[PATCH] Workaround very slow nss_winbind, fix crash on the AD DC (particularly for backups)

Philippe.Simonet at swisscom.com Philippe.Simonet at swisscom.com
Thu Jun 20 23:58:49 MDT 2013 

Hi Andrew,

many thanks for you patch, 
i tested it on 2 different systems but without success (the crash is always happening).

before applying the patch, I had a strange problem :  I couldn't reproduce the problem (with wbinfo --uid-info 3000000)
on one of the machine. no chance even if I reinstall, re-provision, ...). I finally reboot the machine and after the reboot the crash
was reproduceable again (...)


on both machines, what I've done : 
(...untar...)
cd samba-4.0.6
patch -p1 < 0001-s4-winbind-Add-special-case-for-BUILTIN-domain.patch
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-fhs
make
make install
rm /etc/samba/smb.conf
samba-tool domain provision --dns-backend=BIND9_FLATFILE --server-role=dc  --realm TEST.CH  --domain TEST --adminpass=Pa$$w0rd
samba -i -M single

and ->>>  wbinfo --uid-info 3000000

I get : 
---------------------
samba version 4.0.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 'WZ3.test3.ch'
TLS self-signed keys generated OK
===============================================================
INTERNAL ERROR: Signal 11 in pid 4844 (4.0.6)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC: internal error
Aborted
---------------------

Best regards

Philippe

> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet at samba.org]
> Sent: Tuesday, June 18, 2013 4:50 AM
> To: Samba Technical
> Cc: samba at samba.org; Alex Matthews; Simonet Philippe, ITS-OUS-OP-IFM-
> NW-IPE
> Subject: [PATCH] Workaround very slow nss_winbind, fix crash on the AD DC
> (particularly for backups)
> 
> This patch attempts to address an issue some have reported where our
> nss_winbind is even slower than it's simple non-caching implementation
> needs to be.
> 
> I think this comes from us not handling the BUILTIN domain properly, and so
> we constantly attempt to contact the DC, and then fail an internal validation
> step, throwing away that connection.
> 
> I think this is also the cause of crashes folks have seen.
> 
> Can I get some confirmation that this helps, so I can merge this into master
> (and then 4.0.x)?
> 
> Thanks,
> 
> Andrew Bartlett
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list