Bug 15405 - Winbind does not work in 'offline caching' mode when in rfc2307 mode
Summary: Winbind does not work in 'offline caching' mode when in rfc2307 mode
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.18.3
Hardware: All All
: P5 major (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2023-06-28 16:46 UTC by Marco Gaiarin
Modified: 2023-07-18 09:42 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Marco Gaiarin 2023-06-28 16:46:36 UTC
I'm in a Samba/AD mixed environment with linux and Windows client. windows clearly behave correctly.

I've tried to join an Ubuntu 22.04 laptop to the domain, clearly enabling offline cache in winlogon. The laptop works flawlessy until i keep connected to the network; if i disconnect it, nss/winbind stop to work at all (eg, an 'id gaio' that connected return my IDs, disconnected return 'user unknown'.

After fiddling a bit with 'samba' users list, seems that if i set:
 idmap config lnffvg : unix_nss_info = no
 idmap config lnffvg : unix_primary_group = no

then after disconnection i have some minutes where i can still logon (so, cached credential works for some minutes) but after that laptop became completely useless:
 - i cannot recover from lock screen
 - i cannot enable wireless anymore
 - i cannot reboot/power off
 - if i connect an ethernet cable, i've to wait 5-15 minutes to have winbind recover and so logon.

Note that the same laptop was running Ubuntu 16.04, and with the same smb.conf file (minus of course needed change for samba version) worked as expected, eg offline logon worked. So seems also a regression to me...

Comment 1 Marco Gaiarin 2023-06-29 13:02:05 UTC
Forgot to say: i'm using rfc2307 IDMap.

I've switched to RID IDMap, and all works as expected.

So, seems that 'offline logon' winbind feature does not work with rfc2307.
Comment 2 Marco Gaiarin 2023-07-18 09:42:25 UTC
Sorry, forgot to say.

The laptop i'm using for tests was previously installed with another Ubuntu version (16.04); because Ubuntu was too much old, i've simply reinstalled it instead of doing multiple upgrade.

The smb.conf was roughly the same, and the domain is exactly the same; but in Ubuntu 16.04 (samba version 2:4.3.11+dfsg-0ubuntu0.16.04.34) offline logon works perfectly also with RFC2307: it was used all the COVID/lockdown years (2020/2021) with VPN connection, so doing initial logon offline and then activating VPN.