[Samba] winbind stops authenticating until a restart.

Adrian Chung adrian at enfusion-group.com
Mon Jul 21 00:55:09 GMT 2003

About a month ago, I setup a Windows 2000 native-mode domain, and had
a couple of Linux machines join the active directory.  I followed the
steps outlined in the Samba 3.0 docs regarding winbind/PAM/NSS.  The
machines joined the domain fine, and 'wbinfo -t', as well as 'wbinfo
-u/-g' and 'getent passwd/group' return expected results.  Connecting
from other Windows clients in the domain with NetBIOS off works as

The problem I have is every day or so, all of a sudden, winbind/PAM
just stops authenticating users.  At this point in time, 'wbinfo -u'
still succeeds but both 'wbinfo -u/-g' and 'getent passwd/group'
return absolutely no results.

Once I restart winbindd, everything works fine again.  This has been
happening for about a month, almost every day, starting with Samba
3.0.0beta1, and now still with 3.0.0beta3.

I've got (among other settings):

  security = ads
  password server = beast.genosha.enfusion-group.com
  obey pam restrictions = yes
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind separator = +
  domain master = no
  local master = no

My setup is as follows:  2 Windows 2000 DCs, and two Linux servers,
one running RH 8.0 with kernel 2.4.20 and Samba 3.0.0beta3, the other
running Debian Sid, with kernel 2.6.0-test1 (has been running 2.4.18)
and Samba 3.0.0beta2.  Both Linux boxes exhibit the exact same
symptoms and failures.

After the latest failure tonight, I ran 'wbinfo --sequence' after
which point I was again able to query domain users and groups without
having to do a full restart of winbindd.

Can anyone offer any advice as to what would be useful in
troubleshooting this problem?  I've turned the debug level up on
winbind, and have some logs from a failure with the debug level up,
but they're quite long.  If they'd be helpful, I can post a URL.


Adrian Chung (adrian at enfusion-group dot com)
GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17
[gambit.enfusion-group.com] 8:38pm up 57 days, 22:15, 10 users

