[Samba] DM and ''offline'' PAM (and NSS?)...
Marco Gaiarin
gaio at sv.lnf.it
Wed Dec 6 10:52:53 UTC 2017
I'm using samba 4.5 on a debian jessie (Louis packages).
Rarely it happen that a power outgage tear down all the stuff, here.
I've noticed that if the DM start before the DC, clearly all account
data are inaccessible.
To prevent or minimize that, the ''offline mode'' of winbind can be
safely used also on DM servers? Or is tailoread against roaming client
(portables, ...)?
What benefit and/or drawbacks?
I've seen:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and seems clear to me. but still... some question:
a) there's no info about the persistence of the cache; so seems to me
that the cache are ''persistent'', eg data are kept indefinitely and
updated only on successful logons against the DC. Right?
b) the doc speaks about ''passwords'' (PAM) but not mention at all
''account'' (eg, NSS); seems to me obvious that all stuff (password
and account) get cached; really, in a server i need more the latter
then the former...
c) also password expiration data are cached? Seems to me ''no'',
because in this way also the policy (eg, 'samba-tool domain
passwordsettings') have to be cached...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list