Can't login with Windows AD account if network unavailable

I am using XEN bootup to try and utilize a virtual Windows environment within the OpenSuse session. However, I joined a local AD account and created an AD account with its own folders. Logged in as DOMAIN\user and everything worked fine.

However, when I tried to log in with the network unavailable, it either says login failed or login disabled. I tried different combinations and nothing worked.

Some things I tried:

  1. Logging in as root with/without Xen bootup
    : same effect
  2. Logging in as DOMAIN\user with/without Xen on the domain network
    : works
  3. Logging in as DOMAIN\user NOT on domain network
    : login failed
  4. Logged in as local root NOT on domain network;
    : works (of course)
  5. Logged in as local root NOT on domain;
    Tried to create new session with “Offline Auth” selected;
    : user/pass prompt doesn’t even show, frozen on screen with a messed up background like a collage of different images from recent session
  6. Logged in as local root;
    no network connection;
    unchecked “Offline Auth” AND the “Use SMB information for Linux Authentication” option under the Windows Domain Settings;
    tried to log into a new session
    : login prompt available; “login failed”

Before I pull out the rest of my hair … what can I do to maintain my AD account login and keep those SMB credentials offline so that I can log into my laptop without having to be on the domain network. What step am I missing here?

Thanks!

My laptop: DELL XPS M1530, OpenSUSE 11.1 x86_64, KDE 4.1

Hi,

You cannot log in the domain if the network is not available. How would you like to do so? If the network is not there also the AD server is not there. If the AD server is not there you can’t authenticate against the AD server. So the system will tell you that the login failed.

If you need to log in without AD you have to log in as a local user. So create another user with a local login and use this one in case you are away from the AD network.

hth

Bye

Erik

Really?? You can do that with Windows account as long as you have authenticated at least once with the AD account and you have a cached key. There are settings for PAM and SMB that should allow for cached authentication token of some kind so that laptop users can still log into their account. Otherwise laptop users can not use AD accounts at all… sounds strange that this would be the case …

You didn’t remember to enable cache logons - as I recall it was called Offline Authentication - check your Windows Domain Membership in YAST.

Hi,
Offline Authentication is checked. When it is checked and the network is not connected, I still can’t log in. Is there another setting that I have to look at it?