The Samba-Bugzilla – Bug 2592
End-user who creates session with samba server will preserve AD settings and permissions
Last modified: 2005-09-29 09:04:35 UTC
End-user AD settings and permissions, which created session with Samba server,
will be preserved and unchanged until the end of the openned session. Thus
removing or adding user to/from Print Admin group in AD will not effect a user,
if created session with Samba server.
Steps to reproduce:
Configure print server and register it to AD.
User, that defined in Admin group, browses to samba server by its NetBIOS name.
Verify that user can act as administrator (for example upload printer drivers)
In AD remove user from Admin group.
User still can acts like as admin.
Only when logged off from win machine or samba server restarted, new user's
permissions will be updated.
this is by design. The token is created at logon time.