On 31/05/2023 08:54, Marco Gaiarin via samba wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > >> Is there anyway that Ubuntu can stop destroying the users kerberos >> ticket in /tmp at logout ? >> I am fairly sure it is required for winbind offline logon. > > ...the strange thing is that i'm not forced to logoff to trigger the > problem: as just stated, it suffices to: > > 1) logon (connected) > 2) shut off the wireless (so, disconnected) > 3) open a terminal, took 5 minute to present the bash shell prompt with > an 'unknown user' prompt. > > I'm looking at a way to move kerberos ticket file out from /tmp, but still > does not seem that. >I was forced to stop at the point where I discovered that the users ticket disappeared from /tmp Coming back to it this morning, I discovered that the ticket disappearing is a red herring, winbind offline logon is working without the ticket. Your problem isn't that winbind offline logon isn't working, it is something else instead. There is a big clue in the name 'winbind offline logon', it is a process that allows 'winbind' when 'offline' to authenticate users and allow them to 'logon' Is it possible that something in your setup is trying to connect (and authenticate) to something external ? Rowland
Kees van Vloten
2023-May-31 09:05 UTC
[Samba] PAM Offline Authentication in Ubuntu 22.04...
Op 31-05-2023 om 10:28 schreef Rowland Penny via samba:> > > On 31/05/2023 08:54, Marco Gaiarin via samba wrote: >> Mandi! Rowland Penny via samba >> ?? In chel di` si favelave... >> >>> Is there anyway that Ubuntu can stop destroying the users kerberos >>> ticket in /tmp at logout ? >>> I am fairly sure it is required for winbind offline logon. >> >> ...the strange thing is that i'm not forced to logoff to trigger the >> problem: as just stated, it suffices to: >> >> 1) logon (connected) >> 2) shut off the wireless (so, disconnected) >> 3) open a terminal, took 5 minute to present the bash shell prompt with >> ??? an 'unknown user' prompt. >> >> I'm looking at a way to move kerberos ticket file out from /tmp, but >> still >> does not seem that. >> > > I was forced to stop at the point where I discovered that the users > ticket disappeared from /tmp > > Coming back to it this morning, I discovered that the ticket > disappearing is a red herring, winbind offline logon is working > without the ticket. > > Your problem isn't that winbind offline logon isn't working, it is > something else instead. > > There is a big clue in the name 'winbind offline logon', it is a > process that allows 'winbind' when 'offline' to authenticate users and > allow them to 'logon' > > Is it possible that something in your setup is trying to connect (and > authenticate) to something external ? > > Rowland >If I remember it correctly the issue I had was related to winbind_nss no responding when offline / disconnected, so indeed not related to kerberos. - Kees.