[Samba] winbind : suspend nightmare
Jeremy Allison
jra at samba.org
Fri Oct 25 16:24:48 UTC 2019
On Thu, Oct 24, 2019 at 11:33:40PM +0000, Jon Gerdes via samba wrote:
> You cannot accept a wifi arrangement on Win10 before login. That means
> your VPN has not started up (no trusted network) and that means you
> have not authenticated yourself to your domain - you can only do cached
> creds.
>
> So, Mr A: Are you able to reliably login to a Linux powered laptop with
> an AD mediated account? I have to employ a few workarounds for several
> scenarios. wifi on/off, VPN on/off, wired vs wifi, IPv6 vs IPv4 are
> some of the considerations.
I haven't depended on a AD-DC for my network logons for
many years I'm afraid, so I've not had to depend on this :-).
> Could I request you look at your winbind on/offline code with a modern
> viewpoint. I suspect you need to require the environment to tell
> winbind what is happening to it rather than deploying a few randomly
> chosen timers.
I still don't understand why having winbind probe for
network connectivity (DNS lookup) every 30 seconds once
it loses connectivity to the DC is the wrong thing to
do ?
What if there's a transient network outage ? We don't want
to have only external triggers to tell winbind to go on/offline,
why is the auto-detection not working ?
The "online" message can be sent also via smbcontrol as
a message directly to winbind, so I think we already
have the external tooling we need for this. I just don't
get why the internal probing isn't working for you.
More information about the samba
mailing list