samba pdc trusting windows domain, winbindd deadlock
Peter H. Ganten
ganten at univention.de
Fri Jan 23 09:47:52 GMT 2004
Helle everyone,
we experience a deadlock between samba and winbindd (both at version
3.0.1):
Samba is configured as PDC of domain WOOGA and trusting domain
TESTDOMAIN (with a NT4 PDC):
tserv:~# net rpc trustdom establish TESTDOMAIN -U Administrator
Password:
[2004/01/23 02:06:23, 0] utils/net_rpc.c:rpc_trustdom_establish(2097)
Success!
Samba itself is running fine:
tserv:~# smbd -D; nmbd -D;
tserv:~# smbclient -L localhost -U Administrator
Password:
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
netlogon Disk Domain logon service
IPC$ IPC IPC Service (Samba 3.0.1-Debian)
ADMIN$ IPC IPC Service (Samba 3.0.1-Debian)
Administrator Disk Heimatverzeichnisse
Server Comment
--------- -------
TSERV Samba 3.0.1-Debian
Workgroup Master
--------- -------
TESTDOMAIN NT4SERVER
WOOGA TSERV
When winbindd is started, samba locks up. The reason seems to be:
strace winbindd -S -F -i -Y 2>&1 | less
...
fcntl64(3, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=280,
len=1}, 0xbfffd530) = 0
alarm(0) = 40
rt_sigaction(SIGALRM, {SIG_IGN}, {0x80c3c40, [ALRM], SA_RESTORER,
0x40170c88}, 8) = 0
geteuid32() = 0
getuid32() = 0
brk(0) = 0x82a4000
brk(0x82cb000) = 0x82cb000
write(1, "Connecting to host=TSERV\n", 25Connecting to host=TSERV
...
where file descriptor 3 is secrets.tdb
This corresponds to the code in nsswitch/winbindd_cm, line 152 ff.,
where a lock on the secrets.tdb is acquired, before the connection to
the PDC is opened.
The strace of smbd shows, that smbd is waiting for exactly the same
lock:
[pid 6370] read(21, "\202\1#\4\34dc=wooga,dc=univention,dc=d"..., 294)
= 294
[pid 6370] select(1024, [21], [], NULL, NULL) = 1 (in [21])
[pid 6370] read(21, "0\f\2\1\2e\7\n", 8) = 8
[pid 6370] read(21, "\1\0\4\0\4\0", 6) = 6
[pid 6370] time(NULL) = 1074821585
[pid 6370] time(NULL) = 1074821585
[pid 6370] fcntl64(5, F_SETLKW64, {type=F_RDLCK, whence=SEEK_SET,
start=280, len=1} <unfinished ...>
so after 10 seconds winbindd times out, but is not connected to the PDC.
Commenting out the code in winbindd_cm.c which acquires the lock makes
winbindd work again, but this is probably not the right solution :-/
Please let me know, if you need further information.
Atteched is the smb.conf
Greetings
Peter Ganten
smb.conf:
[global]
; ldap
passdb backend = ldapsam:ldap://tserv.wooga.univention.de guest
ldap suffix = "dc=wooga,dc=univention,dc=de"
ldap admin dn = "cn=admin,dc=wooga,dc=univention,dc=de"
ldap ssl = off
; idmap/winbind
idmap backend = ldap:ldap://tserv.wooga.univention.de
idmap uid = 55000-64000
idmap gid = 55000-64000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind use default domain = yes
template shell = /bin/bash
template homedir = /home/%D-%U
encrypt passwords = yes
; printing
load printers = yes
printing = cups
printcap name = cups
; domain
security = user
domain logons = yes
domain master = yes
os level = 65
prefered master = yes
local master = yes
wins support = yes
workgroup = wooga
logon home = \\tserv\%U
logon drive = I:
logon path = \\tserv\%U\windows-profiles\%a
preserve case = yes
short preserve case = yes
guest account = nobody
admin users = administrator
... shares section skipped
--
Peter H. Ganten <ganten at univention.de> fon: +49 421 22 08 114
Geschäftsführer Linux for Your Business fax: +49 421 22 08 115
Univention GmbH http://www.univention.de/ mobil: +49 170 47 25 652
More information about the samba-technical
mailing list