[Samba] winbind nss configuration - Samba

This is a discussion on [Samba] winbind nss configuration - Samba ; I'm having the hardest time trying to come up with the optimal configuration with NSS Winbind support. I want it to work right offline. That is, name lookups shouldn't take 30 minutes to time out or lock the system up. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] winbind nss configuration

  1. [Samba] winbind nss configuration

    I'm having the hardest time trying to come up with the optimal
    configuration with NSS Winbind support. I want it to work right offline.
    That is, name lookups shouldn't take 30 minutes to time out or lock the
    system up. And if the name lookup is for a local name, I want Winbind to
    be 100% out of hte picture.

    I've tried this, without much luck:

    passwd: compat [SUCCESS=return] winbind
    groups: compat [SUCCESS=return] winbind

    My naive understanding is that this would make name lookups that
    suceeded in `compat` completely avoid winbind. That was my understanding
    until I disconnected the machine and could not log in as root.

    What am I missing?


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] winbind nss configuration

    On Thu, 2007-06-14 at 19:18 -0500, Jerome Haltom wrote:

    > I'm having the hardest time trying to come up with the optimal
    > configuration with NSS Winbind support. I want it to work right offline.
    > That is, name lookups shouldn't take 30 minutes to time out or lock the
    > system up. And if the name lookup is for a local name, I want Winbind to
    > be 100% out of hte picture.
    >
    > I've tried this, without much luck:
    >
    > passwd: compat [SUCCESS=return] winbind
    > groups: compat [SUCCESS=return] winbind
    >
    > My naive understanding is that this would make name lookups that
    > suceeded in `compat` completely avoid winbind. That was my understanding
    > until I disconnected the machine and could not log in as root.
    >
    > What am I missing?
    >
    >



    What do your PAM files look like?? What is your distribution? I know
    for a while that SUSE was putting winbind in as a required auth
    mechanism which kind of sucks for anything offline or for local users.

    Try looking at it from that path. Perhaps a method of 'sufficient'
    would be good for all 4 methods (auth, acc, sess, pass).

    Regards,
    Frank
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] winbind nss configuration

    --- Jerome Haltom wrote:

    > I'm having the hardest time trying to come up with the optimal
    > configuration with NSS Winbind support. I want it to work right
    > offline.
    > That is, name lookups shouldn't take 30 minutes to time out or lock
    > the
    > system up. And if the name lookup is for a local name, I want
    > Winbind to
    > be 100% out of hte picture.
    >
    > I've tried this, without much luck:
    >
    > passwd: compat [SUCCESS=return] winbind
    > groups: compat [SUCCESS=return] winbind
    >
    > My naive understanding is that this would make name lookups that
    > suceeded in `compat` completely avoid winbind. That was my
    > understanding
    > until I disconnected the machine and could not log in as root.
    >


    My nsswitch.conf looks like this (this is Solaris 8, btw):

    passwd: files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]
    group: files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]

    Actually, only the TRYAGAIN=return was necessary to prevent the "hang till
    timeout" in my scenario, but I put in the rest just in case.

    L8r,
    Mike


    Powered by Gee! - Wireless Access Anywhere
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread