Samba Winbind User Resolution

We have successfully deployed AD authentication using Samba and Winbind (idmap_ad) across six Centos 6 servers and have been running happily for a few months now.

One of the servers has stopped resolving one particular username (# id username), this AD user resolves on all other servers and all other users resolve on the problem server.

I think this may be caused by a corrupt winbindd_idmap.tdb. Now, the easiest way to check this is to stop winbind dlete the file, restart samb and start winbind, then try again. My problem is that there is currently a change freeze in place and we would have to raise RFC's etc to test the theory.

My question is: Is it possible to clear the winbind cache without restarting the service?

Or if you think it's something else, please feel free to step in!

Thanks


UPDATE:

Change freeze now finished.

I have deleted winbindd_idmap.tdb and also winbindd_cache.tdb and restarted winbind. This has not resolved it.

Also, the server does not resolve random new users (some it does, some it doesn't). I'm having trouble figuring this out.

Can anyone help?


Solution 1:

Now resolved, this worked for me:

Cleared all Winbind caches and flushed net cache.

Remember to take a backup before deleting anything!

Stop the Winbind and Samba services:

service winbind stop
service smb stop

Clear the Samba Net cache:

net cache flush

Delete the Winbind caches:

rm -f /var/lib/samba/*.tdb
rm -f /var/lib/samba/group_mapping.ldb

Start the Samba and then Winbind services - Note: The order is important

service smb start
service winbind start

Test it by trying to resolve a user.

Solution 2:

May be net cache flush will do.