First I upgraded our Win2000-servers with Rollup Fix 1 and noticed that our linux-servers are not authenticating users via winbind anymore. So I upgraded Samba to 3.0.20rc2. Everything was ok until I noticed that If I delete or create a user from/to Windows AD the winbind's cache is not updating. Changing "winbind cache time" doesn't help.
My guess is that you are hitting a known issue with the netsamlogon_cache.tdb file. Stop winbindd remove this file and then restart.
Actually I have already tried that. =) See bug id 1974. However this problem is somewhat different because the winbind does not see new users and remembers the deleted ones. I even can't get new users authenticated because winbind does not "see" them. For a solution I migrated back to RHEL samba (3.0.9) and unistalled windows 2000 rollup fix. On next week I'm going to build a proper test enviroment to give you more detailed information about this bug.
does getent passwd 'deleted user' work?
If you mean does it show the deleted user's info, it does until I restart the winbindd. I also noticed that if you list files (ls -l) on a directory which has files owned by lots of users eg. incoming mailspool. If there is a file owned by deleted user it will show up that it's owned by the user which owned the last file. Like: -rw------- 1 user1 Domain Users 93967 Aug 15 15:18 user1 -rw------- 1 user1 Domain Users 0 Jul 7 08:45 user2 and if you do ls -l user2 it will show: -rw------- 1 10234 Domain Users 0 Jul 7 08:45 user2 Strange..
Found the problem. The rewrite of winbind no longer actually has a daemon to update the user list cache (i.e. no dual daemon for user lists). Although other requests have one daemon per domain. So the cache is marked as expired but never updated. This will definitely have to be fixed before the 3.0.20 release.
I'm checking a fix that removes the background cache updates. Now if the cache expires, the child process will immediately update it. This fixes my tests and should be ok for performance. I'll attach a patch to this erport for 3.0.20rc2.
Created attachment 1382 [details] update expired cache entries immediately
fixed in 3.0.20
Just tested the patch against to 3.0.20rc2 and it seems to be working very well. Thanks. =)
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.