Bug 3423 - Changing group users don't refresh until restart
Summary: Changing group users don't refresh until restart
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.20b
Hardware: x86 Windows 2000
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2006-01-18 08:53 UTC by Luis Vinay
Modified: 2006-01-20 08:55 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Luis Vinay 2006-01-18 08:53:03 UTC
I have this:

GroupA: with User1 as member
GroupB: with User2 as member

ShareA: GroupA write, GroupB read 
ShareB: GroupB write, GroupA read

then i change to this:

GroupA: with User2 as member
GroupB: with User1 as member

and the changes aren't reflected on "reality", until I restart samba

Comment 1 Luis Vinay 2006-01-18 08:56:07 UTC
I forgoted, Im using LDAP as database backend, here the relevan part of my smb.conf file:

        workgroup = IPLANTEST
        netbios name = PDCIPLANTEST
        server string = IplanTest Samba3 & OpenLDAP PDC Server
        interfaces = eth0, lo
        bind interfaces only = Yes
        passdb backend = ldapsam:ldap://localhost
        enable privileges = yes
        username map = /etc/samba/smbusers
        log level = 3
        syslog = 0
        log file = /var/log/samba/%m.log
        max log size = 1024
        smb ports = 139
        name resolve order = host wins bcast lmhosts
        time server = yes
        printing = cups
        printcap name = CUPS
        show add printer wizard = No
        add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
        delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
        add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
        delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
        add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
        set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
        add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u"
        logon script = scripts\logon.bat
        printcap cache time = 3
        # ----| Disabled Roaming profiles |---- #
        logon path =
        logon drive = X:
        logon home =
        domain logons = Yes
        domain master = Yes
        preferred master = Yes
        wins support = Yes
        ldap suffix = dc=iplantest,dc=com,dc=ar
        ldap machine suffix = ou=People
        ldap user suffix = ou=People
        ldap group suffix = ou=Groups
        ldap idmap suffix = ou=Idmap
        ldap admin dn = cn=Administrator,dc=iplantest,dc=com,dc=ar
        idmap backend = ldap:ldap://localhost
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        map acl inherit = Yes
Comment 2 Guenther Deschner 2006-01-19 21:53:54 UTC
Manipulated group membership is reflected in your token after you logoff and logon again, correct?
Comment 3 Luis Vinay 2006-01-20 06:22:46 UTC
yes, but not allways, but I cannot tell every single user that ask me for access to a share, that restart session.
Comment 4 Jeremy Allison 2006-01-20 07:33:06 UTC
This is just the way Windows works. If you want groups re-evalutated you must log on again. This is not a bug.
Comment 5 Luis Vinay 2006-01-20 08:55:09 UTC
Ok!, Tanks for your time