[Samba] nss_winbind / offline logon

Petteri Heinonen petteri.j.heinonen at kolumbus.fi
Sat Oct 17 03:12:53 MDT 2009

Steve Rippl wrote:
> On Fri, 2009-10-16 at 14:37 +0300, Petteri Heinonen wrote:
>> Hello list users,
>> I have been struggling to make my AD integrated Debian Lenny box to work fluently also when network connectivity is down. What I would like to achieve:
>> 1) When no network available, local user should still work normally
>> 2) If possible, AD located users should still be able to login if they have previously logged in successfully (cached login)
>> Number 2 is more like optional, but number 1 would be very much needed. However, it seems that winbind somehow blocks login process for local accounts too if it is not able to get network connection to AD during system boot. These are the relevant lines in my nsswitch.conf:
>> passwd:         files winbind
>> group:          files winbind
>> shadow:         files
> I think this does what you want allowing local account to still
> function...
> passwd:         compat [!NOTFOUND=return] winbind
> group:          compat winbind
> shadow:         compat
Thanks Steve, but didn't help. I have tried several combinations of 
NOTFOUND and SUCCESS etc here. Also, this is what man page of 
nsswitch.conf says:

              No error occurred and the wanted entry is returned.  The 
              action for this is 'return'.

So when user is found locally, the default action should anyway be 
'return', that is, NOT to continue to winbind module. That is exactly 
the problem I'm having; why does nsswitch continue to query anything 
from winbind because the user is already found from local database?


More information about the samba mailing list