[Samba] Winbind, cached logons and 'user persistency'...

Rowland Penny rpenny at samba.org
Fri Jan 25 16:19:49 UTC 2019

On Fri, 25 Jan 2019 16:32:56 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> I come back in this thread, sorry.
> > Maybe https://wiki.debian.org/LDAP/NSS  is a better solution for
> > the mailserver.
> Probably better use directly LDAP info with native MTA tools also,
> skipping NSS at all.
> > But personaly, the mail server should have replied with a better
> > NDR. Like : 4.4.1 The recipient’s server is not responding, so
> > something like that. 
> Again... it is my configuration that reply generically; this is
> intended to prevent dictionary attack against the SMTP server.
> About 'winbind cache time' (default 5 minutes) seems effectively the
> parameter to tackle with, but still a thing does not seems clear to
> me: if i enable 'offline logons', i can have cached credentials.
> But how does it make sense to have cached credential if there's no
> cached user data (NSS)?
> Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
> (seems to me)?

The problem is (for myself anyway), I do not understand the difference
between 'PAM' and 'NSS' data. What does your exim mailserver expect to
find ?
What data does it need ?


More information about the samba mailing list