[Samba] winbind timeouts

Chris Douglass ALLEN.C.DOUGLASS at saic.com
Mon Aug 4 20:08:39 GMT 2003

I have tried posting to comp.protocols.smb with no luck. Please help.
I am running:
Slackware 9.0 (x86)
kernel 2.4.21
samba 3.0b3
MIT kerberos5 v1.2.7

I am testing samba 3.0b3 as part of migrating my site to Active
Directory. Compiles/installs OK. When winbindd is started, it looks for
the list of trusted domains and then queries those domains for
user/group info. When I have the samba3b3 box joined to an NT4 domain,
it takes about 15 minutes to get this info from all domains.  (roughly
60000+ user accounts in many domains.)

When the machine is joined to the AD domain, though, it gets list of
IP's for each domain on servers it can try to get the user/group data
from. Many of the IP addresses it is obtaining are bad in almost every
domain it contacts (cannot nslookup, ping, traceroute, or query WINS
with any results). Winbindd just sits there until it times out, then
tries the next one. The problem is that it takes many HOURS of waiting
to get a full list generated so that I can run 'getent passwd'. Then I
have to start the wait all over again so that 'getent group' works also.
Once winbindd is queried, the test box is useless from the network until
it's done (including plain Linux stuff like ssh)
 Everyting is fine at this point until I restart winbindd, then the
whole thing starts over again.
These are my questions:

I thought that winbindd was supposed to cache all this info. Why doesn't
it read the cache when it's restarted instead of getting new

Is there something that can be done to tell winbindd not to try to query
servers that aren't actually up? 

Where is this list of IP's coming from? Are these a bunch of dead
accounts being reported from some Server Manager on a PDC? 

Any info would be greatly appreciated. 

More information about the samba mailing list