[Samba] winbind offline logon cache timeout
Data Control Systems - Mike Elkevizth
mike at datacontrolsystems.com
Tue Mar 26 15:26:36 UTC 2019
I wish someone could chime in on this. Offline logins not working is why I
switched to sssd for my Linux clients. I noticed the exact same issue
where offline logins with winbind would work for a short period of time,
and then stop working after a day or so. I'm assuming it's some type of
Kerberos ticket timeout issue, but I never really checked into it too
deeply because sssd worked fine. I have some clients that could be offline
for months, so offline logins have to work indefinitely for us.
Mike E.
On Tue, Mar 26, 2019 at 8:36 AM David Huemer via samba <
samba at lists.samba.org> wrote:
> Samba 4.7.6-ubuntu
> Using Ubuntu 18.04.1 LTS logging in, in AD Domain
>
> Hi, would like to know where or how i can define the TTL for the cached
> winbind offline logon.
> Actually it´s around a day, afterwards i can´t login in my AD-User when
> i´m still offline but would like to extend the time.
>
> Thanks.
>
> My smb.conf looks like this:
>
> [global] winbind enum users = yes winbind enum groups = yes winbind
> expand groups = yes winbind cache time = 300 winbind nss info = rfc2307
> winbind offline logon = yes winbind use default domain = yes
>
> 1:07 PM <https://mm.git.tao.at/tao-digital/pl/ao3hib4fc38gpc7yug6kx6q4re>
>
> workgroup = AD
>
> realm = MYDOMAIN
>
> server string = %h server (Samba, Ubuntu)
>
> ; wins server = w.x.y.z dns proxy = no
>
> ## Authentication ##
>
> server role = member server obey pam restrictions = yes unix password
> sync = yes passwd program = /usr/bin/passwd %u passwd chat =
> *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n
> *password\supdated\ssuccessfully* .
>
> pam password change = yes
>
> map to guest = bad user
>
> ## Misc ##
>
> ; include = /home/samba/etc/smb.conf.%m ; idmap uid = 10000-20000 ;
> idmap gid = 10000-20000 template shell = /bin/bash idmap config * :
> backend = tdb idmap config * : range = 60000-60001 idmap config AD :
> backend = ad idmap config AD : range = 4500-50000 idmap config AD :
> schema_mode = rfc2307
>
> ; usershare max shares = 100 usershare allow guests = yes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list