[Samba] PAM Offline Authentication in Ubuntu 22.04...

Kees van Vloten keesvanvloten at gmail.com
Fri May 26 17:55:21 UTC 2023 

On 26-05-2023 17:37, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
>    In chel di` si favelave...
>
> Sorry for the late answer.
>
>
>> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works
>> for myself.
> Exactly the same, but on a real hardware.

To me it looks identical to this 
https://lists.samba.org/archive/samba/2021-July/236850.html

Unfortunately that thread never came to a solution.

>
>
>> Had the user 'gaio' logged in previously, it will not work if the user
>> hasn't logged in at least once before the network has disconnected.
> Sure! I've tried everytime a logon before disconnecting the network, also
> with different account, same result.
>
>
>> It is always worth upgrading Samba if possible and easy, but as I say,
>> it works for myself.
> Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works
> exactly as before, i try to explain:
>
> 1) boot; the PC had wireless on and connect automatically
>
> 2) login with AD account, OK.
>
> 3) i shut off the wireless.
>
> 4) machine became totally irresponsive:
>   - a terminal open in 2 minutes
>   - i cannot re-enable wireless
>   - i cannot logoff or reboot
>
>
> The only options available is to wait for a terminal tu open, su to root
> (not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an
> insane amount of time.
>
>
> What i'm doing wrong? How can i debug this?!
>
>
> I restate:
>
> /etc/samba/smb.conf
>   [global]
> 	client min protocol = NT1
> 	disable spoolss = Yes
> 	load printers = No
> 	log file = /var/log/samba/log.%m
> 	map to guest = Bad User
> 	panic action = /usr/share/samba/panic-action %d
> 	printcap name = /dev/null
> 	realm = AD.FVG.LNF.IT
> 	security = ADS
> 	syslog = 0
> 	username map = /etc/samba/user.map
> 	usershare max shares = 0
> 	winbind offline logon = Yes
> 	winbind use default domain = Yes
> 	workgroup = LNFFVG
> 	idmap config lnffvg : unix_primary_group = yes
> 	idmap config lnffvg : unix_nss_info = yes
> 	idmap config lnffvg : schema_mode = rfc2307
> 	idmap config lnffvg : range = 10000-49999
> 	idmap config lnffvg : backend = ad
> 	idmap config * : range = 5000-9999
> 	idmap config * : backend = tdb
> 	printing = bsd
>
> /etc/security/pam_winbind.conf
>   [global]
>   	cached_login = yes
>
> /etc/krb5.conf
>   [libdefaults]
> 	default_realm = AD.FVG.LNF.IT
> 	kdc_timesync = 1
> 	ccache_type = 4
> 	forwardable = true
> 	proxiable = true
> 	fcc-mit-ticketflags = true
>
> /etc/nsswitch.conf
>   passwd:         compat winbind
>   group:          compat winbind
>   shadow:         files
>   gshadow:        files
>   hosts:          files mdns4_minimal [NOTFOUND=return] dns
>   networks:       files
>   protocols:      db files
>   services:       db files
>   ethers:         db files
>   rpc:            db files
>   netgroup:       nis
>
>
> Thanks.
>

More information about the samba mailing list