On 21/01/2021 15:34, Piviul via samba wrote:> Il 21/01/21 16:05, Rowland penny via samba ha scritto: >> OK, can you try this (tested on Debian Buster with Samba 4.12.9): >> >> As root, create a directory >> >> mkdir /temp >> >> Alter /etc/krb5.conf to match this: >> >> [libdefaults] >> ??????? default_realm = SAMDOM.EXAMPLE.COM >> ??????? dns_lookup_realm = false >> ??????? dns_lookup_kdc = true >> >> [appdefaults] >> ??????? ccache = krb5cc_%u >> ??????? ccache_dir = FILE:/temp >> >> Replace 'SAMDOM.EXAMPLE.COM' with your realm. >> >> Alter /etc/pam.d/common-auth >> >> Change: >> >> auth??? [success=3 default=ignore]????? pam_krb5.so minimum_uid=10000 >> auth??? [success=2 default=ignore]????? pam_unix.so nullok_secure >> try_first_pass >> auth??? [success=1 default=ignore]????? pam_winbind.so krb5_auth >> krb5_ccache_type=FILE cached_login try_first_pass >> >> To: >> >> auth??? [success=3 default=ignore]????? pam_winbind.so krb5_auth >> krb5_ccache_type=FILE:/temp/krb5cc_%u cached_login try_first_pass >> auth??? [success=2 default=ignore]????? pam_krb5.so minimum_uid=1000 >> auth??? [success=1 default=ignore]????? pam_unix.so nullok_secure >> try_first_pass >> >> Now log out and log in as a domain user, you should now find a >> kerberos ticket in temp. >> >> Log out again and disconnect from network, then log in again as the >> user. > > Yes, I can confirm that works even on debian with samba 4.13.3... but > have you tried to reboot the machine? On my debian if I reboot, the > cache file disappears from /temp e cached login doesn't work :( > > Piviul > >I was sure I had rebooted, but when I did reboot again (to be certain), the cache disappeared. There is 'retain_after_close = true' which stops the ccache being removed, but now winbind doesn't seem to want to work offline ? Rowland
Il 21/01/21 18:32, Rowland penny via samba ha scritto:> I was sure I had rebooted, but when I did reboot again (to be > certain), the cache disappeared. There is 'retain_after_close = true' > which stops the ccache being removed, but now winbind doesn't seem to > want to work offline ?but who remove the cache? If I stop winbind or smbd the cache is ever there... furthermore why wbinfo -K continue to save the cache in /tmp? :( Piviul
I would start with..> why wbinfo -K continue to save the cache in /tmp?krb5.conf and KRB5CCNAME is where you need to look into. also /tmp is a ramdisk in most systems these days. Check if /tmp is running on tmpfs I dont have system acces when typing this but, this might help. systemctl status tmpfs What we did simular here for a 28GB database.. It's running fully on ramdisk, but on reboot we trigger script that copies the data to real disk. on boot we copy the data back to ramdisk. Reading this might help to get what you need, https://www.freedesktop.org/software/systemd/man/tmpfiles.d.html#D greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Piviul via samba > Verzonden: vrijdag 22 januari 2021 9:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] winbind offline logon > > Il 21/01/21 18:32, Rowland penny via samba ha scritto: > > I was sure I had rebooted, but when I did reboot again (to be > > certain), the cache disappeared. There is 'retain_after_close = true' > > which stops the ccache being removed, but now winbind doesn't seem to > > want to work offline ???? > > but who remove the cache? If I stop winbind or smbd the cache is ever > there... furthermore why wbinfo -K continue to save the cache in /tmp? > > :( > > Piviul > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba