On Oct 15, 2004, at 3:13 PM, Michael Bartosh wrote:
On Oct 15, 2004, at 11:51 AM, Lee Henderson wrote:
How can I force my xserve to reload the information from the ad
controller for a given user, or for the entire domain?
there's no 'update now' button or command
CLI tool is really what i'm looking for - it does seem to exhibit
behavior of caching, and it seems that i need a way to "refresh" it.
I have a user whose group membership isnt being recogonized, but it
used to be fine, and the user still has access on the ad controller.
The default entry is 12 hours; you're looking for Group Search
Interval Hours key in ActiveDirectory.plist.
I suppose I'm a little in the dark about how the ad plugin works - as
I understand it, its just another lookupd agent, but i don't know if
there's a tool on the cli to control this aspect. I know about
dsconfigad, but it doesn't seem to have any options that would help
this situation, other than unbind/rebind :|
lookupd does not come into play.
wow it's not an agent? I have no idea how its shoehorned in the OS then.
Also, I seem to have a problem where the user's primary POSIX group
under their Windows account is not recognized by the ad plugin when
inspected with WGM - neither are the permissions honored for that
group. Any ideas?
When you say primary POSIX group which AD attribute are you referring
to. The plug-in does not know how to use services for unix attributes
without extra configuration.
I misspoke, its Primary Group in W2K3 Users and Computers - it's the UI
widget for Primary Group, it the description it mentions it might
affect POSIX apps or Mac clients. I'm not running SFU or mapping the
uniqueid. Not sure what it would map to.
Are you mapping UniqueID to a specific attribute? This has not been
reliable in my experience. Also keep in mind that a user may only be a
member of 16 groups.
Yes, aware of this, and not exceeding it, or coming close.
What does
groups username
show?
it shows the same results as WGM shows - the user's primary group is
missing.
