[Samba] Offline logon and NSS...

Marco Gaiarin gaio at sv.lnf.it
Fri Oct 18 13:06:58 UTC 2019


Mandi! Rowland penny via samba
  In chel di` si favelave...

> > a) NSS cache are permanent, and does not expire if there's NO DC
> >   reachable.
> That is the way it is supposed to work, if you go offline (all DCs go down
> or you wander away with a laptop), the cache is used until you next connect
> to the domain (at least one DC comes back online or you wander back with the
> laptop), at which point the cache is refreshed.

Wonderful.


> > b) PAM cache need 'winbind offline logon = yes',
> Yes
> >   and cache times, eg:
> > 	idmap cache time
> > 	winbind cache time
> No

Ok, but still i don't fully understand. manpage says:

       winbind cache time (G)

           This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.

           This does not apply to authentication requests, these are always evaluated in real time unless the winbind offline logon option has been enabled.

           Default: winbind cache time = 300

and:

       idmap cache time (G)

           This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results. By default, Samba will cache these results for one week.

           Default: idmap cache time = 604800

and these, at least to me, apply more to 'NSS' part then on 'PAM'
part...


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)



More information about the samba mailing list