[Samba] PAM Offline Authentication in Ubuntu 22.04...
Kees van Vloten
keesvanvloten at gmail.com
Sat Jun 3 09:41:21 UTC 2023
I have setup a test machine unfornately not a real laptop (it is in use
for other things) but a virtualbox VM with Debian 10, KDE (sddm) and
The test scenario is quite simple.
1. Login with root on the (text) console (tty2)
2. wbinfo --ping-dc
3. time id testuser
4. Disconnect network in virtualbox
5. wbinfo --ping-dc
6. time id testuser
7. Connect network in virtualbox + wait 10 secs (for dhcp etc.)
8. wbinfo --ping-dc
9. time id testuser
2. output: 'checking the NETLOGON for domain[SAMDOM] dc connection to
3. output in 0.037s
5. output: 'checking the NETLOGON for domain[SAMDOM] dc connection to ""
6. output in 63.120s
8. output: 'checking the NETLOGON for domain[SAMDOM] dc connection to
9. output in 0.191s
Now when I logging in on the graphical interface (sddm) fails when
disconnected, probably due t the fact that a response in 63s is too long
for sddm, it gives up before that.
When I login while connected on sddm, then disconnect and I lock the
screen, I am unable to unlock, likely due to the same (short) timeout in
Now the question is why it takes winbind so long (63s) to do a simple
user and group lookup when it knows that is disconnected.
On 01-06-2023 16:38, Rowland Penny via samba wrote:
> On 01/06/2023 15:11, Eduardo Moraes via samba wrote:
>>> OK, but... further investigation in what direction?!
>> Greetings, friends!
>> Sorry for butting in on the discussion, but I'm also interested in
>> this problem, as users of my project (CID -
>> https://sourceforge.net/projects/c-i-d/) have also been reporting the
>> I've been researching it and it looks like the problem has been
>> around for
>> a long time and is specific to Debian-like distributions, as these
>> two bug
>> reports suggest:
>> I tried to make the suggested changes to the "lock directory" and even
>> adapted it to my scripts, but according to reports the users, it doesn't
>> always work.
>> I've tested other distributions, like Fedora and OpenSuse, and
>> seems to work just fine.
>> I stopped researching some time ago, so I can't contribute more than
>> but I hope that at least I helped them to find a way to a solution.
>> Good luck!
> The plot thickens, I am testing using an Oracle VM with a bridged
> adapter, which can connect to either wifi or ethernet. Whilst doing
> further testing I just discovered something. If I logon as a domain
> user with the bridged adapter connected to wifi (wlan0), the user gets
> logged in. If I then log out and switch the bridged adapter to eth0
> with the cable disconnected, the user can still logon and quickly.
> However if the cable isn't disconnected, then the user can still
> logon, but after a considerable amount of time and there is a similar
> pause when the user logs out.
> I am surmising that the pause is coming from something searching for
> the network and then, finally, giving up.
> Now to try and find the 'something' and stop it doing it.
More information about the samba