Samba 4.7.6-ubuntu Using Ubuntu 18.04.1 LTS logging in, in AD Domain Hi, would like to know where or how i can define the TTL for the cached winbind offline logon. Actually it´s around a day, afterwards i can´t login in my AD-User when i´m still offline but would like to extend the time. Thanks. My smb.conf looks like this: [global] winbind enum users = yes winbind enum groups = yes winbind expand groups = yes winbind cache time = 300 winbind nss info = rfc2307 winbind offline logon = yes winbind use default domain = yes 1:07 PM <https://mm.git.tao.at/tao-digital/pl/ao3hib4fc38gpc7yug6kx6q4re> workgroup = AD realm = MYDOMAIN server string = %h server (Samba, Ubuntu) ; wins server = w.x.y.z dns proxy = no ## Authentication ## server role = member server obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user ## Misc ## ; include = /home/samba/etc/smb.conf.%m ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 template shell = /bin/bash idmap config * : backend = tdb idmap config * : range = 60000-60001 idmap config AD : backend = ad idmap config AD : range = 4500-50000 idmap config AD : schema_mode = rfc2307 ; usershare max shares = 100 usershare allow guests = yes
Il 26/03/19 13:36, David Huemer via samba ha scritto:> Samba 4.7.6-ubuntu > Using Ubuntu 18.04.1 LTS logging in, in AD Domain > > Hi, would like to know where or how i can define the TTL for the cached > winbind offline logon. > Actually it´s around a day, afterwards i can´t login in my AD-User when > i´m still offline but would like to extend the time.if you mean the time before the winbind daemon cache credential before querying the DC again the parameter is winbind cache time. Otherwise if you mean the offline logon i.e. the feature to check credentials when winbind is offline then AFAIK cached credential live forever... Piviul
Data Control Systems - Mike Elkevizth
2019-Mar-26 15:26 UTC
[Samba] winbind offline logon cache timeout
I wish someone could chime in on this. Offline logins not working is why I switched to sssd for my Linux clients. I noticed the exact same issue where offline logins with winbind would work for a short period of time, and then stop working after a day or so. I'm assuming it's some type of Kerberos ticket timeout issue, but I never really checked into it too deeply because sssd worked fine. I have some clients that could be offline for months, so offline logins have to work indefinitely for us. Mike E. On Tue, Mar 26, 2019 at 8:36 AM David Huemer via samba < samba at lists.samba.org> wrote:> Samba 4.7.6-ubuntu > Using Ubuntu 18.04.1 LTS logging in, in AD Domain > > Hi, would like to know where or how i can define the TTL for the cached > winbind offline logon. > Actually it´s around a day, afterwards i can´t login in my AD-User when > i´m still offline but would like to extend the time. > > Thanks. > > My smb.conf looks like this: > > [global] winbind enum users = yes winbind enum groups = yes winbind > expand groups = yes winbind cache time = 300 winbind nss info = rfc2307 > winbind offline logon = yes winbind use default domain = yes > > 1:07 PM <https://mm.git.tao.at/tao-digital/pl/ao3hib4fc38gpc7yug6kx6q4re> > > workgroup = AD > > realm = MYDOMAIN > > server string = %h server (Samba, Ubuntu) > > ; wins server = w.x.y.z dns proxy = no > > ## Authentication ## > > server role = member server obey pam restrictions = yes unix password > sync = yes passwd program = /usr/bin/passwd %u passwd chat > *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n > *password\supdated\ssuccessfully* . > > pam password change = yes > > map to guest = bad user > > ## Misc ## > > ; include = /home/samba/etc/smb.conf.%m ; idmap uid = 10000-20000 ; > idmap gid = 10000-20000 template shell = /bin/bash idmap config * : > backend = tdb idmap config * : range = 60000-60001 idmap config AD : > backend = ad idmap config AD : range = 4500-50000 idmap config AD : > schema_mode = rfc2307 > > ; usershare max shares = 100 usershare allow guests = yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Tuesday, March 26, 2019 1:36:03 PM CET David Huemer via samba wrote:> Samba 4.7.6-ubuntu > Using Ubuntu 18.04.1 LTS logging in, in AD Domain > > Hi, would like to know where or how i can define the TTL for the cached > winbind offline logon. > Actually it´s around a day, afterwards i can´t login in my AD-User when > i´m still offline but would like to extend the time.The cached credential storage for offline login is called netsamlogon cache and it never expires. If a connection to the DC can be established, it will be updated. To see what's in the cache you can use: net cache samlogon list in the command line. Andreas -- Andreas Schneider asn at samba.org Samba Team www.samba.org GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
Reasonably Related Threads
- Can't connect after Ubuntu 18.04.1 Upgrade???
- Offline logon from Winxp/2000 Client doesn't work
- WinbinD no longer available in Samba 4.7.6
- Samba share not working: getpwuid(1000) failed, Failed to finalize nt token & NT_STATUS_UNSUCCESSFUL
- WinbinD no longer available in Samba 4.7.6