[Samba] Cache auth credentials on Samba domain member

Thu Jun 1 14:16:08 UTC 2017

My setup uses sssd on the clients for offline logon, so it's not the same
thing you're looking for.  I think what you need is for your Samba member
server to be an AD DC so it contains it's own credential store.  You should
check the Samba wiki to figure out how to set your server up as a DC and a
file server.  That's how mine are setup, so it can be done, but there are
some intricacies that need to be worked around.  Your other option would be
to setup a separate AD DC.

Hope that helps.

Mike E.

On Thu, Jun 1, 2017, 9:11 AM Gionatan Danti <g.danti at assyoma.it> wrote:

> Il 01-06-2017 14:45 Data Control Systems - Mike Elkevizth ha scritto:
> > I've had issues with cached credentials with the Ubuntu packages that
> > are currently at version 4.3.11.  They are a little old, but I haven't
> > seen any change logs for the newer versions specifically regarding
> > this issue.  Maybe I've missed it, but it's the main reason I continue
> > using sssd.
> >
> > Mike E.
> >
> > On Thu, Jun 1, 2017, 2:08 AM Gionatan Danti via samba
> > <samba at lists.samba.org> wrote:
> >
>
> I tried with sssd also, but with the same result: if connection to the
> main (remote) AD server is down, samba does not authenticate users. To
> recap my setup:
>
> DOMAIN CONTROLLER (Win2003) <-> VPN TUNNEL <-> REMOTE SAMBA SERVER <->
> REMOTE CLIENTS
>
> If the VPN tunnel goes down, the remote samba server stop authenticating
> users. It does not seem a winbind or sssd problem, after all: severing
> the VPN connection, user authentication *outside samba shares* work
> correctly (I confirmed it by logging in via SSH using domain
> credential).
>
> However, *no* user authentication is possible on samba shares when the
> VPN tunnel is down?
>
> Do you have any suggestions?
> Regards.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.danti at assyoma.it - info at assyoma.it
> GPG public key ID: FF5F32A8
>