DC affinity for winbind
Isaac Boukris
iboukris at gmail.com
Mon Dec 11 12:44:23 UTC 2017
Hello,
I am trying to restrict winbind to only authenticate users against one
given DC, by specifying the DC in smb.conf option 'password server'.
According to the doc:
By specifying the name of a domain controller with this option, and
using security = [ads|domain] it is possible to get Samba to do all
its username/password validation using a specific remote server.
This works fine, however, it seems that winbind saves the old DC in
cache, so if I shutdown winbind, change 'password server' to a new DC,
and restart winbind, then it still uses the old DC.
The debugs shows as follows:
wb.networking:22436:1512636602.818817:Thu Dec 7 10:50:02 2017:
connection_ok: Connection to (null) for domain NETWORKING is not
connected
wb.networking:22436:1512636602.818879:Thu Dec 7 10:50:02 2017:
Opening cache file at /usr/var/cache/gencache.tdb
wb.networking:22436:1512636602.818965:Thu Dec 7 10:50:02 2017:
Opening cache file at
/usr/var/lib/samba/.networking/gencache_notrans.tdb
wb.networking:22436:1512636602.819031:Thu Dec 7 10:50:02 2017: Adding
cache entry with key=[SAFJOIN/DOMAIN/NETWORKING] and timeout=[Thu Jan
1 02:00:00 AM 1970 IST] (-1512636601 seconds in the past)
wb.networking:22436:1512636602.819097:Thu Dec 7 10:50:02 2017: Could
not get allrecord lock on gencache_notrans.tdb: Locking error
wb.networking:22436:1512636602.819157:Thu Dec 7 10:50:02 2017:
saf_fetch: Returning "NDC3.networking.lab.com" for "NETWORKING" domain
wb.networking:22436:1512636602.819219:Thu Dec 7 10:50:02 2017: Adding
cache entry with
key=[NEG_CONN_CACHE/NETWORKING,NDC3.networking.lab.com] and
timeout=[Thu Jan 1 02:00:00 AM 1970 IST] (-1512636601 seconds in the
past)
To workaround this issue, I use 'net cache del ..' to clear the cache
before restarting winbind.
Is this a bug? If so, how best to address it?
Thanks,
Isaac B.
More information about the samba-technical
mailing list