Red Hat Bugzilla – Bug 592055
winbind offline logon cached credentials are not persistent
Last modified: 2010-08-18 09:52:09 EDT
Description of problem:
The primary use of the "allow offline login" configuration option in authconfig (as described in bug #232955) is to let users log in using Windows domain credentials when they are disconnected from the domain. For example - a laptop user that carries her laptop outside the office.
When authconfig sets "winbind offline logon" in the smb.conf file, this works well - but only as long as the winbind service keeps running. If the winbind service crashes, or is restarted due to a power failure, then cached credentials are forgotten and the user will be locked out of her computer with no chance of getting back in until she is back at the office (which may be a long while, if she's on a business trip, for example).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure winbind authentication and select "allow offline login" in authconfig.
2. Log in to the computer.
3. Disconnect from the network
4. restart the winbind service
5. try to log in again
The log in will be rejected
The log in should succeed
I'm not sure, but perhaps nscd or SSSD can be used to workaround the winbind issue, instead of implementing persistent credentials cache for winbind (which is probably a security issue that has already been solved elsewhere), but I was not able to setup SSSD properly in Fedora 13, and nscd by default caches credentials for 10 minutes, which is kind of useless for business trips...
I have the same problem.
I seems Samba generate a corrupted winbindd_cache.tdb.
Every time winbind is restarted it generates a new file logging this lines:
Jul 19 16:57:46 lnx winbindd: [2010/07/19 16:57:46.441866, 0] winbindd/winbindd_cache.c:4094(winbindd_cache_validate_and_initialize)
Jul 19 16:57:46 lnx winbindd: winbindd cache tdb corrupt and no backup could be restored.
Jul 19 16:57:46 lnx winbindd: [2010/07/19 16:57:46.442111, 0] winbindd/winbindd_cache.c:3076(initialize_winbindd_cache)
*** This bug has been marked as a duplicate of bug 618201 ***