Markus Dellermann
2023-Jun-28 07:48 UTC
[Samba] PAM Offline Authentication in Ubuntu 22.04
Hi Marco, Am Dienstag, 27. Juni 2023, 17:00:06 CEST schrieb Marco Gaiarin via samba:> Mandi! Markus Dellermann via samba > In chel di` si favelave... > > > Marco, you are using the ad-Backend, right? > > Yes, rfc2307. > > > Have you tried with rid-backend or at least > > No, i cannot try RID, or at least i'll need to setup a different test > domain...No, i ve meant only one client for testing...> > "idmap config LNFFVG : unix_nss_info = no" in smb.conf ? > > Tried, but nothing changed. My current [global] section is: > > [global] > disable spoolss = Yes > load printers = No > lock directory = /var/cache/samba > log file = /var/log/samba/log.%m > map to guest = Bad User > panic action = /usr/share/samba/panic-action %d > printcap name = /dev/null > realm = AD.FVG.LNF.IT > security = ADS > syslog = 0 > template homedir = /home/%U > template shell = /bin/bash > username map = /etc/samba/user.map > usershare max shares = 0 > winbind offline logon = Yes > winbind request timeout = 5 > winbind use default domain = Yes > workgroup = LNFFVG > idmap config lnffvg : unix_primary_group = yes > idmap config lnffvg : unix_nss_info = no > idmap config lnffvg : schema_mode = rfc2307 > idmap config lnffvg : range = 10000-49999 > idmap config lnffvg : backend = ad > idmap config * : range = 5000-9999 > idmap config * : backend = tdb > printing = bsd > > > To update to 4.18 could be also an good idea, because there are some > > changes wich should help.. > > Samba version 4.18.3+dfsg-1. > > > Thanks...?hm...is there apparmor or something else, nscd..? Have you tried "async dns timeout" in smb.conf? Markus
On 28-06-2023 09:48, Markus Dellermann via samba wrote:> Hi Marco, > Am Dienstag, 27. Juni 2023, 17:00:06 CEST schrieb Marco Gaiarin via samba: >> Mandi! Markus Dellermann via samba >> In chel di` si favelave... >> >>> Marco, you are using the ad-Backend, right? >> Yes, rfc2307. >> >>> Have you tried with rid-backend or at least >> No, i cannot try RID, or at least i'll need to setup a different test >> domain... > No, i ve meant only one client for testing... > >>> "idmap config LNFFVG : unix_nss_info = no" in smb.conf ? >> Tried, but nothing changed. My current [global] section is: >> >> [global] >> disable spoolss = Yes >> load printers = No >> lock directory = /var/cache/samba >> log file = /var/log/samba/log.%m >> map to guest = Bad User >> panic action = /usr/share/samba/panic-action %d >> printcap name = /dev/null >> realm = AD.FVG.LNF.IT >> security = ADS >> syslog = 0 >> template homedir = /home/%U >> template shell = /bin/bash >> username map = /etc/samba/user.map >> usershare max shares = 0 >> winbind offline logon = Yes >> winbind request timeout = 5 >> winbind use default domain = Yes >> workgroup = LNFFVG >> idmap config lnffvg : unix_primary_group = yes >> idmap config lnffvg : unix_nss_info = no >> idmap config lnffvg : schema_mode = rfc2307 >> idmap config lnffvg : range = 10000-49999 >> idmap config lnffvg : backend = ad >> idmap config * : range = 5000-9999 >> idmap config * : backend = tdb >> printing = bsd >> >>> To update to 4.18 could be also an good idea, because there are some >>> changes wich should help.. >> Samba version 4.18.3+dfsg-1. >> >> >> Thanks... > ?hm...is there apparmor or something else, nscd..? > Have you tried "async dns timeout" in smb.conf? > > > MarkusIf it is a dns issue you could also setup a local dnsmasq (or similar) to ensure a dns-server is always reachable> > >
Mandi! Markus Dellermann via samba In chel di` si favelave...>> No, i cannot try RID, or at least i'll need to setup a different test >> domain... > No, i ve meant only one client for testing...OK, but if i setup RID on the client/workstation and rfc2307 on the server/AD, i'll simply get incoherent mappings, right? Rowland, i can really use on a client rid and on the domain rfc2307? I'm thinking about this, and probably yes... at least for a portable system where plausibly i don't need NFS...> ?hm...is there apparmor or something else, nscd..?root at dane:~# dpkg -l | grep nscd root at dane:~#> Have you tried "async dns timeout" in smb.conf?I've lowered to 5, i'll give it a try... -- Uno dei pi? grossi problemi di questo paese ? che la maggioranza delle importazioni vengono dall'estero. (George W. Bush)