[Samba] winbind nss configuration
Frank Gruman
fgatwork at verizon.net
Fri Jun 15 00:29:05 GMT 2007
On Thu, 2007-06-14 at 19:18 -0500, Jerome Haltom wrote:
> I'm having the hardest time trying to come up with the optimal
> configuration with NSS Winbind support. I want it to work right offline.
> That is, name lookups shouldn't take 30 minutes to time out or lock the
> system up. And if the name lookup is for a local name, I want Winbind to
> be 100% out of hte picture.
>
> I've tried this, without much luck:
>
> passwd: compat [SUCCESS=return] winbind
> groups: compat [SUCCESS=return] winbind
>
> My naive understanding is that this would make name lookups that
> suceeded in `compat` completely avoid winbind. That was my understanding
> until I disconnected the machine and could not log in as root.
>
> What am I missing?
>
>
What do your PAM files look like?? What is your distribution? I know
for a while that SUSE was putting winbind in as a required auth
mechanism which kind of sucks for anything offline or for local users.
Try looking at it from that path. Perhaps a method of 'sufficient'
would be good for all 4 methods (auth, acc, sess, pass).
Regards,
Frank
More information about the samba
mailing list