[Samba] PAM Offline Authentication in Ubuntu 22.04...
Marco Gaiarin
gaio at lilliput.linux.it
Fri May 26 15:37:58 UTC 2023
Mandi! Rowland Penny via samba
In chel di` si favelave...
Sorry for the late answer.
> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works
> for myself.
Exactly the same, but on a real hardware.
> Had the user 'gaio' logged in previously, it will not work if the user
> hasn't logged in at least once before the network has disconnected.
Sure! I've tried everytime a logon before disconnecting the network, also
with different account, same result.
> It is always worth upgrading Samba if possible and easy, but as I say,
> it works for myself.
Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works
exactly as before, i try to explain:
1) boot; the PC had wireless on and connect automatically
2) login with AD account, OK.
3) i shut off the wireless.
4) machine became totally irresponsive:
- a terminal open in 2 minutes
- i cannot re-enable wireless
- i cannot logoff or reboot
The only options available is to wait for a terminal tu open, su to root
(not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an
insane amount of time.
What i'm doing wrong? How can i debug this?!
I restate:
/etc/samba/smb.conf
[global]
client min protocol = NT1
disable spoolss = Yes
load printers = No
log file = /var/log/samba/log.%m
map to guest = Bad User
panic action = /usr/share/samba/panic-action %d
printcap name = /dev/null
realm = AD.FVG.LNF.IT
security = ADS
syslog = 0
username map = /etc/samba/user.map
usershare max shares = 0
winbind offline logon = Yes
winbind use default domain = Yes
workgroup = LNFFVG
idmap config lnffvg : unix_primary_group = yes
idmap config lnffvg : unix_nss_info = yes
idmap config lnffvg : schema_mode = rfc2307
idmap config lnffvg : range = 10000-49999
idmap config lnffvg : backend = ad
idmap config * : range = 5000-9999
idmap config * : backend = tdb
printing = bsd
/etc/security/pam_winbind.conf
[global]
cached_login = yes
/etc/krb5.conf
[libdefaults]
default_realm = AD.FVG.LNF.IT
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Thanks.
--
C'è solo la strada su cui puoi contare,
la strada è l'unica salvezza. (Gaber)
More information about the samba
mailing list