[Samba] AD Users on Linux Laptop

L.P.H. van Belle belle at bazuin.nl
Thu Jul 9 10:34:04 UTC 2020 


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
> Schwedas via samba
> Verzonden: donderdag 9 juli 2020 11:40
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD Users on Linux Laptop
> 
> On 09.07.20 11:06, basti via samba wrote:
> > There must be a way to cache login infos  between reboot.
> > 
> > sssd or somethink like that?
> 
> sssd can do it, but windbind's own cache should work just as well. But
> yes, network-online.target is counterproductive here.
> 
> > the krb5_ccache file is saved on /tmp/ is there a way to 
> save that to an
> > other folder, thats not cleanup on reboot? /usr/lib .... 
> for example.
> 
> As far as I understand the manpages, krb5_ccache is unrelated 
> to offline
> logon. The stuff you need is controlled by the cached_login PAM
> parameter and the "winbind offline logon" and "winbind cache time"
> smb.conf parameters.
> 
> >>     # Renew the kerberos tickets
> >>     winbind refresh tickets = yes
> 
> LPH, could you elaborate on all the kerberos stuff? It looks like a
> totally unrelated tangent for what basti is trying to do.

Its only that "packaged" samba does support sssd but then you will use the "older" samba versions. 
If you using up2date packages from my repo, you cant use sssd, not supported. 

Well, if you cache all you logins correctly, you should be able to login the laptop. 
Basti its first messages showed .. If VPN.. And assuming VPN, you must have network. 
And yes, the network-online.target might be overkill if you dont use/have network at all,
but it long ago that i seen people working without internet/network connection.

Only, you need to increase all cache time values where needed, like. 
Why i add the Kerberos parts also, because its used, that simple. 

winbind cache time (G) ( default 5 min )  increase to x days at least. 
Change the kerberos cache location through the variable : KRB5CCNAME=DIR:/mydir/

But there is most probely more you need to set to integrate it all. 
That can be found in `man pam_krb5` 



Greetz, 

Louis

More information about the samba mailing list