[PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)
Philippe.Simonet at swisscom.com
Philippe.Simonet at swisscom.com
Thu Jun 20 23:58:49 MDT 2013
Hi Andrew,
many thanks for you patch,
i tested it on 2 different systems but without success (the crash is always happening).
before applying the patch, I had a strange problem : I couldn't reproduce the problem (with wbinfo --uid-info 3000000)
on one of the machine. no chance even if I reinstall, re-provision, ...). I finally reboot the machine and after the reboot the crash
was reproduceable again (...)
on both machines, what I've done :
(...untar...)
cd samba-4.0.6
patch -p1 < 0001-s4-winbind-Add-special-case-for-BUILTIN-domain.patch
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs
make
make install
rm /etc/samba/smb.conf
samba-tool domain provision --dns-backend=BIND9_FLATFILE --server-role=dc --realm TEST.CH --domain TEST --adminpass=Pa$$w0rd
samba -i -M single
and ->>> wbinfo --uid-info 3000000
I get :
---------------------
samba version 4.0.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 'WZ3.test3.ch'
TLS self-signed keys generated OK
===============================================================
INTERNAL ERROR: Signal 11 in pid 4844 (4.0.6)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Aborted
---------------------
Best regards
Philippe
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Tuesday, June 18, 2013 4:50 AM
> To: Samba Technical
> Cc: samba at samba.org; Alex Matthews; Simonet Philippe, ITS-OUS-OP-IFM-
> NW-IPE
> Subject: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC
> (particularly for backups)
>
> This patch attempts to address an issue some have reported where our
> nss_winbind is even slower than it's simple non-caching implementation
> needs to be.
>
> I think this comes from us not handling the BUILTIN domain properly, and so
> we constantly attempt to contact the DC, and then fail an internal validation
> step, throwing away that connection.
>
> I think this is also the cause of crashes folks have seen.
>
> Can I get some confirmation that this helps, so I can merge this into master
> (and then 4.0.x)?
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list