winbind offline logon cache expiry
David Mansfield
samba at dm.cobite.com
Thu Aug 1 11:58:34 MDT 2013
Hi All,
We're trying to set up some remote (work-at-home) machines with samba4
winbind (running on Fedora) using winbind offline login = yes. Once the
user is logged in, they connect the VPN and that allows communication to
the DC (also samba4).
This works fine for a while but if the user doesn't log in for a 3-4
days (which can be simulated by shutting down winbind, setting system
clock and restarting winbind), the offline login fails. Here's what
happens when logging into a virtual console in linux (logging into GDM
is more complicated):
Aug 10 00:22:57 Ladybug login: pam_unix(login:auth): check pass; user
unknown
Aug 10 00:22:57 Ladybug login: pam_unix(login:auth): authentication
failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost=
Aug 10 00:23:00 Ladybug login: FAILED LOGIN 1 FROM tty3 FOR (unknown),
User not known to the underlying authentication module
So it seems that the ability to resolve the login name is failing.
According to the man page, winbind offline logon doesn't honor the
winbind cache time, but it doesn't say if there is something that does
control it.
If I could make this last, say, 2 weeks instead of <4 days I think that
would do the trick. Can it be done?
Thanks,
David Mansfield
Cobite, INC.
More information about the samba-technical
mailing list