On Oct 15, 2004, at 11:51 AM, Lee Henderson wrote:
How can I force my xserve to reload the information from the ad
controller for a given user, or for the entire domain?
there's no 'update now' button or command
I have a user whose group membership isnt being recogonized, but it
used to be fine, and the user still has access on the ad controller.
The default entry is 12 hours; you're looking for Group Search Interval
Hours key in ActiveDirectory.plist.
I suppose I'm a little in the dark about how the ad plugin works - as
I understand it, its just another lookupd agent, but i don't know if
there's a tool on the cli to control this aspect. I know about
dsconfigad, but it doesn't seem to have any options that would help
this situation, other than unbind/rebind :|
lookupd does not come into play.
Also, I seem to have a problem where the user's primary POSIX group
under their Windows account is not recognized by the ad plugin when
inspected with WGM - neither are the permissions honored for that
group. Any ideas?
When you say primary POSIX group which AD attribute are you referring
to. The plug-in does not know how to use services for unix attributes
without extra configuration.
Are you mapping UniqueID to a specific attribute? This has not been
reliable in my experience. Also keep in mind that a user may only be a
member of 16 groups.
What does
groups username
show?
http://www.4am-media.com
Mac OS X Consulting and Training
Michael Bartosh
email@hidden
303.517.0272
Denver, CO
"The surest way to corrupt a youth is to instruct him to hold in higher
regard those who think alike than those who think differently."
