[Samba] PAM Offline Authentication in Ubuntu 22.04

Michael Tokarev mjt at tls.msk.ru
Mon Jun 19 13:10:41 UTC 2023

19.06.2023 15:49, Rowland Penny via samba пишет:
> I added the parameter/value 'lock directory = /var/cache/samba' to the smb.conf, reconnected the computer to the network and rebooted, the domain user 
> could now logon again.
> I then disconnected the computer from the network again and rebooted, This time, the domain user was able to logon.
> As most of what was in /run/samba is now in /var/cache/samba and survives a reboot, I therefore feel it is a safe assumption that something in 
> /run/samba is required for offline logon, 'gencache.tdb' ?

The file placement in samba smells a bit random. Not only some files needed to be
in a persistent storage (like /var/lib/samba /var/cache/samba instead of /run/samba),
the same is true for the other direction too, eg, sockets directory which is in
/var/lib/samba by default definitely should go in /run/samba/ (this is something I
patched in debian samba).

This stuff needs to be revisited.  There are a few misnomers out there, and some
components uses wrong "classes" of directories too.  Also, ctdb has its own pid
and lock directory settings.

I wanted to bring this up for quite some time but was distracted by something else.

Thank you for finding this issue with offline logon.  I think it should be easy
enough to find by using strace.

The work to review usages of various dirs and to classify them is yet to be done..



More information about the samba mailing list