FW: Winbindd timeout on unreacheable domains
pubsyssamba at bbc.co.uk
Thu Feb 19 11:39:21 GMT 2004
thanks for your reply, please see my comments below,
On Wed, 2004-02-18 at 21:37, ww m-pubsyssamba wrote:
> Hi All,
> would anyone like to acknoledge this as a problem or correct me if I'm mistaken, I didn't get a
> responce from the samba mailing list. Seems to me to be an issue with implementing Samba+winbindd in a
> distributed multi-domain windows environment,
Sorry, I meant to get back to you. It's a known issue - there are ways
to work around it however - we can reduce the time we take before we
time out contacting trusted domains.
## Is this something I need to customise myself in the source? If so can you let me know which file and
## which param? Couldn't see anything obvious from grepping the source...
> Hi All,
> I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my
> case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain
> development environment and found if a trusted domain is not contactable it takes five minutes to
> timeout before winbindd becomes active (/tmp/.winbindd/pipe is created).
This is a bit more excessive than I've seen in the past. Is your DNS
## My test forest has only two DC's so I don't think there's much that can go wrong in such a simple
## environment, (exact timeout is actually consistantly 3mins 50seconds). However I'm going to test
## this in our live environment over the weekend by isolating a DC and samba server from the rest of
## the network so I'll see for real how bad this will be with many trusted domains.
> If I assume this will be the same behaviour for winbindd in our production environment then if our
> domain were isolated from the rest of the trusted domains then winbindd would take 45 minutes (9x
> 5minutes) to become active if we needed to restart a server. Because our domain is on a physically
> different and separately managed network from the others it is more than possible this type of situation
> could occur. 45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 3.x on
> one of our clusters. And to put this in comparison with a pure windows solution we would have no such
> issues starting a DC or fileserver in a domain just because it couldn't see any or all trusted domains.
We suffer many pains because we are not windows :-). (Mostly, this is
because windows does not need user lists or user names even, except in
> If I am incorrect please can you put me right on this, if I am correct is it possible that winbindd
> can be modified to establish connection only with its local domain at startup and start serving data to
> Samba from cached data for other domains?
There are some problems with this, but it's not that bad an idea.
## Should I pursue this idea further, log a bug etc?
More information about the samba-technical