[Samba] PAM Offline Authentication in Ubuntu 22.04

Rowland Penny rpenny at samba.org
Wed Jun 28 09:54:29 UTC 2023

On 28/06/2023 10:32, Marco Gaiarin via samba wrote:
> I reply to myself.
>>> "idmap config LNFFVG : unix_nss_info = no" in smb.conf ?
>> Tried, but nothing changed. My current [global] section is:
> Bingo! If i set:
>>          idmap config lnffvg : unix_nss_info = no
>>          idmap config lnffvg : unix_primary_group = no
> Things start to work; 

I didn't try turning the last one off, but at least you are getting 
somewhere :-)

> i mean 'start' because effectively a disconnection of
> the laptop basic nss survive (eg, i can do 'id gaio' and i get some output),
> but still if i lock the screen, i cannot login back anymore (due to
> timeouts, i suppose; it is a bit hard to debug a disconnected laptop... ;-).
> I've also reboot, and in logon screen GDM say me that i'm logging in with a
> cached credential (wow!), but after 15 minutes i was still logging in,
> screen saver start and so i was back to login screen.

When you say 'back to login screen', do you mean that you cannot just 
click the screen, enter your password and close the screensaver ? From 
what you posted, it sounds like you are taken right back to the intial 
login screen.

> This lead to me to the considerations:
> 1) winbind offline logon work only in 'rid' mode, or at least does NOT work
>   in rfc2307 mode.

I would suggest that 'does not work fully in rfc2307 mode' is nearer the 
truth. It sounds like the ID's are being pulled from the cache, but it 
is falling over trying to get the homedir, shell etc.

> 2) i think this is a bug...

It certainly sounds that way. Can you please open a bug report.


More information about the samba mailing list