In more and more cases I've come across problems that arise because the netsamlogon_cache.tdb is never expiring entries. Someone logs in, and *forever* after that the information that is returned from wbinfo --user-sids & friends represents what has been current during that logon. As nowadays we are perfectly able to expand domain local groups ourselves, I would see netsamlogon_cache.tdb as a pure cache for efficiency. As such it should at least expire upon a winbind restart, if not after the winbind cache time. Jerry, I'm filing this as a bug and don't work on the code directly, as this probably needs discussion first. Volker
*** Bug 1190 has been marked as a duplicate of this bug. ***
in the beginning it was to work around lack of schannel support and restructanonymous environments. I agree we should have some cache timeout, but a time based cache may not be correct in my opinion. If we could code a session based cache for the lifetime of the connection, that would probably be best. We should talk about how to bring things up to date.
cache has been removed for 3.0.21.