Try changing the location of the kerberos cached files.. 
This: FILE:/tmp/krb5cc_21046 
/tmp is emptied after a reboot, to yeah, logical you cant login.. 
And beware, some also have /var/tmp linked to /tmp.
So, create a custom folder point it to that. 
login, reboot retry. 
;-) 
Good luck.. 
Greetz, 
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Piviul via
samba
> Verzonden: woensdag 20 januari 2021 9:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] winbind offline logon
> 
> Reading this[?] samba wiki and applying it, offline authentication seems
> to work but on the real world doesn't work at all... let me explain. If
> I put winbind offline using smbcontrol, offline authentication works
> flowlessy:
> 
> > $ wbinfo -K <domain>\\<username>
> > Enter <domain>\<username>'s password:
> > plaintext kerberos password authentication for
[<domain>\<username>]
> > succeeded (requesting cctype: FILE)
> > credentials were put in: FILE:/tmp/krb5cc_21046
> > $ sudo smbcontrol winbind offline
> > $ wbinfo -K <domain>\\<username>
> > Enter <domain>\<username>'s password:
> > plaintext kerberos password authentication for
[<domain>\<username>]
> > succeeded (requesting cctype: FILE)
> > user_flgs: NETLOGON_CACHED_ACCOUNT
> > credentials were put in: FILE:/tmp/krb5cc_21046
> 
> But offline authentication should work when the PC can't connect to the
> AD. So I have disconnected the PC from the LAN and all seems to work:
> 
> > $ wbinfo -K <domain>\\<username>
> > Enter <domain>\<username>'s password:
> > plaintext kerberos password authentication for
[<domain>\<username>]
> > succeeded (requesting cctype: FILE)
> > user_flgs: NETLOGON_CACHED_ACCOUNT
> > credentials were put in: FILE:/tmp/krb5cc_21046
> 
> 
> But if I restart the PC without the LAN cable:
> 
> > $ wbinfo -K <domain>\\<username>
> > Enter <domain>\<username>'s password:
> > plaintext kerberos password authentication for
[<domain>\<username>]
> > failed (requesting cctype: FILE)
> > wbcLogonUser(DOMINIOCSA\psala): error code was NT_STATUS_NO_SUCH_USER
> > (0xc0000064)
> > error message was: The specified account does not exist.
> > Could not authenticate user [<domain>\<username>] with
Kerberos
> > (ccache: FILE)
> > $ getent passwd <domain>\\<username>
> > <domain>\\<username>:*:21046:10513:User
> > Name:/home/domain/username:/bin/bash
> So the account seems to exixts (getent passwd seems to work correctly)
> but cached login doesn't...
> 
> Someone can help me to troubleshoot this problem?
> 
> Piviul
> 
> [?] https://wiki.samba.org/index.php/PAM_Offline_Authentication
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba