[Samba] winbind offline logon
Rowland Penny
rpenny at samba.org
Sat Feb 16 17:15:10 UTC 2019
On Thu, 14 Feb 2019 09:30:00 +0100
Piviul via samba <samba at lists.samba.org> wrote:
> Hi all, I have a problem in libpam-winbind: offline logon doesn't
> seems to work. The first version of samba in which I have found the
> problem is 4.1 and the last is 4.7 but I fear that newer version are
> affected too. Hopefully there is a workaround: you have to remove
> krb5_ccache_type=FILE from /etc/pam.d/common-auth
>
> I have opened a bug report[¹] where you can find more details.
>
> Any one have the same problem?
>
> Piviul
>
> [¹] https://bugzilla.samba.org/show_bug.cgi?id=10455
>
Hi Piviul, I have read that bug report and sorry but your smb.conf is
incorrect.
try this one:
[global]
workgroup = DOMINIOCSA
security = ADS
realm = <UPPERCASE_WHATEVER_YOUR_DNS_DOMAIN_IS>
server string = Samba 4 Client %h
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
winbind offline logon = yes
idmap config *:backend = tdb
idmap config *:range = 25000-30000
idmap config DOMINIOCSA : backend = rid
idmap config DOMINIOCSA : range = 10000-24999
template shell = /bin/bash
domain master = no
local master = no
preferred master = no
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
[printers]
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
Then put 'krb5_ccache_type=FILE' back into common-auth and try again.
Rowland
More information about the samba
mailing list