Thank you, any idea how long it will cache the login info? -----Original Message----- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2008 3:02 PM To: Taylor Lewick Cc: [email protected] Subject: Re: [Samba] samba and AD integration, Two questions
On Wed, Jun 25, 2008 at 12:06:06PM -0500, Taylor Lewick wrote: > Hi all. I've set up a test SuSe 10.2 linux machine that is > authenticating against our active directory. Right now we just create > users in AD, and then they can login to the unix box and using > pam_mkhomedir. We don't add users to the /etc/passwd file, in fact, if > you try and add a user using useradd -m once they've been setup in AD, > you get a message saying account already exists. > > So Kerberos, AD, Samba, PAM and Winbind are all working. > > Right now, if a user logins to the linux box for the first time using > ssh, it creates their home directory. Perfect. > > But I do have two questions. > > If they login to the box by mounting the samba share via windows, i.e. > \\servername\share two directories are created. One for their AD > username, and one for the machine name of their PC. Its not a big deal, > but is there a way to disable or stop it from creating the machine name > directory? We won't ever use that directory. > > Second, if for any reason we did lose connectivity to our domain > controllers, no one could login to the Linux box since there are no > accounts in /etc/passwd. So is there a way to set it up so that if the > linux machine can't talk to the domain controller, then someone could > still login to the box? Check out the "winbind offline logon" parameter for details on this : http://wiki.samba.org/index.php/PAM_Offline_Authentication Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
