Hi, list. I'm running samba-3.5.4 + winbind on a RHEL 5 server. I'm trying to allow ssh logins to users in a particular Active Directory group in the TESTDOMAIN domain.
My problem is that group membership seems to be updated when the user logs in. So, if a remove a user from the allowed group, the first login attempt is successful. This is my samba/winbind configuration: [global] workgroup = TESTDOMAIN password server = server1.testdomain server2.testdomain realm = test.domain encrypt passwords = yes netbios name = TESTSERVER security = ads ; idmap uid = 10000 - 20000 ; idmap gid = 10000 - 20000 idmap backend = tdb idmap uid = 1000000-1999999 idmap gid = 1000000-1999999 idmap config TESTDOMAIN : backend = rid idmap config TESTDOMAIN : range = 10000 - 49999 idmap config TRUSTED : backend = rid idmap config TRUSTED : range = 50000 - 99999 idmap config TRUSTED : base_rid = 1000 winbind separator = + template homedir = /home/%D/%U template shell = /bin/bash winbind use default domain = false winbind offline logon = false auth methods = winbind log level = 3 allow trusted domains = no winbind enum users = yes winbind enum groups = yes idmap cache time = 30 winbind cache time = 10 nscd is not running, just in case it matters. Any hint? -- Luis Marqueta <l...@marqueta.org> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba