[Samba] winbind cache time?

Discussion:

(too old to reply)

Nerijus Baliunas

2005-05-04 00:50:09 UTC

Hello,

according to 'man smb.conf': Default: winbind cache time = 300

I have not changed it in smb.conf, but when I remove some user
from some group, command "groups DOMAIN+user" still shows
that user belongs to the group even after a few hours after removing
the user from that group. Any ideas why?
samba 3.0.15pre2.

Regards,
Nerijus

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Nerijus Baliunas

2005-05-05 00:30:12 UTC

Permalink

Post by Nerijus Baliunas
according to 'man smb.conf': Default: winbind cache time = 300
I have not changed it in smb.conf, but when I remove some user
from some group, command "groups DOMAIN+user" still shows
that user belongs to the group even after a few hours after removing
the user from that group. Any ideas why?
samba 3.0.15pre2.

BTW, it happens even if I restart winbind (i.e. changes to group membership
reflect only after a few hours). I understand that everyone is busy (I wrote
a few messages with real problems during a few weeks and got only one
response, and I can understand that), but does it work for everyone else?
I.e., if you remove user from group, is the user still able to access files
accessible by group only?

Nerijus

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Gerald (Jerry) Carter

2005-05-07 16:30:12 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nerijus Baliunas wrote:
| On Wed, 4 May 2005 03:37:52 +0300 (EEST) Nerijus Baliunas
<***@users.sourceforge.net> wrote:
|
|>according to 'man smb.conf': Default: winbind cache time = 300
|>
|>I have not changed it in smb.conf, but when I remove some user
|>from some group, command "groups DOMAIN+user" still shows
|>that user belongs to the group even after a few hours after removing
|>the user from that group. Any ideas why?
|>samba 3.0.15pre2.
|
| BTW, it happens even if I restart winbind (i.e.
| changes to group membership reflect only after a few hours).

Try removing the netsamlogon_cache.tdb file and see if the
behavior is more consistent. If so, please let me know and
we'll work harder on fixing this.

cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfOq+IR7qMdg1EfYRAlwLAKCuNgo8+8crEEQru0/3dQErZ2AkBACgwxXs
/fYjy6Whi700zeDN8qDublo=
=0zHp
-----END PGP SIGNATURE-----

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Nerijus Baliunas

2005-05-09 02:50:06 UTC

Permalink

Post by Gerald (Jerry) Carter
| BTW, it happens even if I restart winbind (i.e.
| changes to group membership reflect only after a few hours).
Try removing the netsamlogon_cache.tdb file and see if the
behavior is more consistent. If so, please let me know and
we'll work harder on fixing this.

Yes, removing netsamlogon_cache.tdb and restarting winbind helped.
BTW, can I remove netsamlogon_cache.tdb when winbind is running?

Regards,
Nerijus

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Gerald (Jerry) Carter

2005-05-09 03:40:07 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Nerijus Baliunas

Yes, removing netsamlogon_cache.tdb and restarting winbind helped.
BTW, can I remove netsamlogon_cache.tdb when winbind is running?

No. Volker and I have an idea on how to clean this cache file up
though. It's involves a reference count based on active sessions
for each cache entry. We'll try to clean it up soon.

cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCftkBIR7qMdg1EfYRAqDkAJ93n5JK5TsWo3az5j5g0848lAu3OwCfRNro
5FtwGi5B451J3rT4DLd88bA=
=2zCk
-----END PGP SIGNATURE-----

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Gerald (Jerry) Carter

2005-05-20 17:40:12 UTC

Permalink

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post by Nerijus Baliunas

Yes, removing netsamlogon_cache.tdb and restarting winbind helped.
BTW, can I remove netsamlogon_cache.tdb when winbind is running?

No. The file is mmap()'d by winbindd. However, the cache is
updated everytime the user logs in using NTLM authentication.
We need to expire cached entries based on a reference count
of the active sessions.

cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCjh6LIR7qMdg1EfYRAtS6AJ0cq9vs/Qj8WCqwmK3jy8DZ7ZqNXACfZyJF
tOnhQYBDGAUjqZH5J5Rh5U4=
=rkQ1
-----END PGP SIGNATURE-----

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba