I recently upgraded to 3.0.4-6.3E from 3.0.2 on RedHat Enterprise 3 and ever since I have been experiencing a strange winbind issue.
It looks like winbind is not updating the group memberships properly. If I look at a user using "wbinfo -r DOMAIN+User" I get the following: 11001 11026 11030 11033 11034 11035 11042 11043 11048 11049 Now if I delete any groups or add the user to any additional groups and run the command again I get: 11001 11026 11030 11033 11034 11035 11042 11043 11048 11049 No Change! It is not updating. But there is more.... If I run "getent group | grep <GROUP I REMOVED USER FROM>" The group shows the change. So for whatever reason wbinfo is not updating while I can see all the changes with getent. Now one last thing, this is happening on all three of our samba servers (Same versions relatively same configs) and it was not happening until after upgrading to the new version of samba (In fact one of the servers joined the domain under this new version of samba). So I do not think recreating the tdb files will be a permanent fix. Here is my Config (Edited to protect the innocent): [global] log level = 1 log file = /var/log/samba/%m.log realm = domain.net workgroup = DOMAIN security = ADS encrypt passwords = yes password server = dc0.domain.net dc1.domain.net server string = File Server socket options = TCP_NODELAY SO_KEEPALIVE kernel oplocks = yes oplocks = yes veto oplock files = /*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/* .DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt /*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P CBDOC/ interfaces = eth0*,lo bind interfaces only = yes #host msdfs = yes # strict locking # strict sync # separate domain and username with +, like DOMAIN+username winbind separator = + # use uids from 11000 to 19000 for domain users idmap uid = 11000-19000 # use gids from 11000 to 19000 for domain groups idmap gid = 11000-19000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /mnt/share/Applied_Minds/Users/%U template shell = /bin/bash [Company_Share] comment = Company Name Corporate path = /mnt/share/Company_Share create mask = 0770 directory mask = 0770 public = yes writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
