[Samba] PAM Offline Authentication in Ubuntu 22.04

Kees van Vloten keesvanvloten at gmail.com
Mon Jun 26 17:20:32 UTC 2023

On 26-06-2023 16:25, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
>    In chel di` si favelave...
>> I Logged in as a domain user to a Ubuntu 22.04 Unix domain member.
>> Everything worked as expected.
> OK, this also for me.
>> disconnected network, everything still worked okay.
> And not, this not. As just stated, if i tackle with DNS the best i can get
> is to short down delays, that became decent; but still if i disconnect the
> cable or shut off the wireless, immediately an:
> 	id gaio
> return user unknown, and if i open a new terminal windows/tab, i got the
> prompt with 'unknown user'.
> My problem seems a bit deeper. Shorten the delay alleviate some correlated
> aspects (eg, now i can shut down the machine, or re-enable the wireless
> network) but the trouble remain... Winbind/NSS cache does not work.
I am quite convinced it is not a DNS issue, although those lookups 
obviously fail when you pull the network plug (I guess installing 
something like dnsmasq can prevent that). The issue is in the nss 
lookups of users and groups: getent passwd <user> or getent passwd 
<group>, which implies something in winbind-nss.
I have been using the "lock directory" parameter on my Debian (Bullseye) 
machines since nearly forever and added the "winbind request timeout" 
recently (after the discussion here), which probably help to reduce the 
effects but do not solve the issue.

More information about the samba mailing list