Mandi! Rowland Penny via samba In chel di` si favelave... Sorry for the late answer.> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works > for myself.Exactly the same, but on a real hardware.> Had the user 'gaio' logged in previously, it will not work if the user > hasn't logged in at least once before the network has disconnected.Sure! I've tried everytime a logon before disconnecting the network, also with different account, same result.> It is always worth upgrading Samba if possible and easy, but as I say, > it works for myself.Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works exactly as before, i try to explain: 1) boot; the PC had wireless on and connect automatically 2) login with AD account, OK. 3) i shut off the wireless. 4) machine became totally irresponsive: - a terminal open in 2 minutes - i cannot re-enable wireless - i cannot logoff or reboot The only options available is to wait for a terminal tu open, su to root (not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an insane amount of time. What i'm doing wrong? How can i debug this?! I restate: /etc/samba/smb.conf [global] client min protocol = NT1 disable spoolss = Yes load printers = No log file = /var/log/samba/log.%m map to guest = Bad User panic action = /usr/share/samba/panic-action %d printcap name = /dev/null realm = AD.FVG.LNF.IT security = ADS syslog = 0 username map = /etc/samba/user.map usershare max shares = 0 winbind offline logon = Yes winbind use default domain = Yes workgroup = LNFFVG idmap config lnffvg : unix_primary_group = yes idmap config lnffvg : unix_nss_info = yes idmap config lnffvg : schema_mode = rfc2307 idmap config lnffvg : range = 10000-49999 idmap config lnffvg : backend = ad idmap config * : range = 5000-9999 idmap config * : backend = tdb printing = bsd /etc/security/pam_winbind.conf [global] cached_login = yes /etc/krb5.conf [libdefaults] default_realm = AD.FVG.LNF.IT kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true fcc-mit-ticketflags = true /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis Thanks. -- C'? solo la strada su cui puoi contare, la strada ? l'unica salvezza. (Gaber)
Kees van Vloten
2023-May-26 17:55 UTC
[Samba] PAM Offline Authentication in Ubuntu 22.04...
On 26-05-2023 17:37, Marco Gaiarin via samba wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > Sorry for the late answer. > > >> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works >> for myself. > Exactly the same, but on a real hardware.To me it looks identical to this https://lists.samba.org/archive/samba/2021-July/236850.html Unfortunately that thread never came to a solution.> > >> Had the user 'gaio' logged in previously, it will not work if the user >> hasn't logged in at least once before the network has disconnected. > Sure! I've tried everytime a logon before disconnecting the network, also > with different account, same result. > > >> It is always worth upgrading Samba if possible and easy, but as I say, >> it works for myself. > Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works > exactly as before, i try to explain: > > 1) boot; the PC had wireless on and connect automatically > > 2) login with AD account, OK. > > 3) i shut off the wireless. > > 4) machine became totally irresponsive: > - a terminal open in 2 minutes > - i cannot re-enable wireless > - i cannot logoff or reboot > > > The only options available is to wait for a terminal tu open, su to root > (not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an > insane amount of time. > > > What i'm doing wrong? How can i debug this?! > > > I restate: > > /etc/samba/smb.conf > [global] > client min protocol = NT1 > disable spoolss = Yes > load printers = No > log file = /var/log/samba/log.%m > map to guest = Bad User > panic action = /usr/share/samba/panic-action %d > printcap name = /dev/null > realm = AD.FVG.LNF.IT > security = ADS > syslog = 0 > username map = /etc/samba/user.map > usershare max shares = 0 > winbind offline logon = Yes > winbind use default domain = Yes > workgroup = LNFFVG > idmap config lnffvg : unix_primary_group = yes > idmap config lnffvg : unix_nss_info = yes > idmap config lnffvg : schema_mode = rfc2307 > idmap config lnffvg : range = 10000-49999 > idmap config lnffvg : backend = ad > idmap config * : range = 5000-9999 > idmap config * : backend = tdb > printing = bsd > > /etc/security/pam_winbind.conf > [global] > cached_login = yes > > /etc/krb5.conf > [libdefaults] > default_realm = AD.FVG.LNF.IT > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > fcc-mit-ticketflags = true > > /etc/nsswitch.conf > passwd: compat winbind > group: compat winbind > shadow: files > gshadow: files > hosts: files mdns4_minimal [NOTFOUND=return] dns > networks: files > protocols: db files > services: db files > ethers: db files > rpc: db files > netgroup: nis > > > Thanks. >