[Samba] Winbind caching questions

Alexey A Nikitin nikitin at amazon.com
Thu Jun 4 19:07:01 UTC 2020

>From what I understand SAMlogon cache ('net cache samlogon list') contains only the group membership, and its expiration time is controlled by 'winbind cache time'. Is that correct?

If pam_winbind is configured to use Kerberos auth then authentication will depend on KDC availability regardless of 'winbind offline logon = Yes', and if DNS doesn't work temporarily and therefore KDCs cannot be discovered using DNS then unless they're hard-coded the authentication will fail. Is that correct?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20200604/233ea8c9/signature.sig>

More information about the samba mailing list