[Samba] PAM Offline Authentication in Ubuntu 22.04
Kees van Vloten
keesvanvloten at gmail.com
Mon Jun 26 18:19:40 UTC 2023
On 26-06-2023 20:12, Rowland Penny via samba wrote:
>
>
> On 26/06/2023 18:20, Kees van Vloten via samba wrote:
>
>> I am quite convinced it is not a DNS issue, although those lookups
>> obviously fail when you pull the network plug (I guess installing
>> something like dnsmasq can prevent that). The issue is in the nss
>> lookups of users and groups: getent passwd <user> or getent passwd
>> <group>, which implies something in winbind-nss.
>> I have been using the "lock directory" parameter on my Debian
>> (Bullseye) machines since nearly forever and added the "winbind
>> request timeout" recently (after the discussion here), which probably
>> help to reduce the effects but do not solve the issue.
>>
>
> The problem for me is that I struggle to get the symptoms that Marco
> does.
> I have Ubuntu 22.04 running in a VM, it is setup as a Unix domain
> member, using the 'rid' idmap backend.
>
> It works as expected, if I disconnect the network, sometimes it starts
> running slow, but only sometimes, other times you cannot tell the
> difference.
>
> Now you could be correct about the dns, and I am now beginning to
> think that Marco's problem has nothing to do with Samba, there is
> something not set up correctly in the OS, but what, I do not know.
I am using rfc2307 and I have been experiencing similar issues since my
first message on this topic 2 years ago.
Could it be related to the (rfc2307-) idmap backend?
One other thing is that I am using rbac which leans heavily on nested
groups, perhaps that has is causing issues with caching in winbind?
>
> As anyone got any suggestions that Marco can try ?
>
> Rowland
>
More information about the samba
mailing list