[Samba] winbind offline logon
bd730c5053df9efb
bd730c5053df9efb at proton.me
Wed Jan 10 10:26:32 UTC 2024
Hi all!
On Monday, January 8th, 2024 at 08:23, Rowland Penny via samba <samba at lists.samba.org> wrote:
> On Sun, 7 Jan 2024 15:00:27 +0100
> Marco Gaiarin via samba samba at lists.samba.org wrote:
>
> > Mandi! bd730c5053df9efb via samba
> > In chel di` si favelave...
> >
> > > idmap config smadom:schema_mode = rfc2307
> >
> > Sorry but is a bug of RFC2307:
> >
> > https://bugzilla.samba.org/show_bug.cgi?id=15405
>
>
> Sorry, but allowing for bug 14618, it works for myself.
>
> https://bugzilla.samba.org/show_bug.cgi?id=14618
>
> On a Unix domain member using the 'rid' backend, I get this:
>
> adminuser at testdm12:~$ getent passwd rowland
> rowland::11104:10513:Rowland Penny:/home/rowland:/bin/bash
>
> The user 'rowland' can logon, but if the user logs out and the network
> is disconnected, the user cannot logon until:
>
> A) the network is reconnected.
> B) 'lock directory = /var/cache/samba' is added to smb.conf and Samba
> is restarted.
> C) the user 'rowland' logs on at least once with the network connected.
>
> At this point, if the user logs out and the network is disconnected,
> the user can still logon.
>
> This to myself proves that offline logon works with the 'rid' backend.
>
> If I now change the rid' backend to the 'ad' backend:
>
> Change:
>
> idmap config SAMDOM : backend = rid
> idmap config SAMDOM : range = 10000-999999
>
> To:
>
> idmap config SAMDOM : backend = ad
> idmap config SAMDOM : range = 10000-999999
> idmap config SAMDOM : schema_mode = rfc2307
>
> Give rowland the uidNumber 10000 and Domain Users the gidNumber 10000
> and restart Samba on the Unix domain member:
>
> adminuser at testdm12:~$ sudo systemctl restart winbind smbd
> adminuser at testdm12:~$ sudo net cache flush
> adminuser at testdm12:~$ getent passwd rowland
> rowland::10000:10000:Rowland Penny:/home/rowland:/bin/bash
>
> When I then tried to log on as 'rowland', I was denied, but changing
> the ownership of /home/rowland cured this:
>
> adminuser at testdm12:~$ sudo chown 10000:10000 -R /home/rowland
>
> I could then log on.
>
> I logged out, disconnected the network and tried again, I logged in
> straight away.
>
> This looks like logging in using the 'ad' backend works as well.
I tried switching from ad to rid backend in my testing debian environment and it work as I have expected from the beginning. I will try this in my production notebook using slackware and report back.
>
> Rowland
>
>
>
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Best regards,
Dave.
More information about the samba
mailing list