[Samba] winbind timeouts
Gerald (Jerry) Carter
jerry at samba.org
Fri Aug 8 06:11:18 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 4 Aug 2003, Chris Douglass wrote:
> Hello,
> I have tried posting to comp.protocols.smb with no luck. Please help.
> I am running:
> Slackware 9.0 (x86)
> kernel 2.4.21
> samba 3.0b3
> MIT kerberos5 v1.2.7
>
> I am testing samba 3.0b3 as part of migrating my site to Active
> Directory. Compiles/installs OK. When winbindd is started, it looks for
> the list of trusted domains and then queries those domains for
> user/group info. When I have the samba3b3 box joined to an NT4 domain,
> it takes about 15 minutes to get this info from all domains. (roughly
> 60000+ user accounts in many domains.)
>
> When the machine is joined to the AD domain, though, it gets list of
> IP's for each domain on servers it can try to get the user/group data
> from. Many of the IP addresses it is obtaining are bad in almost every
> domain it contacts (cannot nslookup, ping, traceroute, or query WINS
> with any results). Winbindd just sits there until it times out, then
> tries the next one. The problem is that it takes many HOURS of waiting
> to get a full list generated so that I can run 'getent passwd'. Then I
> have to start the wait all over again so that 'getent group' works also.
> Once winbindd is queried, the test box is useless from the network until
> it's done (including plain Linux stuff like ssh)
> Everyting is fine at this point until I restart winbindd, then the
> whole thing starts over again.
you have a DNS or name server problem. Fix that.
> These are my questions:
>
> I thought that winbindd was supposed to cache all this info. Why doesn't
> it read the cache when it's restarted instead of getting new
> information?
It does cache, on disk cache works well but does not contain everything.
failed connection caches are in memory so they are reset upon restart.
Once we get a connection we hold onto it as along as possible.
> Is there something that can be done to tell winbindd not to try to query
> servers that aren't actually up?
Fix your name service.
> Where is this list of IP's coming from? Are these a bunch of dead
> accounts being reported from some Server Manager on a PDC?
Are you using security = ads? Probably from a SRV record in DNS for
_ldap._tcp.<your domain>
cheers, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"You can never go home again, Oatman, but I guess you can shop there."
--John Cusack - "Grosse Point Blank" (1997)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/Mz8GIR7qMdg1EfYRAuS+AKCRJWTjlRuBYBHLiIOGONLFrGSIYQCgmym6
OnKHww+qn+qLZFWpndQ0cmU=
=89ow
-----END PGP SIGNATURE-----
More information about the samba
mailing list