[Samba] Winbind Offline Login
Johan Meiring
jmeiring at pcservices.co.za
Tue Feb 16 09:16:29 MST 2010
Stan Hoeppner wrote:
> Johan Meiring put forth on 2/16/2010 9:11 AM:
>
> This probably requires making the domain member server a DC. Member servers
> can't authenticate domain users.
Agreed, but the Windows PCs will do an "offline login" into themselves.
So the user will be logged in nto the PC.
I then want the samba server to allow access to it's shares using the same
"cached credentials".
To accomplish what you want without making
> this samba server a DC, you'd have to create "local" accounts on the server and
> have each workstation log into those accounts to get access to the shares.
> You'd also have to add all these local accounts to the shares. In essence,
> you'd be creating a standalone samba server atop a domain member server. This
> is a very kludgy way of going about it.
>
Way to kludgy.
Then I'd rather create a second domain. See below.
> Is there a particular reason you didn't make this server a DC in the first
> place? Just about every architectural diagram I've ever seen says to place a DC
> in every satellite office for exactly this reason, so people can still login and
> access resources when the link to corporate goes down.
>
Because Samba cannot be a DC in an AD domain yet.
My other option would be to create a Samba DC with a second domain and a
trust relationship.
I just hoped that the "winbind offline logon" would allow Samba to serve
shares using cached credentials.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
More information about the samba
mailing list