Re: [Samba] AD Group update lag / cache, firewall related?
- Date: Fri, 25 Aug 2017 14:58:45 +0000
- From: "A. James Lewis via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] AD Group update lag / cache, firewall related?
August 25, 2017 3:12 PM, "Rowland Penny via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> On Fri, 25 Aug 2017 13:54:21 +0000
> "A. James Lewis" <james@xxxxxxxxxx> wrote:
>> It's not offline.... and groups do usually filter through...
>> sometimes immediately, sometimes never... but usually with a
>> significant delay...
>> I originally put this down to the ancient version of Samba or Winbind
>> that was shipped with the OS, but it seems I was wrong...
>> Winbind can see the group, and even the group membership... and the
>> group is passed on to the OS, but not the group membership.
>> wbinfo -g user | grep group <-- successful
>> getent group group <-- successful
>> groups user | grep group <-- fails
>> I was wondering if there's a limit on the number of groups, since the
>> new machine using "groups", shows that the user has 128 groups, while
>> a machine that's been around for a while shows 156 groups... and
>> another machine that's local to the AD controller shows 174 groups.
> Hmm, try reading this:
> Under 'Samba 4.6.0' --> winbind changes
> Does 'groups user' show any groups ?
Yes, however I have 4 servers and they each show a different number of groups, 128, 154, 169 and 174...
# for i in `groups user`; do echo $i; done | wc -l
The Samba 4.6 box shows 128, which makes me think perhaps there is a limit to the number of groups that are processed somewhere... 128 being a suspicious number!..... but that's a pure guess!.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
A. James Lewis (james@xxxxxxxxxx)
"Engineering does not require science. Science helps a lot but people
built perfectly good brick walls long before they knew why cement works."
To unsubscribe from this list go to the following URL and read the