search for: pam_offline_authentication

I'm trying to enable offline auth in a Ubuntu 22.04 box, following: https://wiki.samba.org/index.php/PAM_Offline_Authentication using standard ubuntu samba package (4.15.13+dfsg-0ubuntu1.1). I've enabled workaround 'lock directory = /var/cache/samba'. Still does not work, and behave very badly with no conectivity or bad connectivity (wireless): sometime the 'reboot/poweroff' menu option desappear, ope...

Mandi! Rowland Penny via samba In chel di` si favelave... > The latest version of this wiki page works for myself: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Mee too, but does not work. ;( > Every so often, I attempt to login as a domain user and so far it works, > without any delays. As I said, lightdm flashes up a message during the > logon, but it goes past very fast, so fast that I cannot read it and I > cannot find it logged anywh...

On 19/05/2023 12:02, Marco Gaiarin via samba wrote: > > I'm trying to enable offline auth in a Ubuntu 22.04 box, following: > > https://wiki.samba.org/index.php/PAM_Offline_Authentication > > using standard ubuntu samba package (4.15.13+dfsg-0ubuntu1.1). > I've enabled workaround 'lock directory = /var/cache/samba'. I would undo that, it appears to be wrong. > > > Still does not work, and behave very badly with no conectivity or bad > connectivi...

...template homedir = /home/%U template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes restrict anonymous = 2 # fix dfs error's in log ? host msdfs = no # https://wiki.samba.org/index.php/PAM_Offline_Authentication winbind offline logon = yes winbind cache time = 15768000 winbind enum users = yes winbind enum groups = yes cat /etc/krb5.conf [libdefaults] default_realm = SAMDOM.EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true

Hello, I have setup a laptop with debian10, where samba ad users should able to login. I also setup PAM_Offline_Authentication, so far so good. There are several Problems: - After Reboot winbind seem to start before network is redy, so winbind can't get user info via getent passwd <username>, after restart winbind it works - How can I cache logins infos, for offline login (e.g. when only wlan is available or t...

...clearly all account data are inaccessible. To prevent or minimize that, the ''offline mode'' of winbind can be safely used also on DM servers? Or is tailoread against roaming client (portables, ...)? What benefit and/or drawbacks? I've seen: https://wiki.samba.org/index.php/PAM_Offline_Authentication and seems clear to me. but still... some question: a) there's no info about the persistence of the cache; so seems to me that the cache are ''persistent'', eg data are kept indefinitely and updated only on successful logons against the DC. Right? b) the doc speaks about '...

I'm revising some docs, and i've returned on the 'offline logon' tema. Looking at: https://wiki.samba.org/index.php/PAM_Offline_Authentication and smb.conf manpage, it is clear that 'offline logon' is a pam/authentication only, does not involve NSS. Considering a 'full offline' DM client (supposing a portable), there's a 'winbind permanent nss cache' or a general nss cache (like nss-updatedb): https://wiki....

...template shell = /bin/bash client use spnego = yes client ntlmv2 auth = yes encrypt passwords = yes winbind use default domain = yes restrict anonymous = 2 # fix dfs error's in log ? host msdfs = no # https://wiki.samba.org/index.php/PAM_Offline_Authentication winbind offline logon = yes winbind enum users = yes winbind enum groups = yes OS: Debian 10.4 Best Regards, On 08.07.20 15:39, Rowland penny via samba wrote: > On 08/07/2020 14:30, basti via samba wrote: >> Hello, >> on my samba AD i have set homedir to /hom...

Thanks! That's exactly what I was looking for. Nico On Mon, Dec 7, 2015 at 11:57 AM, L.P.H. van Belle <belle at bazuin.nl> wrote: > Hai Nico, > > Yes, you can do the same for linux laptops. > Read : https://wiki.samba.org/index.php/PAM_Offline_Authentication > > And here is an example. > > https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain > > Greetz, > > Louis > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samb...

...ly the same, but on a real hardware. > > To me it looks identical to this > https://lists.samba.org/archive/samba/2021-July/236850.html > > Unfortunately that thread never came to a solution. The latest version of this wiki page works for myself: https://wiki.samba.org/index.php/PAM_Offline_Authentication It is based on my tests. I have Ubuntu 22.04 running in an Oracle VM, this has been running for the last 4 days and is disconnected from the network. Every so often, I attempt to login as a domain user and so far it works, without any delays. As I said, lightdm flashes up a message during the...

