FW: Winbindd timeout on unreacheable domains

Andrew Bartlett abartlet at samba.org
Wed Feb 18 21:19:04 GMT 2004

On Wed, 2004-02-18 at 21:37, ww m-pubsyssamba wrote:
> Hi All,
> 	would anyone like to acknoledge this as a problem or correct me if I'm mistaken, I didn't get a 
> responce from the samba mailing list. Seems to me to be an issue with implementing Samba+winbindd in a 
> distributed multi-domain windows environment,

Sorry, I meant to get back to you.  It's a known issue - there are ways
to work around it however - we can reduce the time we take before we
time out contacting trusted domains.

> 	thanks Andy.
> Hi All,
> 	I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my
> case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain 
> development environment and found if a trusted domain is not contactable it takes five minutes to 
> timeout before winbindd becomes active (/tmp/.winbindd/pipe is created). 

This is a bit more excessive than I've seen in the past.  Is your DNS
setup correctly?

>   If I assume this will be the same behaviour for winbindd in our production environment then if our 
> domain were isolated from the rest of the trusted domains then winbindd would take 45 minutes (9x 
> 5minutes) to become active if we needed to restart a server. Because our domain is on a physically 
> different and separately managed network from the others it is more than possible this type of situation 
> could occur. 45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 3.x on 
> one of our clusters. And to put this in comparison with a pure windows solution we would have no such 
> issues starting a DC or fileserver in a domain just because it couldn't see any or all trusted domains.

We suffer many pains because we are not windows :-).  (Mostly, this is
because windows does not need user lists or user names even, except in
the UI)

>   If I am incorrect please can you put me right on this, if I am correct is it possible that winbindd 
> can be modified to establish connection only with its local domain at startup and start serving data to 
> Samba from cached data for other domains?

There are some problems with this, but it's not that bad an idea. 

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040219/5ff76d27/attachment.bin

More information about the samba-technical mailing list