[Samba] winbind talking to backup ADS server

Barry, Christopher cbarry at infiniconsys.com
Thu Apr 22 16:15:12 GMT 2004

Possibly bounce the winbind service after failover?


-----Original Message-----
From: news.gmane.org [mailto:looper_man at yahoo.com] 
Sent: Thursday, April 22, 2004 11:14 AM
To: samba at lists.samba.org
Subject: [Samba] winbind talking to backup ADS server


I've set up samba 3.02a and have it successfully authenticating against
a Windows 2000 ADS Server.  Everything is working great, except that
(winbind?) won't talk to the backup ADS server when the primary ADS
server goes down.  I'm shutting off the primary ADS server to test this,
and when I do I get the following:

[root at iceberg /etc]# /usr/local/samba/bin/wbinfo -u Error looking up
domain users

"getent passwd" also doesn't work.  When the primary ADS server is
online, everything works.

This seems to be a winbind problem ... when the primary is offline, all
windows users can log into the domain from their PCs, and I can
successfully get a kerberos ticket on my samba server machine from the
secondary ADS server (/etc/krb5.conf uses DNS to lookup the kerberos
server), but winbind doesn't seem to find it.

I tried three different settings for "password server" in smb.conf:

password server = PRIMARY_ADS_IP

... and the third was just not specifying a "password server".  All
three give the same result: I can authenticate when the primary is up,
but not when it's offline.

Looking at tcpdump (though I'm not an expert), it seems like winbind is
continually trying to contact the primary ADS server even after is goes
away .... Any ideas?  Where does winbind get the information about what
ADS server to talk to?


To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list