Regarding Bug 3204 - winbindd: Exceeding 200 client connections, no idle connection found

Stefan (metze) Metzmacher metze at
Fri Aug 1 00:45:48 MDT 2014

Am 01.08.2014 um 06:10 schrieb Andrew Bartlett:
> On Fri, 2014-07-18 at 22:44 -0700, Jeremy Allison wrote:
>> On Fri, Jul 18, 2014 at 12:09:47PM -0700, Jeremy Allison wrote:
>>> Ok, as this went to samba-technical here is a (test) patch
>>> for 3.6.x only that attempts to fix this bug.
>>> It adds a new [global] parameter:
>>> winbind request timeout
>>> default value of 60 (seconds). What it does is terminate every client
>>> connection that has either remained idle for 60 seconds, or has not replied
>>> within 60 seconds. Initially I worried this was a little aggressive, but I
>>> don't think so - if a request has take > 60 seconds it's almost certainly dead,
>>> and pruning idle clients after 60 seconds is also probably ok. Also it's
>>> tuneable :-).
>>> If this works for people I can forward port to and
>>> It's also added to the bug report.
>>> Let me know if it helps !
>> And here is a (fixed) version of the patch
>> that gets the timeout calculations right
>> (and slightly rewritten to make those
>> calculations more clear :-).
>> Timeout calculations are tricky :-).
>> Also replaced the old bad patch in the bug
>> report.
> Does this only happen if we are out of connections, or always?
> Some operations can be slow, like trying to change the trust password
> (because it is forwarded to the PDC).  Now 60 seconds is really slow,
> but still, I wonder if it is too low.

Maybe we can flag connections with pending write operations and don't
disconnect them,
or have a timeout field on the connection that can temporary overwrite
the default.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list