[Samba] Offline logon and NSS...
Marco Gaiarin
gaio at sv.lnf.it
Fri Oct 18 13:06:58 UTC 2019
Mandi! Rowland penny via samba
In chel di` si favelave...
> > a) NSS cache are permanent, and does not expire if there's NO DC
> > reachable.
> That is the way it is supposed to work, if you go offline (all DCs go down
> or you wander away with a laptop), the cache is used until you next connect
> to the domain (at least one DC comes back online or you wander back with the
> laptop), at which point the cache is refreshed.
Wonderful.
> > b) PAM cache need 'winbind offline logon = yes',
> Yes
> > and cache times, eg:
> > idmap cache time
> > winbind cache time
> No
Ok, but still i don't fully understand. manpage says:
winbind cache time (G)
This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server again.
This does not apply to authentication requests, these are always evaluated in real time unless the winbind offline logon option has been enabled.
Default: winbind cache time = 300
and:
idmap cache time (G)
This parameter specifies the number of seconds that Winbind's idmap interface will cache positive SID/uid/gid query results. By default, Samba will cache these results for one week.
Default: idmap cache time = 604800
and these, at least to me, apply more to 'NSS' part then on 'PAM'
part...
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list