[Samba] Winbind in ADS forrest hangs when not able to talk to other DCs

Roman Rathler roman at hamma.net
Wed Jun 16 10:40:18 GMT 2004


Hi There,

we have a winbind installation here that is used for squid
authentication and group resolving. the winbind server is part of the
domain ch.domain.intern. the ads forrest is organized like 

domain.intern

ch.domain.intern at.domain.intern fr.domain.intern

and other sites will follow. authentication and group resolving works
actually fine, BUT: if the link to at or fr is down winbind hangs!!!
first of all: why does winbind try to connect to at or fr domain
controllers, because there is no information for winbind on these
servers? how can I keep winbind away from trying to connect to these
domain controllers?

my smb.conf:


[global]

workgroup = CHDOM01
server string = proxy

client use spnego = yes


load printers = no

idmap uid = 10000-20000
idmap gid = 10000-20000
# winbind separator = +
winbind cache time = 10
winbind enum users = yes
winbind enum groups = yes


log file = /var/log/samba/%m.log
max log size = 50
security = ads
realm = ch.domain.intern
password server = wsvch01 wsvch02
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192


my krb5.conf:

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = CH.DOMAIN.INTERN
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5
forwardable = true
proxiable = true
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
CH.DOMAIN.INTERN = {
kdc = wsvch01.ch.domain.intern:88
default_domain = ch.domain.intern
}

[domain_realm]
.ch.domain.intern = CH.DOMAIN.INTERN
ch.domain.intern = CH.DOMAIN.INTERN

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}


any suggestions?

thnx in advance
best regards,
roman 


More information about the samba mailing list