[Samba] WINBIND failing in 2.2.3

Noel Kelly (VPN) nkelly at tarsus.co.uk
Sun Feb 10 12:50:04 GMT 2002 

Hi,

I wrote before about a winbind problem I was having with 2.2.3pre and this
problem has carried over onto 2.2.3.

I am using the same winbindd_idmap.tdb carried over from the original 2.2.2
installation.  The log spits out the messages below as users/machines
authenticate and about two or three times a day the winbind daemon dies.  It
continues to remain in memory and ostensibly functioning but when I do a
'getent passwd' there is no more entries for our main domain (UK).
Interestingly the entries for a small trusted domain we have for migration
reasons continue to be listed.  Once winbind is killed (-HUP does nothing)
and restarted it works fine again.

If I replace winbindd/wbinfo with the original 2.2.2 binaries then
everything works fine - we just have to reload winbind every day to get over
the memory leak problem.

I have had a look at the code which generates this entry in the winbind log
and compared it to the 2.2.2 code.  There does seem to be a marked
difference between the two (I am no C coder) so perhaps this was happening
all along with 2.2.2 but never surfaced in the logs.  However we never had
problems with winbind dying on its feet like now and we are having to
restart winbind twice or more often.

I know that there was major changes made to winbind for 2.2.3 - is there a
way I can refresh the winbindd_idmap.tdb file without scratching it (which
would be rather a large problem...) ?  I loaded up the tdb tools but there
was nothing really I could do with the raw data.

If I take the winbind errors at face value then it seems to be saying that
either the PDC is down/unreachable or my 2.2.3 file server is not being
allowed the information.  Why would winbind stop doing UK domain lookups but
continue to contact the trusted domain ?  The PDC reports no errors by the
way and I have rejoined the domain and tried scratching the private
directory but to no avail.

Any information or suggestions here would be appreciated with this.

(It might be nothing but I have "winbind enum users = yes" and "winbind enum
groups = yes" but I just noticed in the man pages that these default to 'no'
and 'yes' respectively.  This is a little odd as they both have a health
warning about some programs behaving oddly if these are turned off  ?)

Anyway, thanks in advance for the help,
Noel


log.winbindd: (It is interesting to note the times - I think the winbind
module actually spews several errors at once).

  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:50:45, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:51:30, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:51:38, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:51:38, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:52:11, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:52:11, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:52:55, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:56:11, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:56:44, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)
  getgrname_from_group(): could not get domain sid for domain @UK
[2002/02/07 08:57:03, 0]
nsswitch/winbindd_group.c:winbindd_getgrnam_from_group(
220)


Extract from getent passwd:  NTMIXED is always accessible - UK dies and
disappears.

UK+wlupton:x:10098:10000:Will Lupton:/raid/homedrives/wlupton:/dev/null
UK+zrajnic:x:10040:10000:Zoran Rajnic:/raid/homedrives/zrajnic:/dev/null
NTMIXED+Administrator:x:10034:10022::/raid/homedrives/administrator:/dev/nul
l
NTMIXED+Guest:x:10035:10022::/raid/homedrives/guest:/dev/null


smb.conf extract:

        os level = 0
        preferred master = False
        local master = No
        domain master = False
        security = domain
        password server = BRAIN
        smb passwd file = /usr/local/samba/private/smbpasswd
        wins server = 192.168.5.4
        name resolve order = wins host bcast

        winbind uid = 10000-20000
        winbind gid = 10000-20000
        winbind enum users = yes
        winbind enum groups = yes
        winbind separator = +
        nt acl support = yes

        kernel oplocks = no
        oplocks = no
        level2 oplocks = no

More information about the samba mailing list