[Samba] cached credentials local login -- notebook domain members
info at sublunar.com
Thu Feb 17 07:45:46 GMT 2005
On Wednesday 16 February 2005 12:02, Martin wrote:
> I have tested both win2k and winXP with both local and roaming profiles
> with the same results: once disconnected the users can't login.
> I'm using samba 3.0.10 with LDAP.
I'm presuming that you haven't applied a security policy that sets cached
credentials to zero. (sorry I can't recall exactly where that entry is -- but
if you haven't imposed a mandatory security profile, you are probably
allowing the 10 cached credentials default.)
Do you, by any chance, have an smbusers file? (Mine is /etc/samba/smbusers,
yours may be located elsewhere) This file maps windows users to unix users.
If you use this file to map legacy windows usernames to accounts on your
samba server, cached credentials will fail.
Say my smbusers file looks like this.
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
ralph = rkaplan
Windows user "jsmith" is not in smbusers, his windows account name is the same
as his unix account name. His cached credentials will work.
Windows user "ralph" has no problem logging in when he is connected to the
network, but he gets a "domain unavailable" message when he tries to use
cached credentials. There is one way that ralph can still log in when he is
offline -- if he uses the unix username, "rkaplan". He still uses his ralph
password -- it's the same credentials and password.
It occurs to me that there is another way that cached credentials may break
with samba. And this is entirely a theory, I don't have a machine I can test
right now. The user is logging in with a mixed-case username, but the 'real'
unix name is all lower case. Something to test anyway.
More information about the samba