[Samba] Winbind offline cache and strangeness...
Marco Gaiarin
gaio at sv.lnf.it
Tue Sep 15 11:27:58 UTC 2020
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> You checked the time offsets?
No, but i've seen in logs that network scripts correctly sync time, so i
suppose this is not a problem.
> How about, make a "pc" client cert for the VPN. That allows to setup and run the vpn tunnel.
You mean a VPN in 'P2P mode'?
> P.s. Showing some configs might help a lot. ;-)
Samba config on client, pretty standard:
root at dane:~# samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = LNFFVG
realm = AD.FVG.LNF.IT
security = ADS
map to guest = Bad User
username map = /etc/samba/user.map
log level = 0
log file = /var/log/samba/log.%M
max log size = 5000
printcap name = /dev/null
disable spoolss = Yes
panic action = /usr/share/samba/panic-action %d
winbind use default domain = Yes
winbind nss info = rfc2307
winbind offline logon = Yes
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : backend = ad
idmap config * : range = 5000-9999
idmap config * : backend = tdb
include = /etc/samba/smb.conf.%M
A correct logon:
Sep 9 13:46:12 dane lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "elisac"
Sep 9 13:46:16 dane lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:0 ruser= rhost= user=elisac
Sep 9 13:46:16 dane lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
Sep 9 13:46:16 dane lightdm: pam_winbind(lightdm:auth): pam_get_item returned a password
Sep 9 13:46:16 dane lightdm: pam_winbind(lightdm:auth): user 'elisac' granted access
Sep 9 13:46:17 dane lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Sep 9 13:46:29 dane lightdm: pam_unix(lightdm:session): session opened for user elisac by (uid=0)
Sep 9 13:46:29 dane systemd-logind[1128]: New session c2 of user elisac.
Sep 9 13:46:29 dane systemd: pam_unix(systemd-user:session): session opened for user elisac by (uid=0)
a faulty logon:
Sep 9 14:35:27 dane lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "elisac"
Sep 9 14:35:27 dane lightdm: pam_unix(lightdm:auth): conversation failed
Sep 9 14:35:27 dane lightdm: pam_unix(lightdm:auth): auth could not identify password for [elisac]
Sep 9 14:35:27 dane lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
Sep 9 14:35:27 dane lightdm: pam_winbind(lightdm:auth): Could not retrieve user's password
and even a stranger faulty logon:
Sep 9 14:35:38 dane lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "elisac"
Sep 9 14:35:42 dane lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:2 ruser= rhost= user=elisac
Sep 9 14:35:42 dane lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
Sep 9 14:35:42 dane lightdm: pam_winbind(lightdm:auth): pam_get_item returned a password
Sep 9 14:35:42 dane lightdm: pam_winbind(lightdm:auth): user 'elisac' granted access
Sep 9 14:35:44 dane lightdm: pam_unix(lightdm-greeter:session): session closed for user lightdm
Sep 9 14:35:44 dane compiz: pam_unix(unity:auth): conversation failed
Sep 9 14:35:44 dane compiz: pam_unix(unity:auth): auth could not identify password for [elisac]
Sep 9 14:35:44 dane compiz: pam_winbind(unity:auth): getting password (0x00000388)
Sep 9 14:35:45 dane compiz: pam_winbind(unity:auth): Could not retrieve user's password
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list