in the LDAP tree. I could confirm with "getent group" that the user was now member of the group. But when the user tried to access the directory, access was denied. When I checked with "net RPC GROUP MEMBERS projekt-my-test-rw", the user was not listed as a group member. After I waited for about half an hour, the user suddenly could access the directory. And really, when I checked now with the net RPC GROUP MEMBERS, the user was listed as a member. I did some research if samba does some caching regarding user and group information from a LDAP server, but hadn't found anything. So I wanted to ask the experts on the list: What is causing this delay of about 30 minutes of group membership modification in the LDAP database and the recognition by Samba? And how can I prevent it, i. e. how can I force samba, to re-read/refresh group information from LDAP (besides from a restart of the service)? Regards, Henry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
