[Samba] cached credentials local login -- notebook domain members

Matthew Easton info at sublunar.com
Thu Feb 17 07:45:46 GMT 2005


On Wednesday 16 February 2005 12:02, Martin wrote:

> I have tested both win2k and winXP with both local and roaming profiles
> with the same results: once disconnected the users can't login.
> I'm using samba 3.0.10 with LDAP.

I'm presuming that you haven't applied a security policy that sets cached 
credentials to zero. (sorry I can't recall exactly where that entry is -- but 
if you haven't imposed a mandatory security profile, you are probably 
allowing the 10 cached credentials default.)  

Do you, by any chance, have an smbusers file? (Mine is /etc/samba/smbusers, 
yours may be located elsewhere) This file maps windows users to unix users.   
If you use this file to map legacy windows usernames to accounts on your 
samba server, cached credentials will fail.

Say my smbusers file looks like this.

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
ralph = rkaplan

Windows user "jsmith" is not in smbusers, his windows account name is the same 
as his unix account name.  His cached credentials will work.

Windows user "ralph" has no problem logging in when he is connected to the 
network, but he gets a "domain unavailable" message when he tries to use 
cached credentials.  There is one way that ralph can still log in when he is 
offline -- if he uses the unix username, "rkaplan".  He still uses his ralph 
password -- it's the same credentials and password.

It occurs to me that there is another way that cached credentials may break 
with samba. And this is entirely a theory, I don't have a machine I can test 
right now. The user is logging in with a mixed-case username, but the 'real' 
unix name is all lower case.  Something to test anyway.


More information about the samba mailing list