Mandi! Rowland Penny via samba
In chel di` si favelave...
> I would undo that, it appears to be wrong.
OK, i've undo also i.
> I have tested this on a Ubuntu 22.04 computer and it works, so I have
> updated the wiki page:
> https://wiki.samba.org/index.php/PAM_Offline_Authentication
Apparently works as expected:
root at dane:~# wbinfo -K gaio
Enter gaio's password:
plaintext kerberos password authentication for [gaio] succeeded (requesting
cctype: FILE)
credentials were put in: FILE:/tmp/krb5cc_0
root at dane:~# smbcontrol winbind offline
root at dane:~# wbinfo -K gaio
Enter gaio's password:
plaintext kerberos password authentication for [gaio] succeeded (requesting
cctype: FILE)
user_flgs: NETLOGON_CACHED_ACCOUNT
credentials were put in: FILE:/tmp/krb5cc_0
root at dane:~# ssh gaio at localhost
gaio at localhost's password:
Warning: Your password will expire in 36 days on Tue Jun 27 18:19:27 2023
Warning: Your password will expire in 36 days on Tue Jun 27 18:19:27 2023
Welcome to Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-41-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
La manutenzione della sicurezza estesa per Applications non ? abilitata.
0 aggiornamenti possono essere applicati immediatamente.
Abilita ESM Apps per ricevere ulteriori aggiornamenti di sicurezza futuri.
Vedi https://ubuntu.com/esm o esegui: sudo pro status
1 updates could not be installed automatically. For more details,
see /var/log/unattended-upgrades/unattended-upgrades.log
Last login: Fri May 19 12:33:09 2023 from 10.5.1.44
gaio at dane:~$
I've also tried to shut off the wireless (and clearly not connect ethernet
cable ;) and i can confirm that i have the same response:
plaintext kerberos password authentication for [gaio] succeeded (requesting
cctype: FILE)
user_flgs: NETLOGON_CACHED_ACCOUNT
BUT a simple:
getent passwd gaio
took 60 seconds to run, and return nothing. So login does not work, because
obviously user 'gaio' does not exist.
The strange thing is that the same portable was on a Ubuntu 16.04, with the
same configuration, and worked as expected.
Seems to me that simply winbind loose the ability to do NSS cache... i've
googled a bit, and Samba in Xenial was 4.3.11+dfsg-0ubuntu0.16.04.34 .
It is worth a try to update samba to the later versions? There was updates
in this fields?
--
In amore ci vuole fortuna, ma anche un bel culo non guasta.
(Fabio Fazio)