[Samba] Winbind, cached logons and 'user persistency'...
gaio at sv.lnf.it
Mon Jan 28 11:52:45 UTC 2019
Mandi! Rowland Penny via samba
In chel di` si favelave...
> > Strictly speaking, why winbind cache ''PAM'' data and not ''NSS'' one
> > (seems to me)?
> The problem is (for myself anyway), I do not understand the difference
> between 'PAM' and 'NSS' data.
'PAM' is authorization scenario (eg, «user X use the correct
password»), while 'NSS' enable the system to 'see' user (eg, «user X
exist in the system»).
Make really little sense to me to have an 'offline' system that can
answer to the first question but not to the second... also because if
user are not known to the underlying system, there's no credential to
'nscd' do NSS offline cache, but if i remember well all samba expert
here suggest not to use winbind and nscd togeter(
«You should also ensure that nscd is not installed, it will interfere with
There's a more general approach, really offline (nssl_updatedb,
https://www.padl.com/OSS/nss_updatedb.html) but seems overkilled here.
I think that, to be effective, winbind have to be some sort of 'NSS
cache', and seems to me this is not.
'nscd' can provide simple and effective NSS cache, but 'interfere with
Andrew (or other samba developers...), can you give some clue? Thanks.
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba