(Sorry for delay - hols) On Fri, 2019-10-25 at 09:24 -0700, Jeremy Allison wrote:> On Thu, Oct 24, 2019 at 11:33:40PM +0000, Jon Gerdes via samba wrote:> I haven't depended on a AD-DC for my network logons for > many years I'm afraid, so I've not had to depend on this :-).Fair enough and I'd rather not either but this is my last outstanding issue before Linux on the desktop takes over the world *cough*. Actually desktop is fine, it's laptops that give me gyp!> I still don't understand why having winbind probe for > network connectivity (DNS lookup) every 30 seconds once > it loses connectivity to the DC is the wrong thing to > do ?I found the winbind reconnect delay = n parameter a while back and have it set to 5. I also have offline logins enabled and I don't think that is working as I think it should * Lift lid on laptop - it wakes up or whatever * Can't unlock screen at ssdm prompt * Switch to a console with a root prompt running already * "id gerdesj" outputs user unknown (also wbinfo -u doesn't know me) * smbcontrol winbind offline and then online - no change * systemctl restart winbind - id gerdesj works and off we trot If I leave the box for ages (not precisely defined but more than a minute) then everything will start working again. My home wifi reconnects in a second or so. I would expect that if AD was unavailable then the offline login stuff would kick in instead as per a Windows box. If I force winbind to offline via smbcontrol, should I be able to login if offline logins are enabled in smb.conf (winbind offline logon = yes)? I am probably missing something fundamental here, somewhere. Cheers Jon
Mandi! Jon Gerdes via samba In chel di` si favelave...> I am probably missing something fundamental here, somewhere.Only to say, another time, that i suffer the same 'feeling', not for a laptop but for a domain member that hold user services (SMTP, IMAP, ...). EG, in 'some circumstances' (for me: when i reboot the DC where that particular DM seems connected to) the NSS part of winbind reply 'user not found'; i need to: - restart winbind on the DM, or - wait 'some time' (2-5 minutes) to get it back. Seems exactly your behaviour, Jon. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
On Tue, 2019-11-12 at 18:09 +0100, Marco Gaiarin wrote:> Mandi! Jon Gerdes via samba > In chel di` si favelave... > > > I am probably missing something fundamental here, somewhere. > > Only to say, another time, that i suffer the same 'feeling', not for > a > laptop but for a domain member that hold user services (SMTP, IMAP, > ...). > > EG, in 'some circumstances' (for me: when i reboot the DC where that > particular DM seems connected to) the NSS part of winbind reply 'user > not found'; i need to: > > - restart winbind on the DM, or > - wait 'some time' (2-5 minutes) > > to get it back. > > > Seems exactly your behaviour, Jon. >That does sound the same as my case. I'm going to do some more experimentation. wbinfo queries winbind directly, bypassing NSS which should help point point where it is failing. I'm also going to look into mitigating it with hooks in Network Manager/systemd which "knows" what connections are up and running. Restarting winbind on a laptop is quick and wont disturb anyone else. Cheers Jon