[Samba] timeout (?) w/ winbindd auth in samba 3.0.23c

Jean-Vincent BAYARRI bayarri at lcpc.fr
Wed Oct 25 12:48:44 GMT 2006

Hi everybody,

I'm using a FreeBSD 6.1 box running Samba-3.0.23c_2,1 from the ports
tree, authentification is provided by two MS PDC (kdc1 and kdc2, the 
domain is called PARIS).
Previous versions of Samba (<3.0.23c) used to work perfectly but since I
upgraded to 3.0.23c, I have very disturbing timeouts problems affecting

A simple "smbclient -L <myserver> -U testuser" from any client fails
with a timeout error. Whereas "wbinfo -u", "wbinfo -t" are OK on the
samba server (which has be successfully joined to my MS domain).
Of course Windows clients also fail (the browser freezes).

Here are excerpts from my smb.conf (global settings):


workgroup = PARIS
server string = Serveur Samba de test
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
encrypt passwords = true
max ttl = 86500

log file = /var/log/samba/samba.log
max log size = 5000
log level=5

security = ads
realm = PARIS.LCPC.FR 
password server = kdc1 kdc2
winbind use default domain = yes
winbind cache time = 10
template shell = /bin/true
template homedir = /home/%U
homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000

In my log.winbindd I can see, using a grep on "testuser":

Got user=[testuser] domain=[PARIS] workstation=[MARIO] len1=24 len2=24
  make_user_info_map: Mapping user [PARIS]\[testuser] from workstation
    attempting to make a user_info for testuser (testuser)
      making strings for testuser's user_info struct
        making blobs for testuser's user_info struct
	  check_ntlm_password:  Checking password for unmapped user
	  [PARIS]\[testuser]@[MARIO] with the new password interface
	    check_ntlm_password:  mapped user is:
	      [    0]: pam auth crap domain: [PARIS] user: testuser
	        Finding user PARIS\testuser
		  Trying _Get_Pwnam(), username as lowercase is
		    [    0]: getpwnam paris\testuser
		    [    0]: getpwnam paris\testuser
		    [    0]: getpwnam paris\testuser

..and it loops..

My DCs are recognized since "net lookup dc" gives me kdc1 et kdc2.

Any idea about this pb? 

* Jean-Vincent BAYARRI                         Ingénieur système & réseau *
* Service Informatique         Laboratoire Central des Ponts et Chaussées *
* 58, boulevard Lefebvre                             75732 PARIS CEDEX 15 *
* Tel 01 40 43 51 70                                   Fax 01 56 56 16 99 *

More information about the samba mailing list