samba AD group inconsistency
 

Hi all.

I just noticed a weird problem and I have been spending couple of days to find the issues. I have centos 5.8 with samba3x-3.5 connecting to AD.

What i just noticed is that, certain users have groups that are not even assigned to them. At first I thought it was cache and tried restarting samba and winbind and it didnt work.

here is when i run the command id for user who is not in any group
as for user johnq, his group is ehth but the results looks different.
I have checked randomly and some of the users are correct, only some have this sort of problems. It puzzles me.

Any pointers is appreciated.

Thanks!

Is there an overlap of gid (group identifiers (numbers)) on the host in /etc/groups and the UNIX attributes of the AD groups, they need to be unique.
Is the /etc/nsswitch.conf group entry set to "group file ldap"?

Hi,

There's no overlap. However I just noticed that prior to that, users have access to multiple groups and when it was removed from AD, ldap seems to still have the cache around. Restarting samba winbind didnt do the trick. I went through samba docs and decided to add in the config

Restart samba and winbind. Check the users still the same. I decided to let it run. So the next day i checked, users/groups in samba are in sync with AD. I am trying to replicate the issues and see if i could simulate the same problem again. As of now, i consider this problem as solved. :)