I'm revising some docs, and i've returned on the 'offline logon'
tema.
Looking at:
https://wiki.samba.org/index.php/PAM_Offline_Authentication
and smb.conf manpage, it is clear that 'offline logon' is
a pam/authentication only, does not involve NSS.
Considering a 'full offline' DM client (supposing a portable),
there's
a 'winbind permanent nss cache' or a general nss cache (like
nss-updatedb):
https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd
have to be used? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
http://www.lanostrafamiglia.it/
Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On 17/10/2019 09:35, Marco Gaiarin via samba wrote:> I'm revising some docs, and i've returned on the 'offline logon' tema. > > Looking at: > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > and smb.conf manpage, it is clear that 'offline logon' is > a pam/authentication only, does not involve NSS. > > > Considering a 'full offline' DM client (supposing a portable), there's > a 'winbind permanent nss cache' or a general nss cache (like > nss-updatedb): > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. >No, you cannot use winbind with nscd, winbind has its own cache. Rowland
Mandi! Rowland penny via samba In chel di` si favelave...> > Considering a 'full offline' DM client (supposing a portable), there's > > a 'winbind permanent nss cache' or a general nss cache (like > > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > No, you cannot use winbind with nscd, winbind has its own cache.Ah! Citing links without opening it... evidently Debian wiki page get changed. I was speaking about nss-updatedb, sorry. https://www.padl.com/OSS/nss_updatedb.html Anyway... i know about winbind cache, but i suppose is non-permanent (eg, if i shutdown the system, cache get lost). There's some way to have 'permanend winbind cache', or someone have some positive feedback about winbind/permament offline cache systems like nss_updatedb? Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Hai Marco, But a quick peek at this tells me it should be possible and you need these packages for a "full offline setup" or, a combination of these. These packages need to be installed and all need to be configured: libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser libnss-winbind libpam-winbind I suggest first look at : https://packages.debian.org/buster/libpam-mklocaluser that might help. I think, if you check these all out, you get it working, but its a combination of the above packages. Your smart enough for that. ;-) Sorry i dont have more, but my focus is on the builder atm. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: donderdag 17 oktober 2019 10:36 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Offline logon and NSS... > > > I'm revising some docs, and i've returned on the 'offline logon' tema. > > Looking at: > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > and smb.conf manpage, it is clear that 'offline logon' is > a pam/authentication only, does not involve NSS. > > > Considering a 'full offline' DM client (supposing a portable), there's > a 'winbind permanent nss cache' or a general nss cache (like > nss-updatedb): > > https://wiki.debian.org/LDAP/NSS#Offline_caching_of_NSS_with_nscd > > have to be used? Thanks. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bont?, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On 17/10/2019 10:35, L.P.H. van Belle via samba wrote:> Hai Marco, > > > But a quick peek at this tells me it should be possible > and you need these packages for a "full offline setup" or, a combination of these. > > These packages need to be installed and all need to be configured: > libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser libnss-winbind libpam-winbind > > I suggest first look at : https://packages.debian.org/buster/libpam-mklocaluser that might help. > > I think, if you check these all out, you get it working, but its a combination of the above packages. > Your smart enough for that. ;-)ER, that is aimed squarely at NT4-style domains that require local Unix users, something you cannot have on a Unix domain member. Rowland