From: davefu on 21 Dec 2009 10:10
Wes Deviers wrote:
> I'm having this same problem, but it's new. Using 3.4.2 Debian packages,
> recently upgraded. I never had any type of LDAP group caching problem
> the last 2 weeks. I added a user to an LDAP group as normal because they
> needed access to a new share. Cleared the nscd caches as normal. The
> definition uses
> force group = +groupName
> valid users = @admins, @groupName
> write list = @admins, @groupName
> All of the people previously in @groupName retain access to the share.
> person I just added cannot access it. getent, groups, etc all return the
> correct group membership. If I add the account explicitly to valid users
> write list, it works as soon as I do an smbd reload.
> Did some behavior change or have we stumbled on a new bug?
> On Monday 30 November 2009 07:29:33 am davefu wrote:
>> Hi, thanks for answering.
>> I have only 1 Samba server. When I mentioned changes on groups, I meant
>> LDAP server. LDAP is used on both system and samba environments. When
>> changing groups on users, those changes are instant on the system
>> environment, but not on Samba.
>> - I create a new "Folder A", with full permissions for "Group A"
>> - "User B" (belonging to group B), logs via SSH to the server, and can't
>> access the "Folder A".
>> - "User B" logs via Samba using his Windows desktop machine, and can't
>> access the "Folder A" (previously configured inside a Samba Resource).
>> - Now I add "User B" to "Group A" via LDAP. He belongs now to "Group A"
>> "Group B".
>> - Getent group | grep "User B" shows correctly both groups on the user.
>> - "User B" correctly access "Folder A", write files, etc via console,
>> or any kind of regular system authentication (since system is using pam
>> libraries, configured to use LDAP as backend).
>> - "User B" still can't access "Folder A" in any way. Samba has cached
>> B" credentials, and haven't checked LDAP again for a while. The only
>> is to restart Samba, or wait randomly until Samba refreshes / syncs LDAP
>> info about that user again.
>> Hope this little story explains my problem better.
>> Sorry for my english.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
View this message in context: http://old.nabble.com/Samba-%2B-LDAP%3A-Changing-user%27s-group-tp26421317p26870920.html
Sent from the Samba - General mailing list archive at Nabble.com.
To unsubscribe from this list go to the following URL and read the