[Samba] winbind offline nss "hangs"

Rowland Penny rpenny at samba.org
Mon Jul 26 19:37:34 UTC 2021

On Mon, 2021-07-26 at 21:13 +0200, Kees van Vloten via samba wrote:
> Hi Samba-team
> I am using winbind 4.14 from Louis' repo on Debian Buster on a
> machine 
> that has joined a Samba4 AD domain
> The command 'id testuser' properly returns the user and group 
> information with the network connected.
> However when I pull the network plug and wait a little and then
> issue 
> the same command it hangs.

Has 'testuser' logged into the computer ?

> I looks like the winbind is not going to cached nss info but still
> tries 
> to go the Samba4 AD controller.

Do you have a line in /etc/pam.d/common-auth like this:

auth    [success=1 default=ignore]      pam_winbind.so krb5_auth
krb5_ccache_type=FILE cached_login try_first_pass

> What am I missing in the configuration?

Nothing that I can see, you have a few lines in smb.conf that you don't
really need and I do not understand why 'winbind expand groups' is set
to '10'


More information about the samba mailing list