[Samba] PAM Offline Authentication in Ubuntu 22.04

Marco Gaiarin gaio at lilliput.linux.it
Wed Jun 28 09:32:22 UTC 2023

I reply to myself.

>> "idmap config LNFFVG : unix_nss_info = no" in smb.conf ?
> Tried, but nothing changed. My current [global] section is:

Bingo! If i set:
>         idmap config lnffvg : unix_nss_info = no
>         idmap config lnffvg : unix_primary_group = no

Things start to work; i mean 'start' because effectively a disconnection of
the laptop basic nss survive (eg, i can do 'id gaio' and i get some output),
but still if i lock the screen, i cannot login back anymore (due to
timeouts, i suppose; it is a bit hard to debug a disconnected laptop... ;-).

I've also reboot, and in logon screen GDM say me that i'm logging in with a
cached credential (wow!), but after 15 minutes i was still logging in,
screen saver start and so i was back to login screen.

This lead to me to the considerations:

1) winbind offline logon work only in 'rid' mode, or at least does NOT work
 in rfc2307 mode.

2) i think this is a bug...

Andrew, what do you think?

  I'm old enough to remember when the Internet wasn't a group of
  five websites, each consisting of screenshots of text from
  the other four.					(Tom Eastman)

More information about the samba mailing list