On Mon, Oct 26, 2009 at 2:29 PM, Richard Foltyn <[email protected]>wrote:
> Petteri Heinonen wrote: > > > Thanks Steve, but didn't help. I have tried several combinations of > > NOTFOUND and SUCCESS etc here. Also, this is what man page of > > nsswitch.conf says: > > > > success > > No error occurred and the wanted entry is returned. The > > default > > action for this is 'return'. > > > > So when user is found locally, the default action should anyway be > > 'return', that is, NOT to continue to winbind module. That is exactly > > the problem I'm having; why does nsswitch continue to query anything > > from winbind because the user is already found from local database? > > > > -Petteri > > > > > > Another thing you might want to try is modyfing the cache settings of > nscd. > > I have a similar setup but use ldap instead of winbind, and every time > the network connection is gone everything hangs. I therefore configured > nscd to cache entries for passwd and groups locally between restarts. > > Have a look at "persistent" in the nscd man page. You'll have to > manually create /var/db/nscd/ for this to work, IIRC. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_winbind.so cached_login use_first_pass auth required pam_deny.so account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_winbind.so cached_login use_authtok password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ session required pam_limits.so session required pam_unix.so -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
