[Samba] Windind (Samba 4.2.*, 4.5.2) recurring resolving failure for some specific users
Volker Lendecke
vl at samba.org
Wed Jan 25 09:28:41 UTC 2017
On Wed, Jan 25, 2017 at 09:45:25AM +0100, Alain-Pierre Perrin via samba wrote:
> Hello.
>
>
> I'm facing an seemingly unsolvable problem on the Samba servers I
> administer (on Debian stable). Those servers are registered on a
> AD domain. They only serve files and are not registered as domain
> controllers. For some idendified users (always the same), Winbind
> periodically (but unpredicably) becomes unable to resolve their names,
> making their shares unavailable. A "net cache flush" temporarily
> solves the problem. Purging all caches doesn't help. Removing then
> adding again the servers on the domain doesn't help either. The
> problem appeared on Samba 4.2.10 (on Debian) and persisted on 4.2.14
> and 4.5.2 (testing).
>
> The only solution, for now, is more a "patch" and consists to run
> a "net cache flush" every 10 minutes. It helps, even if it is not
> perfect but it doesn't explain why those identified users suffer from
> this weird Samba behavior.
>
> It is a IDMAP RID bug ? Does the impacted users share some common
> AD/LDAP attributes making winbind choke ? What kind of log would be
> the most enlightening do study this hard to reproduce bug ?
winbind debug level 10 logs at the time of failure help. All Samba log
files starting with "log.w*" are needed.
Volker
More information about the samba
mailing list