[Samba] Winbind, cached logons and 'user persistency'...

Marco Gaiarin gaio at sv.lnf.it
Fri Jan 25 15:32:56 UTC 2019


Mandi! L.P.H. van Belle via samba
  In chel di` si favelave...

I come back in this thread, sorry.

> Maybe https://wiki.debian.org/LDAP/NSS  is a better solution for the mailserver.

Probably better use directly LDAP info with native MTA tools also,
skipping NSS at all.


> But personaly, the mail server should have replied with a better NDR. 
> Like : 4.4.1 The recipient’s server is not responding, so something like that. 

Again... it is my configuration that reply generically; this is
intended to prevent dictionary attack against the SMTP server.


About 'winbind cache time' (default 5 minutes) seems effectively the
parameter to tackle with, but still a thing does not seems clear to me:
if i enable 'offline logons', i can have cached credentials.

But how does it make sense to have cached credential if there's no
cached user data (NSS)?


Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
(seems to me)?


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list