[Samba] winbind offline logon
L.P.H. van Belle
belle at bazuin.nl
Tue Jan 26 09:22:11 UTC 2021
Now, i've been thinking on this and this will get a "wontfix" in my packages.
I explain why and its security and speed and the ease to avoid this.
As Rowland showed.
Below is what "I" preffer.
Why not a fix in the samba packaging.
1) After every reboot of a server in my opinion, everthings should re-authenticate.
2) i still preffer to have the file on ramdisk (tmpfs), it simply reduces lookup time.
So we have 3 options now for a fix
1) in packaging, only i follow the debian maintainers as much as possible
so upgradeing my and debian officals keeps things same.
We might change it in here.
2) As suggested, use the lock directory config in smb.conf, but that misses the ramdisk.. so i go for nr 3.
3) A small service that copies the needed files from ramdisk to static
So, per example, added a small service that is triggered before
the system does down and let it start just before winbind/samba starts.
( you can add extra services offcourse in the "before"
This shows a simular setup for it.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dale via samba
> Verzonden: maandag 25 januari 2021 18:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] winbind offline logon
> On 1/25/21 8:18 AM, Rowland penny via samba wrote:
> > On 25/01/2021 14:06, Marco Gaiarin via samba wrote:
> >> Mandi! Rowland penny via samba
> >> In chel di` si favelave...
> >> In debian BTS the only bug relevant to this seems:
> >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953530
> >> so probably a bug have to be fired up. Louis, say to us.
> > OK, I have been having a conversation with Jelmer about this,
> > basically there are things in the lock directory that shouldn't be and
> > we now have a bug for this:
> > https://bugzilla.samba.org/show_bug.cgi?id=14618
> > Add 'lock directory = /var/cache/samba/' to smb.conf and, after
> > restarting Samba, winbind offline logon will now work. This is just a
> > workaround until the above bug is fixed.
> > Rowland
> So, with this one smb.conf change, are the instructions in the wiki all
> that is required, or are any of the previously mentioned krb5.conf and
> pam changes still needed?
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba