[Samba] nss_winbind / offline logon
Petteri Heinonen
petteri.j.heinonen at kolumbus.fi
Sat Oct 17 03:12:53 MDT 2009
Steve Rippl wrote:
> On Fri, 2009-10-16 at 14:37 +0300, Petteri Heinonen wrote:
>
>> Hello list users,
>>
>> I have been struggling to make my AD integrated Debian Lenny box to work fluently also when network connectivity is down. What I would like to achieve:
>>
>> 1) When no network available, local user should still work normally
>> 2) If possible, AD located users should still be able to login if they have previously logged in successfully (cached login)
>>
>> Number 2 is more like optional, but number 1 would be very much needed. However, it seems that winbind somehow blocks login process for local accounts too if it is not able to get network connection to AD during system boot. These are the relevant lines in my nsswitch.conf:
>>
>> passwd: files winbind
>> group: files winbind
>> shadow: files
>>
>>
>
>
> I think this does what you want allowing local account to still
> function...
>
> passwd: compat [!NOTFOUND=return] winbind
> group: compat winbind
> shadow: compat
>
>
>
Thanks Steve, but didn't help. I have tried several combinations of
NOTFOUND and SUCCESS etc here. Also, this is what man page of
nsswitch.conf says:
success
No error occurred and the wanted entry is returned. The
default
action for this is 'return'.
So when user is found locally, the default action should anyway be
'return', that is, NOT to continue to winbind module. That is exactly
the problem I'm having; why does nsswitch continue to query anything
from winbind because the user is already found from local database?
-Petteri
More information about the samba
mailing list