[Samba] Winbind Offline Login

Johan Meiring jmeiring at pcservices.co.za
Tue Feb 16 09:16:29 MST 2010

Stan Hoeppner wrote:
> Johan Meiring put forth on 2/16/2010 9:11 AM:
> This probably requires making the domain member server a DC.  Member servers
> can't authenticate domain users.  

Agreed, but the Windows PCs will do an "offline login" into themselves.
So the user will be logged in nto the PC.

I then want the samba server to allow access to it's shares using the same 
"cached credentials".

To accomplish what you want without making
> this samba server a DC, you'd have to create "local" accounts on the server and
> have each workstation log into those accounts to get access to the shares.
> You'd also have to add all these local accounts to the shares.  In essence,
> you'd be creating a standalone samba server atop a domain member server.  This
> is a very kludgy way of going about it.

Way to kludgy.
Then I'd rather create a second domain.  See below.

> Is there a particular reason you didn't make this server a DC in the first
> place?  Just about every architectural diagram I've ever seen says to place a DC
> in every satellite office for exactly this reason, so people can still login and
> access resources when the link to corporate goes down.

Because Samba cannot be a DC in an AD domain yet.

My other option would be to create a Samba DC with a second domain and a 
trust relationship.

I just hoped that the "winbind offline logon" would allow Samba to serve 
shares using cached credentials.


Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782

More information about the samba mailing list