[Samba] winbind nss configuration

Frank Gruman fgatwork at verizon.net
Fri Jun 15 00:29:05 GMT 2007

On Thu, 2007-06-14 at 19:18 -0500, Jerome Haltom wrote:

> I'm having the hardest time trying to come up with the optimal
> configuration with NSS Winbind support. I want it to work right offline.
> That is, name lookups shouldn't take 30 minutes to time out or lock the
> system up. And if the name lookup is for a local name, I want Winbind to
> be 100% out of hte picture.
> I've tried this, without much luck:
> passwd: compat [SUCCESS=return] winbind
> groups: compat [SUCCESS=return] winbind
> My naive understanding is that this would make name lookups that
> suceeded in `compat` completely avoid winbind. That was my understanding
> until I disconnected the machine and could not log in as root.
> What am I missing?

What do your PAM files look like??  What is your distribution?  I know
for a while that SUSE was putting winbind in as a required auth
mechanism which kind of sucks for anything offline or for local users.

Try looking at it from that path.  Perhaps a method of 'sufficient'
would be good for all 4 methods (auth, acc, sess, pass).


More information about the samba mailing list