First I upgraded our Win2000-servers with Rollup Fix 1 and noticed that our
linux-servers are not authenticating users via winbind anymore. So I upgraded
Samba to 3.0.20rc2.
Everything was ok until I noticed that If I delete or create a user from/to
Windows AD the winbind's cache is not updating.
Changing "winbind cache time" doesn't help.
My guess is that you are hitting a known issue with
the netsamlogon_cache.tdb file. Stop winbindd remove
this file and then restart.
Actually I have already tried that. =) See bug id 1974.
However this problem is somewhat different because the winbind does not see new
users and remembers the deleted ones. I even can't get new users authenticated
because winbind does not "see" them.
For a solution I migrated back to RHEL samba (3.0.9) and unistalled windows 2000
rollup fix. On next week I'm going to build a proper test enviroment to give you
more detailed information about this bug.
does getent passwd 'deleted user' work?
If you mean does it show the deleted user's info, it does until I restart the
I also noticed that if you list files (ls -l) on a directory which has files
owned by lots of users eg. incoming mailspool. If there is a file owned by
deleted user it will show up that it's owned by the user which owned the last
-rw------- 1 user1 Domain Users 93967 Aug 15 15:18 user1
-rw------- 1 user1 Domain Users 0 Jul 7 08:45 user2
and if you do ls -l user2 it will show:
-rw------- 1 10234 Domain Users 0 Jul 7 08:45 user2
Found the problem. The rewrite of winbind no longer actually
has a daemon to update the user list cache (i.e. no dual daemon
for user lists). Although other requests have one daemon
So the cache is marked as expired but never updated. This will
definitely have to be fixed before the 3.0.20 release.
I'm checking a fix that removes the background cache updates.
Now if the cache expires, the child process will immediately
update it. This fixes my tests and should be ok for performance.
I'll attach a patch to this erport for 3.0.20rc2.
Created attachment 1382 [details]
update expired cache entries immediately
fixed in 3.0.20
Just tested the patch against to 3.0.20rc2 and it seems to be working very well.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.