Cached Credentials in Samba

With some money my parents generously gave me for my 30th birthday I was able at last to afford to buy a laptop. For the longest time I’ve had a knackered old Compaq in the lounge for general web browsing while watching TV and whatnot, but finally I can consign that to the attic! I’m so very chuffed :) However..there were a few teething issues with Samba and offline logins…

One thing that came up while I was installing everything was that my home Samba setup wasn’t allowed cached credentials to work. I could log in, but when the laptop wasn’t on the network I was unable to log into my home domain of XANIA. I checked all the local policy settings on the laptop but everything appeared in order. I edited the smb.conf over and over again, getting more and more desperate in what I added or modified in the hope of finding the mystical magical setting I was missing.

But then, fortunately, I stumbled across a Samba mailing list post which mentioned something a little bit like my situation. The problem this other chap was having was related to the domain name and primary domain controller’s named being juxtaposed due to changing the password methods during setup from smbpasswd to tdbsam. I had exactly this set up!

I quickly confirmed this by running pdbedit -Lv | less and looking for the ‘Domain’ line. My user account was actually marked as an account on the domain ‘MOON’ (which is the PDC’s name, not the domain itself!). The samba post mentioned the quickest way to convert such accounts over to being the right values is to export as smbpasswd and then reimport as tdbpam:

pdbedit -i tdbsam -e smbpasswd
pdbedit -i smbpasswd -e tdbsam

And that was it! Suddenly the credentials matched the actual logins and Windows XP was happy to used cached credentials to log in! Now I can take my shiny new Toshiba A110 (bought from John Lewis — I really recommend them — not the usual PCWorld numpties at all) off on my travels without having to have separate online and offline accounts.