[Samba] Winbind, cached logons and 'user persistency'...
Rowland Penny
rpenny at samba.org
Fri Jan 25 16:19:49 UTC 2019
On Fri, 25 Jan 2019 16:32:56 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> I come back in this thread, sorry.
>
> > Maybe https://wiki.debian.org/LDAP/NSS is a better solution for
> > the mailserver.
>
> Probably better use directly LDAP info with native MTA tools also,
> skipping NSS at all.
>
>
> > But personaly, the mail server should have replied with a better
> > NDR. Like : 4.4.1 The recipient’s server is not responding, so
> > something like that.
>
> Again... it is my configuration that reply generically; this is
> intended to prevent dictionary attack against the SMTP server.
>
>
> About 'winbind cache time' (default 5 minutes) seems effectively the
> parameter to tackle with, but still a thing does not seems clear to
> me: if i enable 'offline logons', i can have cached credentials.
>
> But how does it make sense to have cached credential if there's no
> cached user data (NSS)?
>
>
> Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
> (seems to me)?
>
The problem is (for myself anyway), I do not understand the difference
between 'PAM' and 'NSS' data. What does your exim mailserver expect to
find ?
What data does it need ?
Rowland
More information about the samba
mailing list