Stan Hoeppner wrote:
Johan Meiring put forth on 2/16/2010 9:11 AM:
This probably requires making the domain member server a DC. Member servers
can't authenticate domain users.
Agreed, but the Windows PCs will do an "offline login" into themselves.
So the user will be logged in nto the PC.
I then want the samba server to allow access to it's shares using the same
"cached credentials".
To accomplish what you want without making
this samba server a DC, you'd have to create "local" accounts on the server and
have each workstation log into those accounts to get access to the shares.
You'd also have to add all these local accounts to the shares. In essence,
you'd be creating a standalone samba server atop a domain member server. This
is a very kludgy way of going about it.
Way to kludgy.
Then I'd rather create a second domain. See below.
Is there a particular reason you didn't make this server a DC in the first
place? Just about every architectural diagram I've ever seen says to place a DC
in every satellite office for exactly this reason, so people can still login and
access resources when the link to corporate goes down.
Because Samba cannot be a DC in an AD domain yet.
My other option would be to create a Samba DC with a second domain and a
trust relationship.
I just hoped that the "winbind offline logon" would allow Samba to serve
shares using cached credentials.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
