[Samba] winbind offline logon

bd730c5053df9efb bd730c5053df9efb at proton.me
Fri Dec 29 00:03:24 UTC 2023 





Sent with Proton Mail secure email.

On Thursday, December 28th, 2023 at 16:33, Rowland Penny via samba <samba at lists.samba.org> wrote:


> On Thu, 28 Dec 2023 19:08:45 +0000
> bd730c5053df9efb via samba samba at lists.samba.org wrote:
> 
> > > > # here are the per-package modules (the "Primary" block)
> > > > auth [success=2 default=ignore] pam_unix.so nullok
> > > > auth [success=1 default=ignore] pam_winbind.so cached_login
> > > > krb5_auth krb5_ccache_type=FILE cached_login try_first_pass # <=
> > > > added cached_login, just in case # here's the fallback if no
> > > > module
> > > 
> > > Which one did you add ? The one after 'pam_winbind.so' or the other
> > > one ?
> > > I added the cached_login parameter to the pam_winbind.so line in
> > > common-auth, it's also in /etc/security/pam_winbind.conf
> 
> 
> It was already there when you added 'cached_login' to
> /etc/pam.d/common-auth, or to put it another way, it is now in that
> file twice.
True.Thanks for noticing it. I already removed the one I added so now I have only one

I tried the "Testing Offline authentication" section of the page and except for the fact that even after the smbcontrol winbind offline command was issued the command wbinfo --ping-dc still returned a successful ping even though the wbinfo --online-status showed no active connection to the domain. I could ssh into localhost using the cached credentials.

However, when instead of gently setting winbind offline i crudely disconnected the vm from the network, which is my real use case, things didn't work quite as well. First when I start a new terminal windows everything takes quite longer and the prompt states "I have no name!@debian" being debian the hostname. When I tried an ssh connection to localhost instead of a successful connection with the cached credentials notificacion I get a message saying "No user exists for uid 10000". If I connect the vm to the network again everything starts working again eventually but my idea would be to be able to login and use the computer while not connected to the domain either because I left the LAN where the DC is connected to or because I start the notebook connected to a whole different LAN.

Thanks again!
Best regards,
Dave.

> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list