>From what I understand SAMlogon cache ('net cache samlogon list')
contains only the group membership, and its expiration time is controlled by
'winbind cache time'. Is that correct?
If pam_winbind is configured to use Kerberos auth then authentication will
depend on KDC availability regardless of 'winbind offline logon = Yes',
and if DNS doesn't work temporarily and therefore KDCs cannot be discovered
using DNS then unless they're hard-coded the authentication will fail. Is
that correct?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.samba.org/pipermail/samba/attachments/20200604/233ea8c9/signature.sig>