Hello,
We're using a vServer that's authenticated to our domain controller with AD integration. We create a domain tunnel and then give users in a specified group login rights to the cluster.
We're seeing that when we remove a user from the same group that was given cluster login rights (while forcing replication on domain controller), the user is still able to login for about 20 minutes afterward.
When we disable the account the intended effect is immediate. The user cannot login.
Also, if we remove the user from the group, disable the account, the user will not be able to login. But as soon as it is re-enabled they can login.
Every command I've tried for clearing kerberos cache or otherwise doesn't affect the results. Anyone have advice on a command that works to do this?
Also, I want to point out that I have verified that the forced AD replication is occuring immediately on the secondary domain controllers. So I believe this to be a problem on the NetApp side.
Thanks