[Samba] Winbind Offline Login

Stan Hoeppner stan at hardwarefreak.com
Tue Feb 16 09:02:06 MST 2010

Johan Meiring put forth on 2/16/2010 9:11 AM:
> Hi,
> I have the following setup.
> Office A - Windows 2003 DC
> Office B - Samba 3.4.5 domain member
> I want users in Office B to still be able to access files on the Samba
> domain member when the link between Office A and Office B does down.
> I have enabled "winbind offline logon".
> If I now break the link between Office A and Office B.  All work as
> expected.  (I did not test longer than 5 minutes, dont know if "winbind
> cache time" will come in to play).
> But if a workstation in Office B then logs off, and logs back on, they
> cannot access shares on the Samba Domain Member anymore.
> I realise that "winbind offline logon" mentions that it is for local pam
> logons to the Samba Server itself.
> Is there any other way to allow cached access to shares on the Samba
> server in Office B?

This probably requires making the domain member server a DC.  Member servers
can't authenticate domain users.  To accomplish what you want without making
this samba server a DC, you'd have to create "local" accounts on the server and
have each workstation log into those accounts to get access to the shares.
You'd also have to add all these local accounts to the shares.  In essence,
you'd be creating a standalone samba server atop a domain member server.  This
is a very kludgy way of going about it.

Is there a particular reason you didn't make this server a DC in the first
place?  Just about every architectural diagram I've ever seen says to place a DC
in every satellite office for exactly this reason, so people can still login and
access resources when the link to corporate goes down.


More information about the samba mailing list