[Samba] Samba AD auth - Backup?

Dale Schroeder dale at BriannasSaladDressing.com
Mon Mar 9 18:19:49 GMT 2009

Mark Adams wrote:
> Hi All,
> I haven't received a response from anyone on this - Can anyone help?
> Is there any way to have samba simply use the current records stored in
> /var/lib/samba/ if the password server(s) is unavailable?
Have you already tried these parameters?
    password server = server1, server2
    winbind offline logon = Yes


> Best Regards,
> Mark
> On Tue, Mar 03, 2009 at 12:41:35PM +0000, Mark Adams wrote:
>> Thanks for the reply's.
>> Is there anyway to have Samba just read whatever is in the database for
>> the UID/GID map if the DC is not available? From my testing as soon as
>> the DC is unavailable for any reason the ability to login ceases.
>> Am I right in thining that by adding 2 x "kdc" selections to
>> /etc/krb5.cfg I'm setting the 2 DC's to be used for lookups?
>> Regards,
>> Mark
>> On Sun, Mar 01, 2009 at 03:15:33PM -0500, Ryan Bair wrote:
>>> Everything should be looked up by DNS. There's no notion of a PDC/BDC
>>> in AD (although 2008 has readonly slaves I believe).
>>> On Fri, Feb 27, 2009 at 7:26 AM, Mark Adams <mark at campbell-lange.net> wrote:
>>>> Hi All,
>>>> I haven't been able to track down any info on this so would be
>>>> appreciative of any input. Links to any info on this would also be
>>>> appreciated.
>>>> Samba 3.2.5, Debian 5.0
>>>> Question 1;
>>>> Is there any way of setting up a "backup" windows domain controller in
>>>> the samba config? so if they main dc is not available, it automatically
>>>> queries the backup?
>>>> Question 2;
>>>> What is the best way to back up the UID/GID map? and can it be easily
>>>> imported back to a new install if the server fails for any reason.
In addition to backing up /var/lib/samba/*, consider a consistent idmap 
backend, e.g.
    idmap backend = rid:DOMAIN=10000-20000 (or whatever numbers you choose)

>>>> Thanks
>>>> Mark

More information about the samba mailing list