[Samba] Mounting Linux Samba Shares on Windows when Active Directory Server is down
jra at samba.org
Sat Oct 26 11:00:35 MDT 2013
On Sat, Oct 26, 2013 at 11:38:54AM -0400, Andy Liebman wrote:
> Hi Jeremy! Long time since we last spoke. Thanks for replying to
> this question. Please see below.
> >>Is there any way for Windows and Linux to do a "caching dance" so
> >>that Windows users are able to mount the Linux shares at least for
> >>some amount of time via cached credentials if the Active Directory
> >>server is down? Setting the smb.conf option "winbind offline logon
> >>= true" doesn't seem to help here.
> >Whilst you have a valid kerberos ticket we should still
> >authenticate you against a member server.
> >What do your smbd logs say when the client is trying to
> >attach to the Samba share ?
> I just ran another test here. With the AD server accessible, the
> user "andyl" logged into the Linux (Ubuntu) server at 11:08 and
> successfully browsed and connected to some Linux shares. Then I
> disconnected the AD server. At 11:12, you can see in the Linux logs
> that an attempt was made by andyl to connect. I think the relevant
> lines are:
> [2013/10/26 11:12:29.712417, 2] auth/auth.c:319(check_ntlm_password)
> check_ntlm_password: Authentication for user [andyl] -> [andyl]
> FAILED with error NT_STATUS_NO_LOGON_SERVERS
> [2013/10/26 11:12:29.712475, 3] smbd/error.c:81(error_packet_set)
> error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX)
> [2013/10/26 11:12:42.348928, 1] smbd/process.c:457(receive_smb_talloc)
> receive_smb_raw_talloc failed for client 172.16.3.129 read error =
> The entire logs are below (not too long I hope)
Oh, you're using ntlmssp. You need to be using kerberos.
ntlm needs access to a authentication server to check
access, kerberos doesn't (the authentication info
is already embedded in the ticket).
More information about the samba