[Samba] winbind nss configuration - Samba
This is a discussion on [Samba] winbind nss configuration - Samba ; I'm having the hardest time trying to come up with the optimal
configuration with NSS Winbind support. I want it to work right offline.
That is, name lookups shouldn't take 30 minutes to time out or lock the
system up. ...
-
[Samba] winbind nss configuration
I'm having the hardest time trying to come up with the optimal
configuration with NSS Winbind support. I want it to work right offline.
That is, name lookups shouldn't take 30 minutes to time out or lock the
system up. And if the name lookup is for a local name, I want Winbind to
be 100% out of hte picture.
I've tried this, without much luck:
passwd: compat [SUCCESS=return] winbind
groups: compat [SUCCESS=return] winbind
My naive understanding is that this would make name lookups that
suceeded in `compat` completely avoid winbind. That was my understanding
until I disconnected the machine and could not log in as root.
What am I missing?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] winbind nss configuration
On Thu, 2007-06-14 at 19:18 -0500, Jerome Haltom wrote:
> I'm having the hardest time trying to come up with the optimal
> configuration with NSS Winbind support. I want it to work right offline.
> That is, name lookups shouldn't take 30 minutes to time out or lock the
> system up. And if the name lookup is for a local name, I want Winbind to
> be 100% out of hte picture.
>
> I've tried this, without much luck:
>
> passwd: compat [SUCCESS=return] winbind
> groups: compat [SUCCESS=return] winbind
>
> My naive understanding is that this would make name lookups that
> suceeded in `compat` completely avoid winbind. That was my understanding
> until I disconnected the machine and could not log in as root.
>
> What am I missing?
>
>
What do your PAM files look like?? What is your distribution? I know
for a while that SUSE was putting winbind in as a required auth
mechanism which kind of sucks for anything offline or for local users.
Try looking at it from that path. Perhaps a method of 'sufficient'
would be good for all 4 methods (auth, acc, sess, pass).
Regards,
Frank
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
-
Re: [Samba] winbind nss configuration
--- Jerome Haltom wrote:
> I'm having the hardest time trying to come up with the optimal
> configuration with NSS Winbind support. I want it to work right
> offline.
> That is, name lookups shouldn't take 30 minutes to time out or lock
> the
> system up. And if the name lookup is for a local name, I want
> Winbind to
> be 100% out of hte picture.
>
> I've tried this, without much luck:
>
> passwd: compat [SUCCESS=return] winbind
> groups: compat [SUCCESS=return] winbind
>
> My naive understanding is that this would make name lookups that
> suceeded in `compat` completely avoid winbind. That was my
> understanding
> until I disconnected the machine and could not log in as root.
>
My nsswitch.conf looks like this (this is Solaris 8, btw):
passwd: files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]
group: files winbind [NOTFOUND=return UNAVAIL=return TRYAGAIN=return]
Actually, only the TRYAGAIN=return was necessary to prevent the "hang till
timeout" in my scenario, but I put in the rest just in case.
L8r,
Mike
Powered by Gee! - Wireless Access Anywhere
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
