samba - Dec 2024 - pam_winbind Appears to need a Network Connection to Succeed at Offline Authentication

On Sun, 1 Dec 2024 08:05:15 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> On 11/29/24 12:04, Marco Gaiarin via samba wrote:
> > Mandi! John R. Graham via samba
> >    In chel di` si favelave...
> >
> >> When I put winbindd in offline mode,
> > RFC2307? A known bug:
> >
> > 	https://bugzilla.samba.org/show_bug.cgi?id=15405
> Hi, Marco. Yes, RFC2307. Your work-around (rid idmap back end) works
> for me, too! Offline login is now functional. Currently this is only
> a minor inconvenience for me because the templated shell and home
> directory values correspond to what I'm actually using on my Linux
> domain members.
> 
> 
I think that what is happening here is that Samba is caching the
username, uidNumber & gidNumber, but none of the other rfc2307
attributes, so when the network is disconnected, the 'missing' rfc2307
attributes cannot be found, even though winbind tries, so it just
'hangs'.

Rowland

On 12/2/24 04:03, Rowland Penny via samba wrote:
> I think that what is happening here is that Samba is caching the
> username, uidNumber & gidNumber, but none of the other rfc2307
> attributes, so when the network is disconnected, the 'missing'
rfc2307
> attributes cannot be found, even though winbind tries, so it just
> 'hangs'.
But there would be nothing untoward about adding a few more RFC2307 
attributes to what winbindd caches (specifically those that would give 
nss_winbind all the information necessary to construct a full passwd 
line), would there? Would the Samba team be receptive to such a patch?

- John