[Samba] Best solution for remote sites

Andrew Bartlett abartlet at samba.org
Sat May 14 10:03:57 UTC 2016

On Wed, 2016-05-11 at 14:06 +0200, S├ębastien Le Ray wrote:
> Hi,
> I was wondering if there was a possibility for remote sites to avoid 
> having a "local" domain controller (Samba 4 AD DC) and still provide 
> share access while WAN link is down. Something like the Windows 
> credential cache on workstation.

If the link is only down for moments, than a valid kerberos ticket
should be able to get to a share.  But the share needs to be running on
a very current version of Samba, and Kerberos must be in use.  (Even
then, this may not work, but I've seen efforts made to try and fix it).

Otherwise, I can only suggest an RODC, if you don't want a full AD DC. 
 This mode in Samba is less well used and tested than the rest, but it
is there, and may be what you need here.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list