Steve Rippl wrote:
On Fri, 2009-10-16 at 14:37 +0300, Petteri Heinonen wrote:
Hello list users,
I have been struggling to make my AD integrated Debian Lenny box to work
fluently also when network connectivity is down. What I would like to achieve:
1) When no network available, local user should still work normally
2) If possible, AD located users should still be able to login if they have
previously logged in successfully (cached login)
Number 2 is more like optional, but number 1 would be very much needed.
However, it seems that winbind somehow blocks login process for local accounts
too if it is not able to get network connection to AD during system boot. These
are the relevant lines in my nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: files
I think this does what you want allowing local account to still
function...
passwd: compat [!NOTFOUND=return] winbind
group: compat winbind
shadow: compat
Thanks Steve, but didn't help. I have tried several combinations of
NOTFOUND and SUCCESS etc here. Also, this is what man page of
nsswitch.conf says:
success
No error occurred and the wanted entry is returned. The
default
action for this is 'return'.
So when user is found locally, the default action should anyway be
'return', that is, NOT to continue to winbind module. That is exactly
the problem I'm having; why does nsswitch continue to query anything
from winbind because the user is already found from local database?
-Petteri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba