The Samba-Bugzilla – Bug 78
WB<->AD: Winbind cache make temperary login-failure permanent
Last modified: 2005-11-14 09:29:14 UTC
One day our samba3.0 alpha 23 fileserver lost contact with our Active Directory
because the kerberos connection was lost.
In this period users connecting to the fileserver could (ofcourse) not be
authenticated. But! ... When i got the connection up and running again... The
users stille weren't able to login to the fileserver.
After a few hours i figured out the Winbind makes a cache (i guess its the
linux user to AD user ID mapping cache..?!) ... and in here it said that these
users didn't exist. The cache never timed out (isn't the winbind cache time =
15seconds by default?) ... But deleting /var/cache/samba/winbind* solved the
problem. All users could now authenticate against the fileserver.
Solution: Make the cache timeout by default i think.
I have taken down my connections, and attempted to access samba, with a failure
that no logon servers are available. When I reconnect the DC, I am able to
connect. I did this with users that had already been cached in winbind, and
with users that were never in winbind (including wiping out the cache to start
over). I am unable to recreate this on beta1.
If you can still recreate this, please include your smb.conf as well as the
actual error messages you receive, and any relevant log lines that are leading
you to suspect winbind caching.
originally reported against 3.0alpha23. Bugzilla spring cleaning.