[Samba] pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication

John R. Graham john at graham-family.org
Wed Nov 27 18:20:46 UTC 2024


On 11/27/24 12:38, Rowland Penny via samba wrote:
>> Hmm, PAM on Gentoo appears to be very different to Debian. For
>> instance on Debian, to include lines from another file you use
>> '@include' and it includes the entire contents of the file, Gentoo
>> appears to just include the lines referred to in the first column,
>> which, if correct, means that your PAM stack for sshd is this:
>> ...
You've interpreted it correctly. Incidentally, that "module_name 
include" syntax has been part of PAM since at least 2010 (which is the 
date on the latest PAM Administrators' Guide). I surmise that the 
@include syntax is older--and now deprecated, as it isn't described in 
the guide. But, momentum, I guess.
>>
>> Can I suggest an idea, install Debian bookworm in a VM, use Samba from
>> backports and then after you get it working, you can compare a working
>> Unix domain member with your nearly working Gentoo one.
Let me study what you've provided first and, if I can't get it working, 
I'll try your suggestion before I write back.Thank you so much for 
taking the time to synthesize that.

- John


More information about the samba mailing list