[Samba] nss_winbind / offline logon

Linux Addict linuxaddict7 at gmail.com
Mon Oct 26 12:49:38 MDT 2009 

On Mon, Oct 26, 2009 at 2:29 PM, Richard Foltyn <richard.foltyn at gmail.com>wrote:

> Petteri Heinonen wrote:
>
> > Thanks Steve, but didn't help. I have tried several combinations of
> > NOTFOUND and SUCCESS etc here. Also, this is what man page of
> > nsswitch.conf says:
> >
> > success
> >               No error occurred and the wanted entry is returned.  The
> > default
> >               action for this is 'return'.
> >
> > So when user is found locally, the default action should anyway be
> > 'return', that is, NOT to continue to winbind module. That is exactly
> > the problem I'm having; why does nsswitch continue to query anything
> > from winbind because the user is already found from local database?
> >
> > -Petteri
> >
> >
>
> Another thing you might want to try is modyfing the cache settings of
> nscd.
>
> I have a similar setup but use ldap instead of winbind, and every time
> the network connection is gone everything hangs. I therefore configured
> nscd to cache entries for passwd and groups locally between restarts.
>
> Have a look at "persistent" in the nscd man page. You'll have to
> manually create /var/db/nscd/ for this to work, IIRC.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so cached_login use_first_pass
auth        required      pam_deny.so

account     required      pam_access.so
account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
cached_login
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass
use_authtok
password    sufficient    pam_winbind.so cached_login use_authtok
password    required      pam_deny.so

session     optional      pam_mkhomedir.so skel=/etc/skel/
session     required      pam_limits.so
session     required      pam_unix.so

More information about the samba mailing list