Prev: Is it EVER needed to set up kerberos manually if you usesamba to join an ADS domain as a domain member?
Next: Samba4 segfault
From: Oliver Weinmann on 23 Apr 2010 10:50
Hi,

I don't know if this is a problem of SLES11 or winbind itself. I
recently installed the lastest samba winbind 3..5.2 on a SLES9 box and a
SLES11 box.

If I remove a user from a group in Active Directory the change is
visible immediately on the SLES9 box but not on the SLES11 box. Both are
running exactly the same version of winbind:

gedaiv64:~ # cat /etc/SuSE-release
SUSE Linux Enterprise Server 11 (x86_64)
VERSION = 11
PATCHLEVEL = 0
gedaiv64:~ # smbd -V
Version 3.5.2

gedaiv67:~ # cat /etc/SuSE-release
SUSE LINUX Enterprise Server 9 (i586)
VERSION = 9
PATCHLEVEL = 4
gedaiv67:~ # smbd -V
Version 3.5.2

Smb.conf is identical:

[global]
netbios name = gedaiv67
realm = SOMEDOMAIN.NET
workgroup = SOMEDOMAIN
security = ADS
encrypt passwords = yes
idmap backend = ad
idmap config VEGA : backend = ad
idmap config VEGA : schema_mode = sfu
idmap config VEGA : range = 0-99999999
winbind nss info = sfu
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
max log size = 50
log file = /var/log/samba/log.%m
log level = 3
dns proxy = no
wins server = 172.20.200.18 172.18.200.20
allow trusted domains = No
client use spnego = Yes
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab
winbind refresh tickets = true
idmap cache time = 300

Even after 10 minutes and more the change doesn't become effective on
the SLES11 box. NSCD is of course turned off on both machines.

Regards,

Oliver
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: Is it EVER needed to set up kerberos manually if you usesamba to join an ADS domain as a domain member?
Next: Samba4 segfault