I have configured my linux machines (running CentOS 5.2) to authenticate against a Windows server running Active Directory. I have even enabled winbind offline logon. Everything works as expected, however I'm also looking to impose a TTL for the winbind authentication cache. So far all I found was the below snippet from the samba documentation
winbind cache time (G)
This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.
*This does not apply to authentication requests*, these are always evaluated in real time unless the winbind offline logon option has been enabled.
Default: winbind cache time = 300
Clearly the winbind cache time parameter does not control the cache TTL for authentication requests.
Is there any other way I can implement a cache timeout for winbind authentication requests?
Thank you
Best Answer
I was initially using the default
idmap
backend. However, when i switched theidmap
backend toAD
, the problem was fixed. Below are the config options i used in smb.conf.Note however that i still have to logout and log back in to see any changes that were made on the AD side to group memberships.