On 29/05/2023 13:43, Marco Gaiarin via samba wrote: > Mandi! Rowland Penny via samba > In chel di` si favelave... > >> The latest version of this wiki page works for myself: >> https://wiki.samba.org/index.php/PAM_Offline_Authentication > > Mee too, but does not work. ;( Don't really understand that, it sounds like it does and it doesn't work for you. > > >> Every so often, I attempt to login as a domain user and so far it works, >> without any delays. As I said, lightdm flashes up a message d...

I'm setting up a new Samba-based AD domain. The domain will be used to authenticate access to both Windows and Linux desktops and portables. When a Windows portable is not able to access the AD servers (e.g. you are using a portable outside of the office) you can still happily logon using cached credentials (as long as the user logged on the pc at least once before). Is there a way to get

...; Nico > > > > > > > > On Mon, Dec 7, 2015 at 11:57 AM, L.P.H. van Belle <belle at bazuin.nl> > wrote: > > > > > Hai Nico, > > > > > > Yes, you can do the same for linux laptops. > > > Read : https://wiki.samba.org/index.php/PAM_Offline_Authentication > > > > > > And here is an example. > > > > > > > > > https://www.clearos.com/resources/documentation/clearos/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain > > > > > > Greetz, > > > > > > Louis >...

...? client use spnego = yes >> ??????? client ntlmv2 auth = yes >> ??????? encrypt passwords = yes >> ??????? restrict anonymous = 2 >> >> ??????? # fix dfs error's in log ? >> ??????? host msdfs = no >> >> ??????? # https://wiki.samba.org/index.php/PAM_Offline_Authentication >> ??????? winbind offline logon = yes >> ??????? winbind cache time = 15768000 >> >> ??????? winbind enum users = yes >> ??????? winbind enum groups = yes >> >> cat /etc/krb5.conf >> [libdefaults] >> ???? default_realm = SAMDOM.EXAMPLE.COM >...

...(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: The specified account does not exist.* *What I have done already ( I added a ping at the end of every command list to show you if I was "online" or "offiline"):* 1. I read the wiki :) - https://wiki.samba.org/index.php/PAM_Offline_Authentication Based on this I found that I can test offline authentication as follows with "switch winbindd to offline mode by hand": *root at cd2bd668e00c7:~# wbinfo -K EXAMPLE.CORP\\faiuser* *Enter EXAMPLE.CORP\faiuser's password: * *plaintext kerberos password authentication for [EXAMPLE.CO...

Mandi! Rowland Penny via samba In chel di` si favelave... > I would undo that, it appears to be wrong. OK, i've undo also i. > I have tested this on a Ubuntu 22.04 computer and it works, so I have > updated the wiki page: > https://wiki.samba.org/index.php/PAM_Offline_Authentication Apparently works as expected: root at dane:~# wbinfo -K gaio Enter gaio's password: plaintext kerberos password authentication for [gaio] succeeded (requesting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 root at dane:~# smbcontrol winbind offline root at dane:~# wbinfo -K...

...ached_login > krb5_auth krb5_ccache_type=FILE cached_login try_first_pass # <= > added cached_login, just in case # here's the fallback if no module Which one did you add ? The one after 'pam_winbind.so' or the other one ? Try reading this: https://wiki.samba.org/index.php/PAM_Offline_Authentication Rowland

Hello, I am using winbindd to map users via the idmap_ad backend from a Samba 4.2.2 AD to another machine in the network. Everything works fine unless I shutdown the DC. I would expect winbindd to realize the DC is offline and shutdown or something, however instead of realizing something is wrong It goes into some kind of reconnection loop and makes the whole system unuseable. As soon as I kill

I did re-read the whole thread again. Im running out of options.. When i look at : https://wiki.samba.org/index.php/PAM_Offline_Authentication You can do these last checks. Run the : Testing offline authentication as show on the wiki. Debian normaly does not have /etc/security/pam_winbind.conf, check if its there if so backup it remove it. Check if these packages are installed. libpam-krb5 libpam-winbind libnss-winbind Now edit...

...SUCH_USER, Error message was: The specified account does not > exist.* > > *What I have done already ( I added a ping at the end of every command > list to show you if I was "online" or "offiline"):* > 1. I read the wiki :) - > https://wiki.samba.org/index.php/PAM_Offline_Authentication > Based on this I found that I can test offline authentication as > follows with "switch winbindd to offline mode by hand": > > *root at cd2bd668e00c7:~# wbinfo -K EXAMPLE.CORP\\faiuser* > *Enter EXAMPLE.CORP\faiuser's password: * > *plaintext kerberos password a...