Say I have a Windows laptop which has been connected to a domain. The domain has a Samba server as a PDC.
Now say that I move the laptop outside of the network (the network is completely inaccessible). Will I be able to logon into accounts I have accessed before on the laptop (through GINA)?
Update: Looking at the smb.comf documentation I noticed the setting winbind offline logon: This parameter is designed to control whether Winbind should allow to login with the pam_winbind module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache.. To me it looks like this solves the issue but can anyone else confirm it and/or point out if any additional values need to be set?
If you have a Windows laptop which is a domain member, using winbind offline logon would not influence its ability for cached credential logons as Winbind is caching the credentials for your Samba installation, not its clients.
Cached Credentials is a domain client feature available in Windows 2000 and newer. It is working with Active Directory DCs as well as NT4-style DCs (Samba). From Microsoft KB 913485:
Your clients would need to have
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\CachedLogonsCount(REG_SZ) unset or set to a value greater than zero to benefit from this feature.Keep in mind though that caching credentials (actually Windows is not caching credentials but salted one-way hashes of the credentials) on machines where you do not have any means to guarantee physical security might represent a security risk - the hashes are offline crackable by brute force or dictionary attacks.