[Samba] winbind offline logon

Tue Jan 26 09:33:03 UTC 2021

On 26/01/2021 09:22, L.P.H. van Belle via samba wrote:
> Now, i've been thinking on this and this will get a "wontfix" in my packages.
>
> I explain why and its security and speed and the ease to avoid this.
> As Rowland showed.
>
> Below is what "I" preffer.
>
> Why not a fix in the samba packaging.
> 1) After every reboot of a server in my opinion, everthings should re-authenticate.
> 2) i still preffer to have the file on ramdisk (tmpfs), it simply reduces lookup time.
>
> So we have 3 options now for a fix
> 1) in packaging, only i follow the debian maintainers as much as possible
> so upgradeing my and debian officals keeps things same.
> We might change it in here.
>
> 2) As suggested, use the lock directory config in smb.conf, but that misses the ramdisk.. so i go for nr 3.
>
> 3) A small service that copies the needed files from ramdisk to static
>     So, per example, added a small service that is triggered before
>     the system does down and let it start just before winbind/samba starts.
>     ( you can add extra services offcourse in the "before"
>
>
> This shows a simular setup for it.
> https://linuxhint.com/ramdisk_ubuntu_1804/
>
>
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dale via samba
>> Verzonden: maandag 25 januari 2021 18:55
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] winbind offline logon
>>
>> On 1/25/21 8:18 AM, Rowland penny via samba wrote:
>>> On 25/01/2021 14:06, Marco Gaiarin via samba wrote:
>>>> Mandi! Rowland penny via samba
>>>>     In chel di` si favelave...
>>>> In debian BTS the only bug relevant to this seems:
>>>>
>>>>      https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953530
>>>>
>>>> so probably a bug have to be fired up. Louis, say to us.
>>>>
>>> OK, I have been having a conversation with Jelmer about this,
>>> basically there are things in the lock directory that shouldn't be and
>>> we now have a bug for this:
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=14618
>>>
>>> Add 'lock directory = /var/cache/samba/' to smb.conf and, after
>>> restarting Samba, winbind offline logon will now work. This is just a
>>> workaround until the above bug is fixed.
>>>
>>> Rowland
>> So, with this one smb.conf change, are the instructions in the wiki all
>> that is required, or are any of the previously mentioned krb5.conf and
>> pam changes still needed?
>>
>> Thanks,
>> Dale
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

The problem is that 'gencache.tdb' used to be in the 'cache' directory 
until someone (whilst fixing another problem) moved it to the lock 
directory. The obvious fix is to move it back again, but until that 
happens, just use the workaround 😁

Rowland