samba - May 2023 - PAM Offline Authentication in Ubuntu 22.04...

Mandi! Rowland Penny via samba
  In chel di` si favelave...

Sorry for the late answer.

> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just works 
> for myself.
Exactly the same, but on a real hardware.

> Had the user 'gaio' logged in previously, it will not work if the
user
> hasn't logged in at least once before the network has disconnected.
Sure! I've tried everytime a logon before disconnecting the network, also
with different account, same result.

> It is always worth upgrading Samba if possible and easy, but as I say, 
> it works for myself.
Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It works
exactly as before, i try to explain:

1) boot; the PC had wireless on and connect automatically

2) login with AD account, OK.

3) i shut off the wireless.

4) machine became totally irresponsive:
 - a terminal open in 2 minutes
 - i cannot re-enable wireless
 - i cannot logoff or reboot


The only options available is to wait for a terminal tu open, su to root
(not sudo!) and do a 'reboot'. Or connect the ethernet cable and wait an
insane amount of time.


What i'm doing wrong? How can i debug this?!


I restate:

/etc/samba/smb.conf
 [global]
	client min protocol = NT1
	disable spoolss = Yes
	load printers = No
	log file = /var/log/samba/log.%m
	map to guest = Bad User
	panic action = /usr/share/samba/panic-action %d
	printcap name = /dev/null
	realm = AD.FVG.LNF.IT
	security = ADS
	syslog = 0
	username map = /etc/samba/user.map
	usershare max shares = 0
	winbind offline logon = Yes
	winbind use default domain = Yes
	workgroup = LNFFVG
	idmap config lnffvg : unix_primary_group = yes
	idmap config lnffvg : unix_nss_info = yes
	idmap config lnffvg : schema_mode = rfc2307
	idmap config lnffvg : range = 10000-49999
	idmap config lnffvg : backend = ad
	idmap config * : range = 5000-9999
	idmap config * : backend = tdb
	printing = bsd

/etc/security/pam_winbind.conf
 [global]
 	cached_login = yes

/etc/krb5.conf
 [libdefaults]
	default_realm = AD.FVG.LNF.IT
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true
	fcc-mit-ticketflags = true

/etc/nsswitch.conf
 passwd:         compat winbind
 group:          compat winbind
 shadow:         files
 gshadow:        files
 hosts:          files mdns4_minimal [NOTFOUND=return] dns
 networks:       files
 protocols:      db files
 services:       db files
 ethers:         db files
 rpc:            db files
 netgroup:       nis


Thanks.

-- 
  C'? solo la strada su cui puoi contare,
  la strada ? l'unica salvezza.			(Gaber)

On 26-05-2023 17:37, Marco Gaiarin via samba wrote:
> Mandi! Rowland Penny via samba
>    In chel di` si favelave...
>
> Sorry for the late answer.
>
>
>> I have Ubuntu 22.04 with Samba 4.15.13 running in a VM and it just
works
>> for myself.
> Exactly the same, but on a real hardware.
To me it looks identical to this 
https://lists.samba.org/archive/samba/2021-July/236850.html

Unfortunately that thread never came to a solution.
>
>
>> Had the user 'gaio' logged in previously, it will not work if
the user
>> hasn't logged in at least once before the network has disconnected.
> Sure! I've tried everytime a logon before disconnecting the network,
also
> with different account, same result.
>
>
>> It is always worth upgrading Samba if possible and easy, but as I say,
>> it works for myself.
> Ok, i've upgraded to 4.16 using Michael pakages (thanks Michael!). It
works
> exactly as before, i try to explain:
>
> 1) boot; the PC had wireless on and connect automatically
>
> 2) login with AD account, OK.
>
> 3) i shut off the wireless.
>
> 4) machine became totally irresponsive:
>   - a terminal open in 2 minutes
>   - i cannot re-enable wireless
>   - i cannot logoff or reboot
>
>
> The only options available is to wait for a terminal tu open, su to root
> (not sudo!) and do a 'reboot'. Or connect the ethernet cable and
wait an
> insane amount of time.
>
>
> What i'm doing wrong? How can i debug this?!
>
>
> I restate:
>
> /etc/samba/smb.conf
>   [global]
> 	client min protocol = NT1
> 	disable spoolss = Yes
> 	load printers = No
> 	log file = /var/log/samba/log.%m
> 	map to guest = Bad User
> 	panic action = /usr/share/samba/panic-action %d
> 	printcap name = /dev/null
> 	realm = AD.FVG.LNF.IT
> 	security = ADS
> 	syslog = 0
> 	username map = /etc/samba/user.map
> 	usershare max shares = 0
> 	winbind offline logon = Yes
> 	winbind use default domain = Yes
> 	workgroup = LNFFVG
> 	idmap config lnffvg : unix_primary_group = yes
> 	idmap config lnffvg : unix_nss_info = yes
> 	idmap config lnffvg : schema_mode = rfc2307
> 	idmap config lnffvg : range = 10000-49999
> 	idmap config lnffvg : backend = ad
> 	idmap config * : range = 5000-9999
> 	idmap config * : backend = tdb
> 	printing = bsd
>
> /etc/security/pam_winbind.conf
>   [global]
>   	cached_login = yes
>
> /etc/krb5.conf
>   [libdefaults]
> 	default_realm = AD.FVG.LNF.IT
> 	kdc_timesync = 1
> 	ccache_type = 4
> 	forwardable = true
> 	proxiable = true
> 	fcc-mit-ticketflags = true
>
> /etc/nsswitch.conf
>   passwd:         compat winbind
>   group:          compat winbind
>   shadow:         files
>   gshadow:        files
>   hosts:          files mdns4_minimal [NOTFOUND=return] dns
>   networks:       files
>   protocols:      db files
>   services:       db files
>   ethers:         db files
>   rpc:            db files
>   netgroup:       nis
>
>
> Thanks.
>