Winbindd weirdness

[Matthew McCowan]

ftp://ftp.motherwell.com.au/pub/incoming/winbindd.log.bz

G'day folks,

We're running 2.2.5 on a Solaris 7 box powered by an Ultra 10, 512M RAM.

The distribution was built from source using Sun Workshop v5.

The box sees a fair bit of developer activity, but not a huge number of
users, so it seemed the perfect beast for trialing the pam_winbind/winbindd
authentication mechanism.

The build went reasonably smoothly, and produced stuff that Solaris 7 was
happy with.
A configuration was arrived at that worked - the smb.conf from the 2.0.7
days was modified to include winbind, nsswitch.conf changed to suit, the
winbindd library added to /usr/lib, the pam_winbind library added to
/usr/lib/security, /etc/pam.conf modified to match.

I took myself out of /etc/passwd and let the PAM/winbindd combination
authenticate me against our local PDC. No problems, smiles all round!

After a while (about a week), strange things started to occur. I'd try to
log in as myself(telnet, ssh), but pam/winbindd didn't like my password (and
I made sure my account didn't get locked out on the PDC), 10 minutes later
it let me in (still running the same winbindd process). On another occassion
I "su - " to my username (as superuser) and it gave me another PDC users
uid!

On top of this at least once a day the winbindd process becomes a CPU hog
and doesn't allow anyone in. It has to be killed and restarted. It doesn't
seem to be time related - it'll run over a weekend without a worry - but
seems to be triggered by whatever the developers are up to.

Anyhoo. I've captured a weird moment or two in
ftp://ftp.motherwell.com.au/pub/incoming/winbindd.log.bz by appending -d 100
-i to the winbindd daemon.
Hope the info helps iron out bugs for the future releases.

Matt McC
Digital Janitor

PS If the file isn't there when you look (in 5 days time it'll get erased by
a cron job), mail me directly and I'll forward you a copy (~700k)