[Samba] AD Users on Linux Laptop
L.P.H. van Belle
belle at bazuin.nl
Thu Jul 9 08:29:28 UTC 2020
Hai Basti,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> basti via samba
> Verzonden: donderdag 9 juli 2020 10:20
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] AD Users on Linux Laptop
>
> Hello,
> I have setup a laptop with debian10, where samba ad users
> should able to
> login. I also setup PAM_Offline_Authentication, so far so good.
>
> There are several Problems:
>
> - After Reboot winbind seem to start before network is redy,
> so winbind
> can't get user info via getent passwd <username>, after
> restart winbind
> it works
Quick fix :
systemctl edit winbind.service
Add:
Unit
After=network.target network-online.target
Save, reboot. (wait, do below first)
>
> - How can I cache logins infos, for offline login
> (e.g. when only wlan is available or to start vpn after login to get
> access to shares)
cat /etc/pam.d/common-auth
Verify if you see.
# here are the per-package modules (the "Primary" block)
auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login try_first_pass
If not, run : pam-auth-update ( even if you dont see it, run it, it sets everything correct.)
And im sure you have this in smb.conf :
But i have to ask/show it.
# Renew the kerberos tickets
winbind refresh tickets = yes
# Enable offline logins
winbind offline logon = yes
Try above and report back.
Thats all i do on debian.
Greetz,
Louis
More information about the samba
mailing list