On Mon, 18 Dec 2017 15:51:47 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> > > I've seen: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > I've tried to enable offline logon, and seems to work as expected. > > I've only found a little strange thing, i think related to the fact > that in my DM i've set 'winbind use default domain = yes'. > > > Folowing the wiki, i've enabled offline logon and then done: > > ['smbcontrol winbind online' > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) credentials were put in: > FILE:/tmp/krb5cc_0 > > ['smbcontrol winbind offline'] > root at vdmsv1:~# wbinfo -K LNFFVG\\gaio > Enter LNFFVG\gaio's password: > plaintext kerberos password authentication for [LNFFVG\gaio] > succeeded (requesting cctype: FILE) user_flgs: NETLOGON_CACHED_ACCOUNT > credentials were put in: FILE:/tmp/krb5cc_0 > > Goot. But still in 'smbcontrol winbind offline' i've done also a: > > root at vdmsv1:~# wbinfo -K gaio > Enter gaio's password: > plaintext kerberos password authentication for [gaio] succeeded > (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 > > and there's no 'user_flgs'. Boh... >If you have the 'winbind use default domain = yes', winbind strips off the domain name, so 'LNFFVG\\gaio' becomes 'gaio', or to put it another way, you do not need to use the domain name with 'getent passwd' etc Rowland
Mandi! Rowland Penny via samba In chel di` si favelave...> If you have the 'winbind use default domain = yes', winbind strips off > the domain name, so 'LNFFVG\\gaio' becomes 'gaio', or to put it another > way, you do not need to use the domain name with 'getent passwd' etcI know that. I've simply maked a note about the fact that 'wbinfo -K LNFFVG\\gaio' print the offline flags: user_flgs: NETLOGON_CACHED_ACCOUNT while 'wbinfo -K gaio' no. (but both auth correctly my user, also with 'smbcontrol winbind offline'). -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
So you discovert a minor bug in wbinfo..>> https://bugzilla.samba.org/ ;-)Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: maandag 18 december 2017 16:47 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] DM and ''offline'' PAM (and NSS?)... > > Mandi! Rowland Penny via samba > In chel di` si favelave... > > > If you have the 'winbind use default domain = yes', winbind > strips off > > the domain name, so 'LNFFVG\\gaio' becomes 'gaio', or to > put it another > > way, you do not need to use the domain name with 'getent passwd' etc > > I know that. I've simply maked a note about the fact that 'wbinfo -K > LNFFVG\\gaio' print the offline flags: > > user_flgs: NETLOGON_CACHED_ACCOUNT > > while 'wbinfo -K gaio' no. > > > (but both auth correctly my user, also with 'smbcontrol > winbind offline'). > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bontà, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> So you discovert a minor bug in wbinfo..Cool! Bug filled: https://bugzilla.samba.org/show_bug.cgi?id=13196 -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)