[Samba] PAM Offline Authentication in Ubuntu 22.04

[Markus Dellermann]

Hi Marco, Rowland, Kees, and all other...

Am Montag, 26. Juni 2023, 20:12:26 CEST schrieb Rowland Penny via samba:
> On 26/06/2023 18:20, Kees van Vloten via samba wrote:
> > I am quite convinced it is not a DNS issue, although those lookups
> > obviously fail when you pull the network plug (I guess installing
> > something like dnsmasq can prevent that). The issue is in the nss
> > lookups of users and groups: getent passwd <user> or getent passwd
> > <group>, which implies something in winbind-nss.
> > I have been using the "lock directory" parameter on my Debian (Bullseye)
> > machines since nearly forever and added the "winbind request timeout"
> > recently (after the discussion here), which probably help to reduce the
> > effects but do not solve the issue.
> 
> The problem for me is that I struggle to get the symptoms that Marco does.
> I have Ubuntu 22.04 running in a VM, it is setup as a Unix domain
> member, using the 'rid' idmap backend.
> 
> It works as expected, if I disconnect the network, sometimes it starts
> running slow, but only sometimes, other times you cannot tell the
> difference.
> 
> Now you could be correct about the dns, and I am now beginning to think
> that Marco's problem has nothing to do with Samba, there is something
> not set up correctly in the OS, but what, I do not know.
> 
> As anyone got any suggestions that Marco can try ?
> 
> Rowland

Marco, you are using the ad-Backend, right?

Have you tried with rid-backend or at least
"idmap config LNFFVG : unix_nss_info = no"
in smb.conf ?
Some time ago i have had "this"  Problems with some openSUSE based clients.
If i remeber correctly, behavior was better after changing smb.conf to rid-
backend.

To update to 4.18 could be also an good idea, because there are some changes 
wich should help..

Good Luck!
(sorry, for bad english)

Markus