[Samba] PAM Offline Authentication in Ubuntu 22.04

[Rowland Penny]

On 23/06/2023 18:15, Rowland Penny via samba wrote:
> 
> 
> On 23/06/2023 17:04, Marco Gaiarin via samba wrote:
>> Mandi! Rowland Penny via samba
>>    In chel di` si favelave...
>>
>>> As most of what was in /run/samba is now in /var/cache/samba and
>>> survives a reboot, I therefore feel it is a safe assumption that
>>> something in /run/samba is required for offline logon, 'gencache.tdb' ?
>>
>> OK, i supposed also that (please, restore that on wiki), but as just 
>> stated
>> i've not a problem with reboot... ;-)
> 
> I planned to, just waiting to here from you, but now ?
> 
> Are you saying that without the lockdir line in your smb.conf, offline 
> logon works for you after a reboot, because it doesn't for me.
> 
>>
>>
>>> I still think that dns has a place in this somewhere, I have an
>>> /etc/hosts file that looks like this:
>>
>> I'm still using my 'old' DNS and DHCP setup, and DHCP server does not 
>> assign
>> the AD domain to client (for windows cliend it is not needed: thay 
>> have the
>> AD domain dns suffix as predefined by default, after joined).
> 
> I was using the dhcp server on my router and this was either sending no 
> dns domain or the wrong one. I have now set up a new dhcp server on one 
> of my DC's and this is sending the correct domain information.
> 
>>
>> Also, as just stated, previous Ubuntu 16.04 worked perfectly with the 
>> same
>> dns setup, so probably it is not the culprit.
> 
> There are a very lot of differences  between dns on 16.04 and 22.04. 
> There is also the fact that Active directory has a large dependency on dns.
> 
>>
>>
>>> If I run the following commands when connected to the network, I get the
>>> expected output:
>>
>> Also trying to fiddle with /etc/hosts and /etc/hostname, i was not 
>> able to
>> print the domain, eg:
>>
>>> hostname -d
>>> samdom.example.com
>>> hostname -f
>>> testdm12.samdom.example.com
>>
>> i get empty result (hostname -f return the host).
> 
> Then I would suggest you need to fix this, easiest way is to add the 
> information to the 127.0.1.1 line in /etc/hosts
> 
>>
>>
>> I've tried to disable DHCP and setup manual network connectivity (cabled)
>> using domain DNS (DCs)
> 
>>
>> Nothing changed.
> 
> If you just changed from a dhcp supplied IP to a fixed IP without 
> setting up anything else, then I think this is to be expected.
> 
>>
>> If network is connected, all works as expected; if i disconnect cable, 
>> all
>> (logon, a simple 'id gaio', ...) stop instantly to work...
>>
>>
>> I'm starting to get a bit desperate...
>>
> 
> Now I know just how you have your dns setup, I will try and emulate it 
> over the weekend and see what happens.
> 
> Rowland
> 
> 
> 

I Logged in as a domain user to a Ubuntu 22.04 Unix domain member.

Everything worked as expected.

disconnected network, everything still worked okay.

changed /etc/resolv.conf from:

nameserver 127.0.0.53
options edns0 trust-ad
search samdom.example.com

To:

nameserver 127.0.0.53
options edns0 trust-ad
search .

and /etc/hosts from:

127.0.0.1 localhost
127.0.1.1 ubugdm.samdom.example.com

# The following lines are desirable for IPv6 capable hosts
::1	ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters

To:

127.0.0.1 localhost
127.0.1.1 ubugdm

# The following lines are desirable for IPv6 capable hosts
::1	ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters

At this point, everything slowed right down, but rebooting allowed 
everything to work as expected again. I could logon as a domain user and 
run commands like 'id' and get the expected information, just as if I 
was connected to the domain.

'hostname -d' produced no output
'hostname -f' just displayed the short hostname
'hostname -I' produced no output

After a bit more testing, the only way that I could get the condition 
that Marco is describing, is if I remove the network AND 127.0.1.1 in 
/etc/hosts points to just the short hostname.

Rowland