We have our linux servers setup to authenticate against Windows AD using idmap config DOMAIN: backend = RID
When a domain user logins to the system, all works fine, if its their first time loggin in then their home directory is created, and by using RID backend, all UIDs are consistent across all Linux servers. If we stop winbind, processes running under the username no longer show username, but show the UID. Same for file ownership, instead of ls -al showing jsmith as owner, it would return 8756. They return to normal once winbind is started again. Also, with winbind stopped, it is impossible for a non root or non system account to login to the server. We have no user IDs in /etc/passwd, save for system accounts and root obviously, and if we try to add an existing domain user using useradd, it says Account already exists. So my question is, how can we set it up so that if winbind becomes unavailable, or the domain controller is offline, someone can still login to the machine using their domain account. I did enable winbind offline logon = yes in smb.conf as well as cached_login = yes in /etc/security/pam_winbind.conf and restarted samba and winbind but that didn't seem to help. Thanks, Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
