Can smbd serve files without contacting a DC
Uri Simchoni
urisimchoni at gmail.com
Tue May 5 12:06:02 MDT 2015
Reposting also to the list - Sorry, Scott.
On Tue, May 5, 2015 at 3:44 PM, Scott Lovenberg <scott.lovenberg at gmail.com>
wrote:
> On Tue, May 5, 2015 at 5:52 AM, Uri Simchoni <urisimchoni at gmail.com>
> wrote:
> >
> > Hi,
> >
> > An appliance vendor I'm doing work for, which uses samba as its file
> > server, is sometimes encountering situations where the connection from
> the
> > appliance to the domain controller is flaky, and that creates issues with
> > smbd's ability to serve files. Long delays in initial connection from the
> <snip>
> > Thanks,
> > Uri.
>
>
> If I'm understanding the situation, I think you want to set your PAM
> winbind module to "cached_login = yes" and your smb.conf should have
> "winbind offline login = true". Ref:
> https://www.samba.org/samba/docs/man/manpages/pam_winbind.conf.5.html
I thought PAM is about plaintext logins (as in someone accessing the UI of
the appliance), and has no relevance when it comes to SMB authentication.
>
> I'm not sure how cranky KRB will become if tickets expire when there
> are issues with the path between the appliance and the core AD
> servers. Also, for what it's worth, the exact situation is pretty
> much what read-only domain controllers (RODC) were created for.
> Unfortunately, the wiki seems to indicate that Samba's RODC support
> isn't complete, but the wiki could also be out of date. Ref:
> https://wiki.samba.org/index.php/Join_a_domain_as_a_RODC
That's definitely the way to go in the future. I'm looking for a
non-revolutionary fix though. It would help if the DC could run alongside
the file server, although container technology probably solves this too.
>
> --
> Peace and Blessings,
> -Scott.
>
More information about the samba-technical
mailing list