[Samba] Cache auth credentials on Samba domain member
Harry Jede
walk2sun at arcor.de
Sun Sep 13 10:09:20 UTC 2015
On 11:59:44 wrote Gionatan Danti:
> > Actually, this should work out of the box - including
> > authentication - if the remote DC is unavailable, given the info
> > in a valid krb5 ticket + PAC from the client.
> >
> > Unfortunately due to some bugs (which are slowly being worked on)
> > this doesn't work the way it should.
>
> Oh, I see.
> Do it means that it *sometime* works, or I should not expect even
> partial success?
>
> To simulate VPN loss / DC unavailability, I put a iptables rules (on
> the remote side) dropping all traffic to the DC. It is a valid
> scenario or I should test differently?
DROP is a bad target, use REJECT. Read the iptables man page.
If you drop a package your application does not get any answer but
expects at least an error package. The result is the app is waiting and
probably times out, if a time out is implemented. Otherwise it will wait
for ever.
>
> Thank you all.
--
Regards
Harry Jede
More information about the samba
mailing list