Hi Michael,

> i tweaked winbind cache time to 60s and everything works as expected:
> - a user, who is in a group that has write perms, can write
> - remove user from this group -> user cannot write anymore
> - add user again to this group -> user can write again

Thanks for giving this a go - now that I know it should be working, I
delved deeper into the problem and it turns out that there's something
funny happening with the smbd processes. When I update group
membership any *new* smbd processes pick this up, however the existing
ones don't.

This also goes for shares too - I can delete a share from smb.conf and
do a "killall -HUP smbd" however any XP boxes already connected to the
share still have full access to it, even though it no longer exists in
smb.conf. I have to actually kill the smbd process to cause the XP
machine to disconnect, and then when I reconnect the shares and group
memberships have updated.

I take it you didn't have to do any of this? I wonder why I can't get
Samba to update its config without terminating it first?

To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba