[Samba] Winbind, cached logons and 'user persistency'...

Marco Gaiarin gaio at sv.lnf.it
Mon Jan 28 11:52:45 UTC 2019


Mandi! Rowland Penny via samba
  In chel di` si favelave...

> > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
> > (seems to me)?
> The problem is (for myself anyway), I do not understand the difference
> between 'PAM' and 'NSS' data.

'PAM' is authorization scenario (eg, «user X use the correct
password»), while 'NSS' enable the system to 'see' user (eg, «user X
exist in the system»).

Make really little sense to me to have an 'offline' system that can
answer to the first question but not to the second... also because if
user are not known to the underlying system, there's no credential to
check.


'nscd' do NSS offline cache, but if i remember well all samba expert
here suggest not to use winbind and nscd togeter(
	https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
«You should also ensure that nscd is not installed, it will interfere with
winbind.»)

There's a more general approach, really offline (nssl_updatedb,
https://www.padl.com/OSS/nss_updatedb.html) but seems overkilled here.


I think that, to be effective, winbind have to be some sort of 'NSS
cache', and seems to me this is not.
'nscd' can provide simple and effective NSS cache, but 'interfere with
winbind'.


Andrew (or other samba developers...), can you give some clue? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list