[Samba] Samba AD member server and cached credentials?

Andrew Bartlett abartlet at samba.org
Mon Aug 14 05:03:14 GMT 2006


On Tue, 2006-08-08 at 22:49 +0200, Henrik Zagerholm wrote:
> Hi,
> You might take a look at the new option in smb.cong called winbind  
> offline logon (G)
> Haven't used it myself but I think it would work :) 

No, this is for local logins.

> or you have to  
> wait for samba4 :)

Samba4 will not be able to solve this any more than Samba3.

> Cheers,
> Henrik
> 8 aug 2006 kl. 19:14 skrev Hansjörg Maurer:
> 
> > Hi
> >
> > we are using a recent samba server in an AD W2003 domain.
> > The AD DC's are located at the main location.
> > The samba member servers (file-servers) are  located at the
> > outside locations.
> >
> > A User is able to logon to his Workstation, even if the
> > Domaincontroller is not available, if he has already logged on to
> > this workstation earlier (the clients caches the credentials).
> >
> > But the client is anable to acces files on the samba server,
> > it the connection to the AD-DC at the main location is not available.
> >
> > Is there a way that samba can cache credentials as a AD member  
> > server to,
> > in order to to allow the clients to access their files without  
> > connection to the
> > AD DC?

With the current code, the PAC evaluation should be local, so this might
work, for Kerberos logins *only*, and where the client already has the
ticket.

This mostly deals with the case where the DC is unavailable on a very
short-term basis, after logon and initial access.  Otherwise, this is
not possible, with Samba nor a Microsoft server.  

The correct solution is to deploy a DC locally, if you expect this kind
of disruption.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20060814/04f550b4/attachment.bin


More information about the samba mailing list