[Samba] winbind : suspend nightmare

L.P.H. van Belle belle at bazuin.nl
Mon Oct 21 09:20:10 UTC 2019 

Hai, 

Hmm,  well, i never use suspending, just because it often lots of unwanted problems as you noticed. 

Most problem the network drivers has crashed or isnt correclty loaded, wifi adapters offline, nic autosence problems
Things like that. 

#Fix Internet after Suspend
alias fix-internet="sudo modprobe -r r8169 && sleep 10 && sudo modprobe r8169"

Depending on what is used, you still have more options.
For example, in networkmanager.conf, try "carrier-wait-timeout" and "ignore-carrier" 

And othere thing you might encounter, that that the network device name changed after suspending. 
Then you also need to use : /etc/udev/rules.d/10-network.rules 
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="eth1"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="ff:ee:dd:cc:bb:aa", NAME="eth0"

But my advice, schedule an shutdown and startup when needed. Save you lots of problems. 
I have disable all supspending things/options i could find. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Prunk Dump via samba
> Verzonden: maandag 21 oktober 2019 10:07
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] winbind : suspend nightmare
> 
> Hello Samba Team !
> 
> First at all. It's seems that my problem is NOT (or not only) a Samba
> Winbind problem. But I need to understand what's happen to send good
> reports to correct maintainers.
> 
> 
> What's I'm trying to achieve :
> ------------------------------------------
> Gnome gdm introduced a great feature that suspend the system on
> logout. This help a lot reducing the electric consumption on my school
> networks where the machines are often used sporadically for just one
> hour.
> 
> So I working hard, since two months, trying making winbind works with
> suspend. Sadly without success...
> 
> 
> What's the problem :
> ------------------------------
> In a random manner, winbind lost the connection with my DC. "wbinfo
> -p" works but  "winbind -i username" say that the user is unknown for
> all user. Pam winbind stop working as the users are not identified.
> 
> Sometimes winbind recover after 3 à 5 minutes. Sometimes it never
> recover and need to be restarted.
> 
> Strangely, sometimes a "wbinfo -g" make winbind works again...
> 
> 
> What's cause the problem :
> ----------------------------------------
> 
> I don't know really. It seems that the problem appear in two 
> situations.
> 
> 1) When the system recover from suspend.
> 
> Even with a higher log level of debugging I don't see anythings
> strange in the logs. As winbind use many time related service, maybe
> some tickets can expire during suspend and maybe this situation is not
> implemented in the winbins code.
> 
> I don't know if winbind "officially" support suspending. Currently I
> have written a systemd hook that kill winbind before suspend and
> restarting it after.
> 
> 2) The problem appear also on "DHCPDISCOVER". I don't know why but
> DHCPDISCOVER make winbind react. Just after winbind try to update the
> "DC" list.
> 
> I don't understand how winbind know what dhclient do. Maybe a bug in
> dhclient that close a winbind's opened socket ?
> 
> But just after after DHCPDISCOVER, winbind lost network connection
> (strangely I'm ssh connected to the host so the host don't lost all
> network connectivity), and dns resolution fail.
> 
> Here what I see in the logs, just after DHCPDISCOVER :
> 
> -> 12:29:27 is the time of the suspend the day before ( my 
> hook kill winbind )
> -> 07:44:43 is the time of the wake : see how everything seems fine
> -> 07:46:40 is when DHCPDISCOVER is sent and when winbind 
> lost connectivity
> 
> 12:29:27  Got sig[15] terminate (is_parent=0)
> 07:44:43  connection_ok: Connection to fichdc01.samdom.com for domain
> SAMDOM is not connected
> 07:44:43  Successfully contacted LDAP server 172.16.0.30
> 07:44:43  get_dc_list: preferred server list: "fichdc01.samdom.com, *"
> 07:44:43  Connecting to 172.16.0.30 at port 445
> 07:44:43  ldb_wrap open of secrets.ldb
> 07:44:43  Connecting to 172.16.0.30 at port 135
> 07:44:43  Connecting to 172.16.0.30 at port 49153
> 07:44:43  Connecting to 172.16.0.30 at port 135
> 07:44:43  Connecting to 172.16.0.30 at port 49153
> 07:44:43  Connecting to 172.16.0.30 at port 135
> 07:44:43  Connecting to 172.16.0.30 at port 49152
> 07:44:45  ads: fetch sequence_number for SAMDOM
> 07:44:45  get_dc_list: preferred server list: "fichdc01.samdom.com, *"
> 07:44:45  Successfully contacted LDAP server 172.16.0.30
> 07:44:45  Connected to LDAP server fichdc01.samdom.com
> 07:46:40  connection_ok: Connection to fichdc01.samdom.com for domain
> SAMDOM is not connected
> 07:46:40  cldap_multi_netlogon_send: cldap_socket_init failed for
> ipv4:172.16.0.30:389  error NT_STATUS_NETWORK_UNREACHABLE
> 07:46:40  ads_cldap_netlogon: did not get a reply
> 07:46:40  ads_try_connect: CLDAP request 172.16.0.30 failed.
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  ads_find_dc: failed to find a valid DC on our site
> (Default-First-Site-Name), Trying to find another DC for realm
> 'samdom.com' (domain '')
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  dns_send_req: Failed to resolve
> _ldap._tcp.dc._msdcs.samdom.com (Connection refused)
> 07:46:40  ads_dns_lookup_srv: Failed to send DNS query
> (NT_STATUS_CONNECTION_REFUSED)
> 07:46:40  ads_find_dc: name resolution for realm 'samdom.com' (domain
> '') failed: NT_STATUS_NO_LOGON_SERVERS
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  resolve_lmhosts: Attempting lmhosts lookup for name 
> SAMDOM<0x1c>
> 07:46:40  resolve_wins: WINS server resolution selected and no WINS
> servers listed.
> 07:46:40  Could not look up dc's for domain SAMDOM
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  ads_dns_lookup_srv: Failed to send DNS query
> (NT_STATUS_CONNECTION_REFUSED)
> 07:46:40  get_sorted_dc_list: no server for name samdom.com available
> in site Default-First-Site-Name, fallback to all servers
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  ads_dns_lookup_srv: Failed to send DNS query
> (NT_STATUS_CONNECTION_REFUSED)
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  ads_dns_lookup_srv: Failed to send DNS query
> (NT_STATUS_CONNECTION_REFUSED)
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  resolve_lmhosts: Attempting lmhosts lookup for name 
> SAMDOM<0x1c>
> 07:46:40  resolve_wins: WINS server resolution selected and no WINS
> servers listed.
> 07:46:40  get_dc_list: preferred server list: ", *"
> 07:46:40  ads_dns_lookup_srv: Failed to send DNS query
> (NT_STATUS_CONNECTION_REFUSED)
> 
> 
> So my questions :
> ---------------------------
> 
> 1) Did winbind officially support suspending ? Or did I need to keep
> my systemd hook to stop winbind on suspend ?
> 
> 2) Does someone understand what's happen when winbind lost
> connectivity ? Why I don't see anythings in the logs when resuming
> from suspend ? Why "wbinfo -g" make sometimes winbind working again ?
> 
> 3) Does someone recognize some points of my DHCPDISCOVER problem ? Any
> idea that help me the file a bug to the good persons.
> 
> Thanks you very much !
> 
> Baptiste.
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list