[Samba] Winbind in ADS forrest hangs when not able to talk to other
DCs
Roman Rathler
roman at hamma.net
Wed Jun 16 10:36:28 GMT 2004
Hi There,
we have a winbind installation here that is used for squid authentication and group resolving. the winbind server is part of the domain ch.domain.intern. the ads forrest is organized like
domain.intern
ch.domain.intern at.domain.intern fr.domain.intern
and other sites will follow. authentication and group resolving works actually fine, BUT: if the link to at or fr is down winbind hangs!!! first of all: why does winbind try to connect to at or fr domain controllers, because there is no information for winbind on these servers? how can I keep winbind away from trying to connect to these domain controllers?
my smb.conf:
[global]
workgroup = CHDOM01
server string = proxy
client use spnego = yes
load printers = no
idmap uid = 10000-20000
idmap gid = 10000-20000
# winbind separator = +
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes
log file = /var/log/samba/%m.log
max log size = 50
security = ads
realm = ch.domain.intern
password server = wsvch01 wsvch02
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
my krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = CH.DOMAIN.INTERN
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CH.DOMAIN.INTERN = {
kdc = wsvch01.ch.domain.intern:88
default_domain = ch.domain.intern
}
[domain_realm]
.ch.domain.intern = CH.DOMAIN.INTERN
ch.domain.intern = CH.DOMAIN.INTERN
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
any suggestions?
thnx in advance
best regards,
roman
More information about the samba
mailing list