Bug 3000 - winbind does not update the cache before restarting the daemon
winbind does not update the cache before restarting the daemon
Product: Samba 3.0
Classification: Unclassified
Component: winbind
All Linux
: P3 major
: none
Assigned To: Gerald (Jerry) Carter
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2005-08-13 08:17 UTC by Pasi Sjöholm
Modified: 2005-08-24 10:20 UTC (History)
0 users

See Also:

update expired cache entries immediately (8.59 KB, patch)
2005-08-16 15:30 UTC, Gerald (Jerry) Carter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Pasi Sjöholm 2005-08-13 08:17:08 UTC
First I upgraded our Win2000-servers with Rollup Fix 1 and noticed that our
linux-servers are not authenticating users via winbind anymore. So I upgraded
Samba to 3.0.20rc2.

Everything was ok until I noticed that If I delete or create a user from/to
Windows AD the winbind's cache is not updating.

Changing "winbind cache time" doesn't help.
Comment 1 Gerald (Jerry) Carter 2005-08-13 08:46:08 UTC
My guess is that you are hitting a known issue with 
the netsamlogon_cache.tdb file.  Stop winbindd remove 
this file and then restart.
Comment 2 Pasi Sjöholm 2005-08-13 13:32:43 UTC
Actually I have already tried that. =) See bug id 1974. 

However this problem is somewhat different because the winbind does not see new
users and remembers the deleted ones. I even can't get new users authenticated
because winbind does not "see" them.

For a solution I migrated back to RHEL samba (3.0.9) and unistalled windows 2000
rollup fix. On next week I'm going to build a proper test enviroment to give you
more detailed information about this bug.

Comment 3 Gerald (Jerry) Carter 2005-08-15 06:04:30 UTC
does getent passwd 'deleted user' work?
Comment 4 Pasi Sjöholm 2005-08-15 06:33:00 UTC
If you mean does it show the deleted user's info, it does until I restart the 

I also noticed that if you list files (ls -l) on a directory which has files 
owned by lots of users eg. incoming mailspool. If there is a file owned by 
deleted user it will show up that it's owned by the user which owned the last 

-rw-------    1 user1  Domain Users    93967 Aug 15 15:18 user1
-rw-------    1 user1  Domain Users        0 Jul  7 08:45 user2

and if you do ls -l user2 it will show:
-rw-------    1 10234  Domain Users        0 Jul  7 08:45 user2

Comment 5 Gerald (Jerry) Carter 2005-08-15 19:19:15 UTC
Found the problem.  The rewrite of winbind no longer actually 
has a daemon to update the user list cache (i.e. no dual daemon
for user lists).  Although other requests have one daemon 
per domain.

So the cache is marked as expired but never updated.  This will 
definitely have to be fixed before the 3.0.20 release.
Comment 6 Gerald (Jerry) Carter 2005-08-16 15:23:33 UTC
I'm checking a fix that removes the background cache updates.
Now if the cache expires, the child process will immediately 
update it.  This fixes my tests and should be ok for performance.
I'll attach a patch to this erport for 3.0.20rc2.
Comment 7 Gerald (Jerry) Carter 2005-08-16 15:30:17 UTC
Created attachment 1382 [details]
update expired cache entries immediately
Comment 8 Gerald (Jerry) Carter 2005-08-16 15:30:31 UTC
fixed in 3.0.20
Comment 9 Pasi Sjöholm 2005-08-17 09:08:49 UTC
Just tested the patch against to 3.0.20rc2 and it seems to be working very well.
Thanks. =)
Comment 10 Gerald (Jerry) Carter 2005-08-24 10:20:28 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.