[Samba] PAM Offline Authentication in Ubuntu 22.04

Rowland Penny rpenny at samba.org
Fri Jun 23 17:15:22 UTC 2023

On 23/06/2023 17:04, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
>    In chel di` si favelave...
>> As most of what was in /run/samba is now in /var/cache/samba and
>> survives a reboot, I therefore feel it is a safe assumption that
>> something in /run/samba is required for offline logon, 'gencache.tdb' ?
> OK, i supposed also that (please, restore that on wiki), but as just stated
> i've not a problem with reboot... ;-)

I planned to, just waiting to here from you, but now ?

Are you saying that without the lockdir line in your smb.conf, offline 
logon works for you after a reboot, because it doesn't for me.

>> I still think that dns has a place in this somewhere, I have an
>> /etc/hosts file that looks like this:
> I'm still using my 'old' DNS and DHCP setup, and DHCP server does not assign
> the AD domain to client (for windows cliend it is not needed: thay have the
> AD domain dns suffix as predefined by default, after joined).

I was using the dhcp server on my router and this was either sending no 
dns domain or the wrong one. I have now set up a new dhcp server on one 
of my DC's and this is sending the correct domain information.

> Also, as just stated, previous Ubuntu 16.04 worked perfectly with the same
> dns setup, so probably it is not the culprit.

There are a very lot of differences  between dns on 16.04 and 22.04. 
There is also the fact that Active directory has a large dependency on dns.

>> If I run the following commands when connected to the network, I get the
>> expected output:
> Also trying to fiddle with /etc/hosts and /etc/hostname, i was not able to
> print the domain, eg:
>> hostname -d
>> samdom.example.com
>> hostname -f
>> testdm12.samdom.example.com
> i get empty result (hostname -f return the host).

Then I would suggest you need to fix this, easiest way is to add the 
information to the line in /etc/hosts

> I've tried to disable DHCP and setup manual network connectivity (cabled)
> using domain DNS (DCs)

> Nothing changed.

If you just changed from a dhcp supplied IP to a fixed IP without 
setting up anything else, then I think this is to be expected.

> If network is connected, all works as expected; if i disconnect cable, all
> (logon, a simple 'id gaio', ...) stop instantly to work...
> I'm starting to get a bit desperate...

Now I know just how you have your dns setup, I will try and emulate it 
over the weekend and see what happens.


More information about the samba mailing list