[Samba] winbind offline logon

bd730c5053df9efb bd730c5053df9efb at proton.me
Wed Jan 10 10:26:32 UTC 2024


Hi all!

On Monday, January 8th, 2024 at 08:23, Rowland Penny via samba <samba at lists.samba.org> wrote:


> On Sun, 7 Jan 2024 15:00:27 +0100
> Marco Gaiarin via samba samba at lists.samba.org wrote:
> 
> > Mandi! bd730c5053df9efb via samba
> > In chel di` si favelave...
> > 
> > > idmap config smadom:schema_mode = rfc2307
> > 
> > Sorry but is a bug of RFC2307:
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=15405
> 
> 
> Sorry, but allowing for bug 14618, it works for myself.
> 
> https://bugzilla.samba.org/show_bug.cgi?id=14618
> 
> On a Unix domain member using the 'rid' backend, I get this:
> 
> adminuser at testdm12:~$ getent passwd rowland
> rowland::11104:10513:Rowland Penny:/home/rowland:/bin/bash
> 
> The user 'rowland' can logon, but if the user logs out and the network
> is disconnected, the user cannot logon until:
> 
> A) the network is reconnected.
> B) 'lock directory = /var/cache/samba' is added to smb.conf and Samba
> is restarted.
> C) the user 'rowland' logs on at least once with the network connected.
> 
> At this point, if the user logs out and the network is disconnected,
> the user can still logon.
> 
> This to myself proves that offline logon works with the 'rid' backend.
> 
> If I now change the rid' backend to the 'ad' backend:
> 
> Change:
> 
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-999999
> 
> To:
> 
> idmap config SAMDOM : backend = ad
> idmap config SAMDOM : range = 10000-999999
> idmap config SAMDOM : schema_mode = rfc2307
> 
> Give rowland the uidNumber 10000 and Domain Users the gidNumber 10000
> and restart Samba on the Unix domain member:
> 
> adminuser at testdm12:~$ sudo systemctl restart winbind smbd
> adminuser at testdm12:~$ sudo net cache flush
> adminuser at testdm12:~$ getent passwd rowland
> rowland::10000:10000:Rowland Penny:/home/rowland:/bin/bash
> 
> When I then tried to log on as 'rowland', I was denied, but changing
> the ownership of /home/rowland cured this:
> 
> adminuser at testdm12:~$ sudo chown 10000:10000 -R /home/rowland
> 
> I could then log on.
> 
> I logged out, disconnected the network and tried again, I logged in
> straight away.
> 
> This looks like logging in using the 'ad' backend works as well.
I tried switching from ad to rid backend in my testing debian environment and it work as I have expected from the beginning. I will try this in my production notebook using slackware and report back.

> 
> Rowland
> 
> 
> 
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

Best regards,
Dave.




More information about the samba mailing list