[Samba] samba and AD integration, Two questions
Taylor Lewick
tlewick at tradebotsystems.com
Fri Jun 27 19:10:14 GMT 2008
Nevermind, it would just be the Kerberos lifetimes of the tickets as set
/etc/krb5.conf
Thanks again, I tested it as per the webpage and it works...
-----Original Message-----
From: samba-bounces+tlewick=tradebotsystems.com at lists.samba.org
[mailto:samba-bounces+tlewick=tradebotsystems.com at lists.samba.org] On
Behalf Of Taylor Lewick
Sent: Friday, June 27, 2008 1:25 PM
To: Jeremy Allison
Cc: samba at lists.samba.org
Subject: RE: [Samba] samba and AD integration, Two questions
Thank you, any idea how long it will cache the login info?
-----Original Message-----
From: Jeremy Allison [mailto:jra at samba.org]
Sent: Thursday, June 26, 2008 3:02 PM
To: Taylor Lewick
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba and AD integration, Two questions
On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick wrote:
> Hi all. I've set up a test SuSe 10.2 linux machine that is
> authenticating against our active directory. Right now we just create
> users in AD, and then they can login to the unix box and using
> pam_mkhomedir. We don't add users to the /etc/passwd file, in fact,
if
> you try and add a user using useradd -m once they've been setup in AD,
> you get a message saying account already exists.
>
> So Kerberos, AD, Samba, PAM and Winbind are all working.
>
> Right now, if a user logins to the linux box for the first time using
> ssh, it creates their home directory. Perfect.
>
> But I do have two questions.
>
> If they login to the box by mounting the samba share via windows, i.e.
> \\servername\share two directories are created. One for their AD
> username, and one for the machine name of their PC. Its not a big
deal,
> but is there a way to disable or stop it from creating the machine
name
> directory? We won't ever use that directory.
>
> Second, if for any reason we did lose connectivity to our domain
> controllers, no one could login to the Linux box since there are no
> accounts in /etc/passwd. So is there a way to set it up so that if
the
> linux machine can't talk to the domain controller, then someone could
> still login to the box?
Check out the "winbind offline logon" parameter for details on
this :
http://wiki.samba.org/index.php/PAM_Offline_Authentication
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list