Kees van Vloten
2023-May-26 17:55 UTC
[Samba] PAM Offline Authentication in Ubuntu 22.04...
On 26-05-2023 17:37, Marco Gaiarin via samba wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > Sorry for the late answer. > > >> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works >> for myself. > Exactly the same, but on a real hardware.To me it looks identical to this https://lists.samba.org/archive/samba/2021-July/236850.html Unfortunately that thread never came to a solution.> > >> Had the user 'gaio' logged in previously, it will not work if the user >> hasn't logged in at least once before the network has disconnected. > Sure! I've tried everytime a logon before disconnecting the network, also > with different account, same result. > > >> It is always worth upgrading Samba if possible and easy, but as I say, >> it works for myself. > Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works > exactly as before, i try to explain: > > 1) boot; the PC had wireless on and connect automatically > > 2) login with AD account, OK. > > 3) i shut off the wireless. > > 4) machine became totally irresponsive: > - a terminal open in 2 minutes > - i cannot re-enable wireless > - i cannot logoff or reboot > > > The only options available is to wait for a terminal tu open, su to root > (not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an > insane amount of time. > > > What i'm doing wrong? How can i debug this?! > > > I restate: > > /etc/samba/smb.conf > [global] > client min protocol = NT1 > disable spoolss = Yes > load printers = No > log file = /var/log/samba/log.%m > map to guest = Bad User > panic action = /usr/share/samba/panic-action %d > printcap name = /dev/null > realm = AD.FVG.LNF.IT > security = ADS > syslog = 0 > username map = /etc/samba/user.map > usershare max shares = 0 > winbind offline logon = Yes > winbind use default domain = Yes > workgroup = LNFFVG > idmap config lnffvg : unix_primary_group = yes > idmap config lnffvg : unix_nss_info = yes > idmap config lnffvg : schema_mode = rfc2307 > idmap config lnffvg : range = 10000-49999 > idmap config lnffvg : backend = ad > idmap config * : range = 5000-9999 > idmap config * : backend = tdb > printing = bsd > > /etc/security/pam_winbind.conf > [global] > cached_login = yes > > /etc/krb5.conf > [libdefaults] > default_realm = AD.FVG.LNF.IT > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > fcc-mit-ticketflags = true > > /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > shadow: files > gshadow: files > hosts: files mdns4_minimal [NOTFOUND=return] dns > networks: files > protocols: db files > services: db files > ethers: db files > rpc: db files > netgroup: nis > > > Thanks. >
On 26/05/2023 18:55, Kees van Vloten via samba wrote:> > On 26-05-2023 17:37, Marco Gaiarin via samba wrote: >> Mandi! Rowland Penny via samba >> ?? In chel di` si favelave... >> >> Sorry for the late answer. >> >> >>> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works >>> for myself. >> Exactly the same, but on a real hardware. > > To me it looks identical to this > https://lists.samba.org/archive/samba/2021-July/236850.html > > Unfortunately that thread never came to a solution.The latest version of this wiki page works for myself: https://wiki.samba.org/index.php/PAM_Offline_Authentication It is based on my tests. I have Ubuntu 22.04 running in an Oracle VM, this has been running for the last 4 days and is disconnected from the network. Every so often, I attempt to login as a domain user and so far it works, without any delays. As I said, lightdm flashes up a message during the logon, but it goes past very fast, so fast that I cannot read it and I cannot find it logged anywhere. From this, I feel that I can say that winbind offline logon is working. Rowland
Mandi! Kees van Vloten via samba In chel di` si favelave...> To me it looks identical to this > https://lists.samba.org/archive/samba/2021-July/236850.htmlYes, seems the same...> Unfortunately that thread never came to a solution.;-( Rowland, can you post your config files on detail? -- Firma il contratto, non farti pregare se vuoi far parte delle persone serie (E. Bennato)
Reasonably Related Threads
- PAM Offline Authentication in Ubuntu 22.04...
- PAM Offline Authentication in Ubuntu 22.04...
- PAM Offline Authentication in Ubuntu 22.04...
- Using Linux domain member machine account for WPA-Enterprise authentication
- PAM Offline Authentication in Ubuntu 22.04...