[Samba] pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication
Rowland Penny
rpenny at samba.org
Mon Dec 2 14:40:37 UTC 2024
On Mon, 2 Dec 2024 08:09:47 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> On 12/2/24 04:03, Rowland Penny via samba wrote:
> > I think that what is happening here is that Samba is caching the
> > username, uidNumber & gidNumber, but none of the other rfc2307
> > attributes, so when the network is disconnected, the 'missing'
> > rfc2307 attributes cannot be found, even though winbind tries, so
> > it just 'hangs'.
>
> But there would be nothing untoward about adding a few more RFC2307
> attributes to what winbindd caches (specifically those that would
> give nss_winbind all the information necessary to construct a full
> passwd line), would there? Would the Samba team be receptive to such
> a patch?
>
> - John
First, I think this may be the problem, I haven't checked the code, so
this would need to be examined to see if it really is the problem. If
it is the case that not all the rfc2307 attributes are not being
cached, then there may be a reason why not.
Samba is receptive to patches, provided they are valid and deal with a
need and do not break other things. So, by all means, try to fix
things, test your fixes and then open a MR here:
https://gitlab.com/samba-team/samba
Rowland
More information about the samba
mailing list