On Thu, 2007-06-14 at 19:18 -0500, Jerome Haltom wrote: > I'm having the hardest time trying to come up with the optimal > configuration with NSS Winbind support. I want it to work right offline. > That is, name lookups shouldn't take 30 minutes to time out or lock the > system up. And if the name lookup is for a local name, I want Winbind to > be 100% out of hte picture. > > I've tried this, without much luck: > > passwd: compat [SUCCESS=return] winbind > groups: compat [SUCCESS=return] winbind > > My naive understanding is that this would make name lookups that > suceeded in `compat` completely avoid winbind. That was my understanding > until I disconnected the machine and could not log in as root. > > What am I missing? > >
What do your PAM files look like?? What is your distribution? I know for a while that SUSE was putting winbind in as a required auth mechanism which kind of sucks for anything offline or for local users. Try looking at it from that path. Perhaps a method of 'sufficient' would be good for all 4 methods (auth, acc, sess, pass). Regards, Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba