tdb_lock failed (was Re: ... domain authentication?)

Andrew Bartlett abartlet at
Tue Oct 28 00:04:29 GMT 2003

On Tue, 2003-10-28 at 07:29, Brandon Craig Rhodes wrote:
> Following your advice, Andrew, I was able to convince our admins that
> we should simply throw all of our servers into the same domain and not
> trying to keep the domains separate.  Thanks!
> Now we are having extensive problems with performance in the labs we
> are attempting to move to domain authentication under Samba-3, because
> of contention over the secrets.tdb file from which each thread must
> now fetch the SID for our domain controller; errors look like:
>  tdb_chainlock_with_timeout_internal: alarm (10) timed out for key <PDC> in tdb /usr/local/samba-3.0.0/private/secrets.tdb
> where <PDC> is the name of the primary domain controller.

If you start winbindd on these systems, you might mitigate part of the
problem, short-term.  (The bug is real, and in solaris a per jra's
comments).  Winbind will handle the connection to the DC, rather than
each smbd.  It's much faster this way too.

You don't need to be using winbindd in nsswitch or PAM to take advantage
of this.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list