[Samba] Winbind caching questions
Alexey A Nikitin
nikitin at amazon.com
Thu Jun 4 19:07:01 UTC 2020
>From what I understand SAMlogon cache ('net cache samlogon list') contains only the group membership, and its expiration time is controlled by 'winbind cache time'. Is that correct?
If pam_winbind is configured to use Kerberos auth then authentication will depend on KDC availability regardless of 'winbind offline logon = Yes', and if DNS doesn't work temporarily and therefore KDCs cannot be discovered using DNS then unless they're hard-coded the authentication will fail. Is that correct?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the samba