[Samba] Mounting Linux Samba Shares on Windows when Active Directory Server is down

Jeremy Allison jra at samba.org
Sat Oct 26 11:00:35 MDT 2013

On Sat, Oct 26, 2013 at 11:38:54AM -0400, Andy Liebman wrote:
> Hi Jeremy!  Long time since we last spoke.  Thanks for replying to
> this question.  Please see below.
> >>Is there any way for Windows and Linux to do a "caching dance" so
> >>that Windows users are able to mount the Linux shares at least for
> >>some amount of time via cached credentials if the Active Directory
> >>server is down?  Setting the smb.conf option "winbind offline logon
> >>= true" doesn't seem to help here.
> >>
> >
> >Whilst you have a valid kerberos ticket we should still
> >authenticate you against a member server.
> >What do your smbd logs say when the client is trying to
> >attach to the Samba share ?
> >
> >Jeremy.
> I just ran another test here.  With the AD server accessible, the
> user "andyl" logged into the Linux (Ubuntu) server at 11:08 and
> successfully browsed and connected to some Linux shares.  Then I
> disconnected the AD server.  At 11:12, you can see in the Linux logs
> that an attempt was made by andyl to connect.  I think the relevant
> lines are:
> [2013/10/26 11:12:29.712417,  2] auth/auth.c:319(check_ntlm_password)
>   check_ntlm_password:  Authentication for user [andyl] -> [andyl]
> [2013/10/26 11:12:29.712475,  3] smbd/error.c:81(error_packet_set)
>   error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
> [2013/10/26 11:12:42.348928,  1] smbd/process.c:457(receive_smb_talloc)
>   receive_smb_raw_talloc failed for client read error =
> The entire logs are below (not too long I hope)

Oh, you're using ntlmssp. You need to be using kerberos.
ntlm needs access to a authentication server to check
access, kerberos doesn't (the authentication info
is already embedded in the ticket).


More information about the samba mailing list