[Samba] winbind nss configuration

Mike seowphm at starhub.net.sg
Fri Jun 15 07:45:27 GMT 2007


--- Jerome Haltom <wasabi at larvalstage.net> wrote:

> I'm having the hardest time trying to come up with the optimal
> configuration with NSS Winbind support. I want it to work right
> offline.
> That is, name lookups shouldn't take 30 minutes to time out or lock
> the
> system up. And if the name lookup is for a local name, I want
> Winbind to
> be 100% out of hte picture.
> 
> I've tried this, without much luck:
> 
> passwd: compat [SUCCESS=return] winbind
> groups: compat [SUCCESS=return] winbind
> 
> My naive understanding is that this would make name lookups that
> suceeded in `compat` completely avoid winbind. That was my
> understanding
> until I disconnected the machine and could not log in as root.
> 

My nsswitch.conf looks like this (this is Solaris 8, btw):

passwd:     files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]
group:      files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]

Actually, only the TRYAGAIN=return was necessary to prevent the "hang till 
timeout" in my scenario, but I put in the rest just in case.

L8r,
Mike


Powered by Gee! - Wireless Access Anywhere


More information about the samba mailing list