[Samba] PAM Offline Authentication in Ubuntu 22.04...

Marco Gaiarin gaio at lilliput.linux.it
Fri May 26 15:37:58 UTC 2023 

Mandi! Rowland Penny via samba
  In chel di` si favelave...

Sorry for the late answer.


> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works 
> for myself.

Exactly the same, but on a real hardware.


> Had the user 'gaio' logged in previously, it will not work if the user 
> hasn't logged in at least once before the network has disconnected.

Sure! I've tried everytime a logon before disconnecting the network, also
with different account, same result.


> It is always worth upgrading Samba if possible and easy, but as I say, 
> it works for myself.

Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works
exactly as before, i try to explain:

1) boot; the PC had wireless on and connect automatically

2) login with AD account, OK.

3) i shut off the wireless.

4) machine became totally irresponsive:
 - a terminal open in 2 minutes
 - i cannot re-enable wireless
 - i cannot logoff or reboot


The only options available is to wait for a terminal tu open, su to root
(not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an
insane amount of time.


What i'm doing wrong? How can i debug this?!


I restate:

/etc/samba/smb.conf
 [global]
	client min protocol = NT1
	disable spoolss = Yes
	load printers = No
	log file = /var/log/samba/log.%m
	map to guest = Bad User
	panic action = /usr/share/samba/panic-action %d
	printcap name = /dev/null
	realm = AD.FVG.LNF.IT
	security = ADS
	syslog = 0
	username map = /etc/samba/user.map
	usershare max shares = 0
	winbind offline logon = Yes
	winbind use default domain = Yes
	workgroup = LNFFVG
	idmap config lnffvg : unix_primary_group = yes
	idmap config lnffvg : unix_nss_info = yes
	idmap config lnffvg : schema_mode = rfc2307
	idmap config lnffvg : range = 10000-49999
	idmap config lnffvg : backend = ad
	idmap config * : range = 5000-9999
	idmap config * : backend = tdb
	printing = bsd

/etc/security/pam_winbind.conf
 [global]
 	cached_login = yes

/etc/krb5.conf
 [libdefaults]
	default_realm = AD.FVG.LNF.IT
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true
	fcc-mit-ticketflags = true

/etc/nsswitch.conf
 passwd:         compat winbind
 group:          compat winbind
 shadow:         files
 gshadow:        files
 hosts:          files mdns4_minimal [NOTFOUND=return] dns
 networks:       files
 protocols:      db files
 services:       db files
 ethers:         db files
 rpc:            db files
 netgroup:       nis


Thanks.

-- 
  C'è solo la strada su cui puoi contare,
  la strada è l'unica salvezza.			(Gaber)

More information about the samba mailing list