Hello Martin, In this quite old bug report of yours, you're reporting issues with some "old" records of your ADS server, with the "wbinfo -r" command not recognizing the removal of some users from groups.
You kindly tried to reproduce the problem with backported versions of
samba when I asked this to you, back in late 2007.
Since then, we released samba 3.2 in unstable and testing.
Would you be able to re-test with one of these versions?
Another good test would be playing with "idmap cache time", "idmap
negative cache time" and "winbind cache time":
(though the first is set to 1 in your first example)
idmap cache time (G)
This parameter specifies the number of seconds that Winbind´s idmap
interface will cache positive
SID/uid/gid query results.
Default: idmap cache time = 900
idmap negative cache time (G)
This parameter specifies the number of seconds that Winbind´s idmap
interface will cache negative
SID/uid/gid query results.
Default: idmap negative cache time = 120
winbind cache time (G)
This parameter specifies the number of seconds the winbindd(8)
daemon will cache user and group
information before querying a Windows NT server again.
This does not apply to authentication requests, these are always
evaluated in real time unless the
winbind offline logon option has been enabled.
Default: winbind cache time = 300
--
signature.asc
Description: Digital signature
