[Samba] PAM Offline Authentication in Ubuntu 22.04...
Kees van Vloten
keesvanvloten at gmail.com
Wed May 31 09:05:10 UTC 2023
Op 31-05-2023 om 10:28 schreef Rowland Penny via samba:
>
>
> On 31/05/2023 08:54, Marco Gaiarin via samba wrote:
>> Mandi! Rowland Penny via samba
>> In chel di` si favelave...
>>
>>> Is there anyway that Ubuntu can stop destroying the users kerberos
>>> ticket in /tmp at logout ?
>>> I am fairly sure it is required for winbind offline logon.
>>
>> ...the strange thing is that i'm not forced to logoff to trigger the
>> problem: as just stated, it suffices to:
>>
>> 1) logon (connected)
>> 2) shut off the wireless (so, disconnected)
>> 3) open a terminal, took 5 minute to present the bash shell prompt with
>> an 'unknown user' prompt.
>>
>> I'm looking at a way to move kerberos ticket file out from /tmp, but
>> still
>> does not seem that.
>>
>
> I was forced to stop at the point where I discovered that the users
> ticket disappeared from /tmp
>
> Coming back to it this morning, I discovered that the ticket
> disappearing is a red herring, winbind offline logon is working
> without the ticket.
>
> Your problem isn't that winbind offline logon isn't working, it is
> something else instead.
>
> There is a big clue in the name 'winbind offline logon', it is a
> process that allows 'winbind' when 'offline' to authenticate users and
> allow them to 'logon'
>
> Is it possible that something in your setup is trying to connect (and
> authenticate) to something external ?
>
> Rowland
>
If I remember it correctly the issue I had was related to winbind_nss no
responding when offline / disconnected, so indeed not related to kerberos.
- Kees.
More information about the samba
mailing list