Hi,
I have a question about Winbinds offline logon capabilities.
We are working on integration of laptops with winbind in to our Linux
Workstation Managment System, but have some difficulties to verify the desired
functionality. For that we are running the latest samba (currently 3.0.25rc1) .
Authentication is setup against Windows AD 2003 with R2 extensions (rfc2703bis)
.
Smb.conf:
[global]
workgroup = MY
realm = MY.DOMAIN.COM
security = ADS
auth methods = winbind
password server = dc11.my.domain.com dc12.my.domain.com *
name resolve order = host
socket options = SO_REUSEADDR TCP_NODELAY
os level = 0
preferred master = No
socket address = 10.41.24.141
idmap domains = MY
template homedir = /home/%u
winbind cache time = 600
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config MY:readonly = yes
idmap config MY:default = yes
idmap config MY:range = 300 - 300000000
idmap config MY:backend = ad
include = /env/samba/lib/smb.include.shares
It seems to work OK when connected to the network, but when disconnected it gets
out of order. When I pull the network plug and log out I cannot log with ssh as
my personal user. I get (after a while) a notification that login is done witch
cached credentials but the login fails. When I attempt to login again I am
immediatley returned to the login prompt. Looking at the log it seems that the
user is autheticated but the account is not found. The behaviour is similar if I
log out and attempt a gui login.
The SID for my user seems to be retrieved OK, but winbind cannot retrieve user
info for the sid. Eventually winbindd core dumps.
Winbind seems to have some trouble locating the unreachable DC:s .
My questions are:
What level of offline functionality is expected with winbind ? What is working
and what is not ? Are there any additional requirements to be fullfilled in
addition to get it working while connected ?
Can I expect this setup to work, i.e. (winbind + ad) pull the network cable and
be able to login with cached credentials ? I suppose that this is similar to
doing a reboot and attempt an offline login, haven't got this working
either.
When I connect the network cable again it seems that winbind does not catch up
immediatley. On some occations the functionality is restored after several
minutes , on other I have to restart the service to be able to login again.
I think Novel has this working for SLED 10 , but I have not been able to verify
it on my laptop. I think they are running an older samba.
/Anders
_________________________________________________________________________________
Anders Strandberg, TietoEnator Processing & Network AB
E-mail: Anders.Strandberg@tietoenator.com | Voice: +46 920 452 037
Internet: http://www.tietoenator.com/ | Fax: +46 920 452 906
Laboratoriegr?nd 11, Box 50006, S-973 21 Lule?, Sweden | Mobile: +46 70 345
3285