[Samba] winbind : suspend nightmare

Jeremy Allison jra at samba.org
Fri Oct 25 16:24:48 UTC 2019


On Thu, Oct 24, 2019 at 11:33:40PM +0000, Jon Gerdes via samba wrote:
> You cannot accept a wifi arrangement on Win10 before login.  That means
> your VPN has not started up (no trusted network) and that means you
> have not authenticated yourself to your domain - you can only do cached
> creds.
> 
> So, Mr A: Are you able to reliably login to a Linux powered laptop with
> an AD mediated account?  I have to employ a few workarounds for several
> scenarios.  wifi on/off, VPN on/off, wired vs wifi, IPv6 vs IPv4 are
> some of the considerations.

I haven't depended on a AD-DC for my network logons for
many years I'm afraid, so I've not had to depend on this :-).

> Could I request you look at your winbind on/offline code with a modern
> viewpoint.  I suspect you need to require the environment to tell
> winbind what is happening to it rather than deploying a few randomly
> chosen timers.

I still don't understand why having winbind probe for
network connectivity (DNS lookup) every 30 seconds once
it loses connectivity to the DC is the wrong thing to
do ?

What if there's a transient network outage ? We don't want
to have only external triggers to tell winbind to go on/offline,
why is the auto-detection not working ?

The "online" message can be sent also via smbcontrol as
a message directly to winbind, so I think we already
have the external tooling we need for this. I just don't
get why the internal probing isn't working for you.



More information about the samba mailing list