FW: Winbindd timeout on unreacheable domains

Andrew Bartlett abartlet at samba.org
Wed Feb 18 21:19:04 GMT 2004 

On Wed, 2004-02-18 at 21:37, ww m-pubsyssamba wrote:
> Hi All,
> 
> 	would anyone like to acknoledge this as a problem or correct me if I'm mistaken, I didn't get a 
> responce from the samba mailing list. Seems to me to be an issue with implementing Samba+winbindd in a 
> distributed multi-domain windows environment,

Sorry, I meant to get back to you.  It's a known issue - there are ways
to work around it however - we can reduce the time we take before we
time out contacting trusted domains.

> 	thanks Andy.
> 
> 
> 
> Hi All,
> 
> 	I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my
> case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain 
> development environment and found if a trusted domain is not contactable it takes five minutes to 
> timeout before winbindd becomes active (/tmp/.winbindd/pipe is created). 

This is a bit more excessive than I've seen in the past.  Is your DNS
setup correctly?

>   If I assume this will be the same behaviour for winbindd in our production environment then if our 
> domain were isolated from the rest of the trusted domains then winbindd would take 45 minutes (9x 
> 5minutes) to become active if we needed to restart a server. Because our domain is on a physically 
> different and separately managed network from the others it is more than possible this type of situation 
> could occur. 45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 3.x on 
> one of our clusters. And to put this in comparison with a pure windows solution we would have no such 
> issues starting a DC or fileserver in a domain just because it couldn't see any or all trusted domains.

We suffer many pains because we are not windows :-).  (Mostly, this is
because windows does not need user lists or user names even, except in
the UI)

>   If I am incorrect please can you put me right on this, if I am correct is it possible that winbindd 
> can be modified to establish connection only with its local domain at startup and start serving data to 
> Samba from cached data for other domains?

There are some problems with this, but it's not that bad an idea. 

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040219/5ff76d27/attachment.bin

More information about the samba-technical mailing list