[Samba] PAM Offline Authentication in Ubuntu 22.04

Kees van Vloten keesvanvloten at gmail.com
Mon Jun 26 18:19:40 UTC 2023

On 26-06-2023 20:12, Rowland Penny via samba wrote:
> On 26/06/2023 18:20, Kees van Vloten via samba wrote:
>> I am quite convinced it is not a DNS issue, although those lookups 
>> obviously fail when you pull the network plug (I guess installing 
>> something like dnsmasq can prevent that). The issue is in the nss 
>> lookups of users and groups: getent passwd <user> or getent passwd 
>> <group>, which implies something in winbind-nss.
>> I have been using the "lock directory" parameter on my Debian 
>> (Bullseye) machines since nearly forever and added the "winbind 
>> request timeout" recently (after the discussion here), which probably 
>> help to reduce the effects but do not solve the issue.
> The problem for me is that I struggle to get the symptoms that Marco 
> does.
> I have Ubuntu 22.04 running in a VM, it is setup as a Unix domain 
> member, using the 'rid' idmap backend.
> It works as expected, if I disconnect the network, sometimes it starts 
> running slow, but only sometimes, other times you cannot tell the 
> difference.
> Now you could be correct about the dns, and I am now beginning to 
> think that Marco's problem has nothing to do with Samba, there is 
> something not set up correctly in the OS, but what, I do not know.

I am using rfc2307 and I have been experiencing similar issues since my 
first message on this topic 2 years ago.

Could it be related to the (rfc2307-) idmap backend?

One other thing is that I am using rbac which leans heavily on nested 
groups, perhaps that has is causing issues with caching in winbind?

> As anyone got any suggestions that Marco can try ?
> Rowland

More information about the samba mailing list