[Samba] winbind offline logon

[Rowland Penny]

On Thu, 14 Feb 2019 09:30:00 +0100
Piviul via samba <samba at lists.samba.org> wrote:

> Hi all, I have a problem in libpam-winbind: offline logon doesn't
> seems to work. The first version of samba in which I have found the
> problem is 4.1 and the last is 4.7 but I fear that newer version are
> affected too. Hopefully there is a workaround: you have to remove 
> krb5_ccache_type=FILE from /etc/pam.d/common-auth
> 
> I have opened a bug report[¹] where you can find more details.
> 
> Any one have the same problem?
> 
> Piviul
> 
> [¹] https://bugzilla.samba.org/show_bug.cgi?id=10455
> 

Hi Piviul, I have read that bug report and sorry but your smb.conf is
incorrect.

try this one:

[global]
    workgroup = DOMINIOCSA
    security = ADS
    realm = <UPPERCASE_WHATEVER_YOUR_DNS_DOMAIN_IS>
    server string = Samba 4 Client %h

    winbind use default domain = yes
    winbind expand groups = 2
    winbind refresh tickets = Yes
    winbind offline logon = yes

    idmap config *:backend = tdb
    idmap config *:range = 25000-30000
    idmap config DOMINIOCSA : backend = rid
    idmap config DOMINIOCSA : range = 10000-24999
    template shell = /bin/bash

    domain master = no
    local master = no
    preferred master = no

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    log file = /var/log/samba/log.%m
    max log size = 1000
    syslog = 0

[printers]
    comment = All Printers
    create mask = 0700
    path = /var/spool/samba
    printable = Yes

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers

Then put 'krb5_ccache_type=FILE' back into common-auth and try again.

Rowland