[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Robert LeBlanc
robert at leblancnet.us
Fri Oct 23 14:51:03 MDT 2009
On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison <jra at samba.org> wrote:
> On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote:
> > 3.4.2
>
> Ok, what does your smb.conf look like. What is the
> configured winbindd backend ?
>
We have switched to hash for the increased flexibility. I have flushed the
idmap cache and everything resolves perfectly when a DC is contactable.
#======================= Global Settings =======================
[global]
workgroup = byu
realm = BYU.LOCAL
preferred master = no
server string = %h server
dns proxy = no
#### Debugging/Accounting ####
log file = /cluster/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = ADS
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
pam password change = yes
########## Printing ##########
load printers = no
printing = bsd
printcap name = /dev/null
show add printer wizard = no
disable spoolss = yes
############ Misc ############
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# allow trusted domains = No
# idmap backend = rid:BYU=10000-100000000
# idmap config BYU:backend = rid
# idmap config BYU:range = 10000-100000000
# idmap uid = 10000-100000000
# idmap gid = 10000-100000000
idmap backend = hash
winbind nss info = hash
winbind use default domain = yes
winbind separator = +
winbind enum groups = no
winbind enum users = no
winbind nested groups = yes
template homedir = /home/%U
template shell = /bin/bash
winbind refresh tickets = yes
# use kerberos keytab = yes
# kerberos method = system keytab # should work after bug is fixed
winbind offline logon = yes
#======================= Share Definitions =======================
Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University
More information about the samba
mailing list