[Samba] Working through the PAM Offline Authentication Wiki page, but...
John R. Graham
john at graham-family.org
Mon Nov 25 14:57:06 UTC 2024
On 11/19/24 12:56, Rowland Penny via samba wrote:
> At a guess, your PAM stack is incorrect, it doesn't seem to be using
> winbind, I would expect to see lines like this:
>
> 2024-11-19T17:48:38.678440+00:00 devstation sshd[9437]: pam_winbind(sshd:auth): getting password (0x00000388)
>
> Rowland
Yes, that was it. Thank you! That was a deeper rabbit hole than I had
anticipated, requiring learning YASMCL (Yet Another State Machine
Configuration Language). I have a PAM configuration working except for a
few corner cases and a few puzzling things. The first of the latter is
that bringing the winbind daemon offline with
smbcontrol winbind offline
doesn't appear do do anything. Commands like
wbinfo --ping-dc
still show the DC as reachable. I ended up doing my testing with an
unplugged network cable but encountered some rather long network
timeouts as a result, by which I conclude that an explicit offline state
is beneficial.
- John
More information about the samba
mailing list