[Samba] PAM Offline Authentication in Ubuntu 22.04...
Kees van Vloten
keesvanvloten at gmail.com
Fri May 26 17:55:21 UTC 2023
On 26-05-2023 17:37, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
> Sorry for the late answer.
>
>
>> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works
>> for myself.
> Exactly the same, but on a real hardware.
To me it looks identical to this
https://lists.samba.org/archive/samba/2021-July/236850.html
Unfortunately that thread never came to a solution.
>
>
>> Had the user 'gaio' logged in previously, it will not work if the user
>> hasn't logged in at least once before the network has disconnected.
> Sure! I've tried everytime a logon before disconnecting the network, also
> with different account, same result.
>
>
>> It is always worth upgrading Samba if possible and easy, but as I say,
>> it works for myself.
> Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works
> exactly as before, i try to explain:
>
> 1) boot; the PC had wireless on and connect automatically
>
> 2) login with AD account, OK.
>
> 3) i shut off the wireless.
>
> 4) machine became totally irresponsive:
> - a terminal open in 2 minutes
> - i cannot re-enable wireless
> - i cannot logoff or reboot
>
>
> The only options available is to wait for a terminal tu open, su to root
> (not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an
> insane amount of time.
>
>
> What i'm doing wrong? How can i debug this?!
>
>
> I restate:
>
> /etc/samba/smb.conf
> [global]
> client min protocol = NT1
> disable spoolss = Yes
> load printers = No
> log file = /var/log/samba/log.%m
> map to guest = Bad User
> panic action = /usr/share/samba/panic-action %d
> printcap name = /dev/null
> realm = AD.FVG.LNF.IT
> security = ADS
> syslog = 0
> username map = /etc/samba/user.map
> usershare max shares = 0
> winbind offline logon = Yes
> winbind use default domain = Yes
> workgroup = LNFFVG
> idmap config lnffvg : unix_primary_group = yes
> idmap config lnffvg : unix_nss_info = yes
> idmap config lnffvg : schema_mode = rfc2307
> idmap config lnffvg : range = 10000-49999
> idmap config lnffvg : backend = ad
> idmap config * : range = 5000-9999
> idmap config * : backend = tdb
> printing = bsd
>
> /etc/security/pam_winbind.conf
> [global]
> cached_login = yes
>
> /etc/krb5.conf
> [libdefaults]
> default_realm = AD.FVG.LNF.IT
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
> fcc-mit-ticketflags = true
>
> /etc/nsswitch.conf
> passwd: compat winbind
> group: compat winbind
> shadow: files
> gshadow: files
> hosts: files mdns4_minimal [NOTFOUND=return] dns
> networks: files
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
> netgroup: nis
>
>
> Thanks.
>
More information about the samba
mailing list