In more and more cases I've come across problems that arise because the
netsamlogon_cache.tdb is never expiring entries. Someone logs in, and *forever*
after that the information that is returned from wbinfo --user-sids & friends
represents what has been current during that logon. As nowadays we are perfectly
able to expand domain local groups ourselves, I would see netsamlogon_cache.tdb
as a pure cache for efficiency. As such it should at least expire upon a winbind
restart, if not after the winbind cache time.
Jerry, I'm filing this as a bug and don't work on the code directly, as this
probably needs discussion first.
*** Bug 1190 has been marked as a duplicate of this bug. ***
in the beginning it was to work around lack of schannel
support and restructanonymous environments. I agree we
should have some cache timeout, but a time based cache may
not be correct in my opinion. If we could code a session
based cache for the lifetime of the connection, that would
probably be best.
We should talk about how to bring things up to date.
cache has been removed for 3.0.21.