This is a strange thing.
I'm (ab)used to use Samba in mixed environment (Linux/Windows), in NT mode,
using LDAP as backend, exporting users to NSS via libnss-ldap(d), using also
nscd that do some caching.
Usually the mail server is also the samba server, so it is hard to have
users ''desappear'' in NSS.
Now i'm (quickly) moving to samba in AD mode, where the ''LDAP'' server (the
AD DC) is in a different host from the mailserver, and where users are
exported to NSS via winbind.
I've also NOT installed nscd, because winbind have their caching mechanism:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and because it is advised by samba folks not to do so.
I've tried to enable offline logon on a portable system, and works as
expected (eg, i can disconnect it and i can still logon, so NSS and PAM data
are correctly ''cached''). Or seems that.
But some weeks ago i've done a general maintenance of my infrastructure, and
i've discovered that exim refuse to deliver to some recipient because users
are not known.
Mail server was temporarly (more then 60 seconds) disconnected from domain
controllers.
I need to do more tests, but before hitting my head on the wall, i'm asking
here if there's some 'known' drawbacks of using exim with NSS/Winbind
caching, or something like that.
Thanks.
--
Uno dei più grossi problemi di questo paese è che la maggioranza delle
importazioni vengono dall'estero. (George W. Bush)
