dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

r/winbind: Disable offline login by default 

The `winbind offline login` setting seems to cause issues when one of
the domain controllers is offline.  Rather than try the other DC,
winbind seems to just "give up" and return NT_STATUS_NO_SUCH_USER for
all authentication requests until the offline cache is flushed.  There's
not really any reason to use this setting on servers anyway, since they
are always connected to the LAN, as opposed to laptops that may
occasionally disconnect.  Let's disable this option in the hopes that it
makes logins more resilient to DC downtime.  After all, there's not much
point in having multiple DCs if they all have to be available in order
to log in.
chrony
Dustin 2023-10-27 17:37:49 -05:00
parent 686817571e
commit 7b23f6a4ac
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/winbind/defaults/main.yml
View File

@ -1,7 +1,7 @@
winbind_idmap_range: 3000000-3009999
winbind_nss_info: rfc2307
winbind_use_default_domain: true
winbind_offline_login: true
winbind_offline_login: false
winbind_kerberos_method: secrets and keytab
winbind_refresh_tickets: false