Dear list, I'm using winbind (samba-2.2.9) on Solaris to authenticate my users against a Windows 2000 Active Directory server.
Sometimes my users get locked out for various reasons (virus, etc.) and I want to prevent that. Is it possible to cache the windows password on unix server so that it doesn't have to query windows server every time? Would increasing the "winbind cache time" to a very large value (like 1 day?) alleviate the problem? " When a item in the cache is older than this time winbindd will ask the domain controller for the sequence number of the server's account database. If the sequence number has not changed .... Otherwise the item is fetched from the server. " On the other hand, in this case I'll need to worry about the mandatory password change on the windows side. If a user changes the windows password, I want the cache to be expired immediately. If the winbind cache also includes password or equivalent, and if the cache is made to expire after a long time, is there a way to force a cache expiry and fetch the information from the server again when the user's password is wrong, rather than rejecting the database based on the cache? If anyone's using winbind from samba 3, do you think samba 3 is different? Could you share your experience about account lockout / password caching, etc? Would an ldap server help? Any pointer would be appreciated. Regards, Ben Kim Database Developer/Systems Administrator College of Education Texas A&M University -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba