[Samba] samba and AD integration, Two questions

Taylor Lewick tlewick at tradebotsystems.com
Fri Jun 27 19:10:14 GMT 2008


Nevermind, it would just be the Kerberos lifetimes of the tickets as set
/etc/krb5.conf

Thanks again, I tested it as per the webpage and it works...

-----Original Message-----
From: samba-bounces+tlewick=tradebotsystems.com at lists.samba.org
[mailto:samba-bounces+tlewick=tradebotsystems.com at lists.samba.org] On
Behalf Of Taylor Lewick
Sent: Friday, June 27, 2008 1:25 PM
To: Jeremy Allison
Cc: samba at lists.samba.org
Subject: RE: [Samba] samba and AD integration, Two questions

Thank you, any idea how long it will cache the login info?

-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org] 
Sent: Thursday, June 26, 2008 3:02 PM
To: Taylor Lewick
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba and AD integration, Two questions

On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick wrote:
> Hi all.  I've set up a test SuSe 10.2 linux machine that is
> authenticating against our active directory.  Right now we just create
> users in AD, and then they can login to the unix box and using
> pam_mkhomedir.  We don't add users to the /etc/passwd file, in fact,
if
> you try and add a user using useradd -m once they've been setup in AD,
> you get a message saying account already exists.
> 
> So Kerberos, AD, Samba, PAM and Winbind are all working. 
> 
> Right now, if a user logins to the linux box for the first time using
> ssh, it creates their home directory.  Perfect.
> 
> But I do have two questions.
> 
> If they login to the box by mounting the samba share via windows, i.e.
> \\servername\share two directories are created.  One for their AD
> username, and one for the machine name of their PC.  Its not a big
deal,
> but is there a way to disable or stop it from creating the machine
name
> directory?  We won't ever use that directory.
> 
> Second, if for any reason we did lose connectivity to our domain
> controllers, no one could login to the Linux box since there are no
> accounts in /etc/passwd.  So is there a way to set it up so that if
the
> linux machine can't talk to the domain controller, then someone could
> still login to the box?

Check out the "winbind offline logon" parameter for details on
this :

http://wiki.samba.org/index.php/PAM_Offline_Authentication

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


More information about the samba mailing list