Bug 78 - WB<->AD: Winbind cache make temperary login-failure permanent
Summary: WB<->AD: Winbind cache make temperary login-failure permanent
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.0preX
Hardware: All Linux
: P2 major
Target Milestone: none
Assignee: Gerald (Jerry) Carter (dead mail address)
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-09 04:21 UTC by Mads Toustrup
Modified: 2005-11-14 09:29 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mads Toustrup 2003-05-09 04:21:56 UTC
Hi, 

One day our samba3.0 alpha 23 fileserver lost contact with our Active Directory 
because the kerberos connection was lost. 
In this period users connecting to the fileserver could (ofcourse) not be 
authenticated. But! ... When i got the connection up and running again... The 
users stille weren't able to login to the fileserver. 
After a few hours i figured out the Winbind makes a cache (i guess its the 
linux user to AD user ID mapping cache..?!) ... and in here it said that these 
users didn't exist. The cache never timed out (isn't the winbind cache time = 
15seconds by default?) ... But deleting /var/cache/samba/winbind* solved the 
problem. All users could now authenticate against the fileserver.  

Solution: Make the cache timeout by default i think.
Comment 1 Jim McDonough 2003-06-17 13:45:30 UTC
I have taken down my connections, and attempted to access samba, with a failure
that no logon servers are available.  When I reconnect the DC, I am able to
connect.  I did this with users that had already been cached in winbind, and
with users that were never in winbind (including wiping out the cache to start
over).  I am unable to recreate this on beta1.

If you can still recreate this, please include your smb.conf as well as the
actual error messages you receive, and any relevant log lines that are leading
you to suspect winbind caching.
Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-07 07:54:39 UTC
originally reported against 3.0alpha23.  Bugzilla spring cleaning.
Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-11-14 09:29:14 UTC
database cleanup