[Samba] Cache auth credentials on Samba domain member

Harry Jede walk2sun at arcor.de
Sun Sep 13 10:09:20 UTC 2015

On 11:59:44 wrote Gionatan Danti:
> > Actually, this should work out of the box - including
> > authentication - if the remote DC is unavailable, given the info
> > in a valid krb5 ticket + PAC from the client.
> > 
> > Unfortunately due to some bugs (which are slowly being worked on)
> > this doesn't work the way it should.
> Oh, I see.
> Do it means that it *sometime* works, or I should not expect even
> partial success?
> To simulate VPN loss / DC unavailability, I put a iptables rules (on
> the remote side) dropping all traffic to the DC. It is a valid
> scenario or I should test differently?
DROP is a bad target, use REJECT. Read the iptables man page.

If you drop a package your application does not get any answer but 
expects at least an error package. The result is the app is waiting and 
probably times out, if a time out is implemented. Otherwise it will wait 
for ever.

> Thank you all.


	Harry Jede

More information about the samba mailing list