offline logon with NT4 domains needs config change
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba |
Unknown
|
Unknown
|
|||
samba (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
I have configured pam_winbind to permit logon to domain samba3 users and all seems to works as expected. Then I have added the offline logon adding "winbind offline logon = yes" to smb.conf and adding "cached_login=yes" to /etc/security/
When I am online in /etc/log/auth.log I can see a correct authentication:
Feb 7 09:50:24 103note0512 sudo: DOMAIN\user : TTY=pts/2 ; PWD=/home/
Feb 7 09:50:24 103note0512 sudo: pam_unix(
Feb 7 09:50:24 103note0512 sudo: pam_unix(
but if I disconnect from the network in auth.log I find the following:
Feb 7 09:51:34 103note0512 sudo: pam_unix(
Feb 7 09:51:34 103note0512 sudo: pam_unix(
Feb 7 09:51:34 103note0512 sudo: DOMAIN\user : 1 incorrect password attempt ; TTY=pts/2 ; PWD=/home/
Feb 7 09:51:47 103note0512 sudo: pam_unix(
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libpam-winbind 2:4.7.6+
ProcVersionSign
Uname: Linux 4.15.0-45-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Thu Feb 7 09:25:55 2019
InstallationDate: Installed on 2018-08-24 (166 days ago)
InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=it_IT.UTF-8
SHELL=/bin/bash
RelatedPackageV
nautilus 1:3.26.
gvfs 1.36.1-0ubuntu1.2
SambaClientRegr
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)
tags: | added: server-triage-discuss |
tags: | removed: server-triage-discuss |
Changed in samba (Ubuntu): | |
status: | Incomplete → Triaged |
importance: | Undecided → Low |
summary: |
- offline logon doesnt works in ubuntu 18.04 + offline logon with NT4 domains needs config change in 18.04 |
summary: |
- offline logon with NT4 domains needs config change in 18.04 + offline logon with NT4 domains needs config change |
Hi piviul,
I appreciate the bug report and your help to make Ubuntu better.
But I have to admit this is not my home turf, but I'm sure others looking at this bug would appreciate a bit more detail to be able to fully understand the case.
First of all how exactly do you connect/disconnect to as you refer have "connection to the domain controller lan" - I mean what commands exactly are you using and on which node (we talk about multiple systems here right, or is all on one box and you have a local login).
Furthermore many samba issues consume a lot of time not being on the same page, it would be very helpful if you could provide the config you use. There could be a zillion different configs that would achieve "I have configured pam_winbind to permit logon to domain samba3 users" and they all might slightly differ.
Obfuscate names if there is anything private in it, but other than that please provide the full config files here.
To increase chances even more that developers can help you I would recommend full steps from a clean VM. So start with a e.g. KVM guest (e.g. by [1] - or multiple of them) and then outline all commands/configs you needed to get into your case.
And finally projects move, if it is not too hard for you to give your config but with the samba version 2:4.9.4+ dfsg-1ubuntu1 in the upcoming Ubuntu 19.04 (Disco) a try that would be really great.
[1]: https:/ /blog.simos. info/multipass- management- of-virtual- machines- running- ubuntu/