[Samba] Cache auth credentials on Samba domain member

Gionatan Danti g.danti at assyoma.it
Thu Jun 1 15:09:08 UTC 2017 

Hi Mike,
thanks for your feedback, much appreciated.

The main problem is that, being an enterprise distro released in 2010, 
CentOS 6 mainly provides samba 3.6.x, which can not be used as an AD DC. 
To tell the truth, some samba 4.2.x packages were provided lately - 
still they lacked AD DC capability. From "yum info samba4-dc.x86_64":

"Description : Placeholder package. Samba AD Domain Controller component 
is not available."

Hence my interesting in native credential *caching*, rather than a 
complete credential *store*

Regards.

Il 01-06-2017 16:16 Data Control Systems - Mike Elkevizth ha scritto:
> My setup uses sssd on the clients for offline logon, so it's not the
> same thing you're looking for.  I think what you need is for your
> Samba member server to be an AD DC so it contains it's own credential
> store.  You should check the Samba wiki to figure out how to set your
> server up as a DC and a file server.  That's how mine are setup, so it
> can be done, but there are some intricacies that need to be worked
> around.  Your other option would be to setup a separate AD DC.
> 
> Hope that helps.
> 
> Mike E.
> 
> On Thu, Jun 1, 2017, 9:11 AM Gionatan Danti <g.danti at assyoma.it>
> wrote:
> 
>> Il 01-06-2017 14:45 Data Control Systems - Mike Elkevizth ha
>> scritto:
>>> I've had issues with cached credentials with the Ubuntu packages
>> that
>>> are currently at version 4.3.11. They are a little old, but I
>> haven't
>>> seen any change logs for the newer versions specifically
>> regarding
>>> this issue. Maybe I've missed it, but it's the main reason I
>> continue
>>> using sssd.
>>> 
>>> Mike E.
>>> 
>>> On Thu, Jun 1, 2017, 2:08 AM Gionatan Danti via samba
>>> <samba at lists.samba.org> wrote:
>>> 
>> 
>> I tried with sssd also, but with the same result: if connection to
>> the
>> main (remote) AD server is down, samba does not authenticate users.
>> To
>> recap my setup:
>> 
>> DOMAIN CONTROLLER (Win2003) <-> VPN TUNNEL <-> REMOTE SAMBA SERVER
>> <->
>> REMOTE CLIENTS
>> 
>> If the VPN tunnel goes down, the remote samba server stop
>> authenticating
>> users. It does not seem a winbind or sssd problem, after all:
>> severing
>> the VPN connection, user authentication *outside samba shares* work
>> correctly (I confirmed it by logging in via SSH using domain
>> credential).
>> 
>> However, *no* user authentication is possible on samba shares when
>> the
>> VPN tunnel is down?
>> 
>> Do you have any suggestions?
>> Regards.
>> 
>> --
>> Danti Gionatan
>> Supporto Tecnico
>> Assyoma S.r.l. - www.assyoma.it [1]
>> email: g.danti at assyoma.it - info at assyoma.it
>> GPG public key ID: FF5F32A8
> 
> 
> Links:
> ------
> [1] http://www.assyoma.it

-- 
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

More information about the samba mailing list