[Samba] 2 Windows DCs, one crashes, PAM Winbind stops working

Josh T mortonjt at rochester.rr.com
Tue Mar 21 15:16:23 GMT 2006 

Hi,

I am using Winbind & NSS/PAM on Debian Linux, joined to a Windows 2000 
AD Domain, to provide email (SMTP/POP3) based on Windows username and 
password.  I have two Windows 2000 Servers for domain controllers, DC1 
and DC2.  Over the weekend DC2 had a CPU fan fail and it overheated and 
  crashed.  Once DC2 failed, PAM Winbind stopped working and my users 
could no longer log into their email until I fixed DC2.

I would have thought that Samba would use DC1 if DC2 was unavailable? 
Does anyone know what is wrong with my config or else what I could do to 
avoid this in the future?

The only thing I could find was in log.nmbd -  a network printer is 
responding to WINS, a firmware upgrade which I will apply as soon as I 
can changes this to "Printer (WINS request) responds only when queried 
specifically by name."  I don't know if this relates to my problem 
though.  192.168.1.40 and 192.168.1.41 are the ip addresses of the email 
server, 192.168.1.36 is the ip address of printer:

[2006/03/20 16:20:22, 0] nmbd/nmbd_namequery.c:query_name_response(101)
   query_name_response: Multiple (2) responses received for a query on 
subnet 192.168.1.41 for name MYDOMAIN<1d>.
   This response was from IP 192.168.1.36, reporting an IP address of 
0.0.0.0.
[2006/03/20 16:20:22, 0] nmbd/nmbd_namequery.c:query_name_response(101)
   query_name_response: Multiple (2) responses received for a query on 
subnet 192.168.1.40 for name MYDOMAIN<1d>.
   This response was from IP 192.168.1.36, reporting an IP address of 
0.0.0.0.

Thanks for any help,
Josh


Samba version is "3.0.14a-Debian", here is my config:

mail:~# cat /etc/samba/smb.conf
[global]
         workgroup = MYDOMAIN
         netbios name = MAIL
         security = ADS
         realm = MYDOMAIN.LOCAL
         encrypt passwords = true
         password server = DC1.MYDOMAIN.LOCAL DC2.MYDOMAIN.LOCAL
         hosts allow = 192.168.1. 127.
         log file = /var/log/samba/log.%m
         log level = 0
         winbind separator = +
         winbind uid = 10000-20000
         winbind gid = 10000-20000
         winbind enum users = yes
         winbind enum groups = yes
         winbind use default domain = yes

         #testing ldap idmap backend
         ldap admin dn = cn=admin,dc=mydomain,dc=local
         ldap ssl = off
         ldap suffix = dc=mydomain,dc=local
         idmap backend = ldap:ldap://127.0.0.1
         ldap idmap suffix = ou=Idmap

         template homedir = /mnt/shared/homes/%U
         obey pam restrictions = yes

         #do not become a master browser
         local master = no


mail:~# cat /etc/pam.d/popa3d
# PAM configuration for popa3d

#@include common-auth
#@include common-account

auth    required        pam_winbind.so
account required        pam_winbind.so


mail:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

More information about the samba mailing list