[Samba] timeout (?) w/ winbindd auth in samba 3.0.23c
Jean-Vincent BAYARRI
bayarri at lcpc.fr
Wed Oct 25 12:48:44 GMT 2006
Hi everybody,
I'm using a FreeBSD 6.1 box running Samba-3.0.23c_2,1 from the ports
tree, authentification is provided by two MS PDC (kdc1 and kdc2, the
domain is called PARIS).
Previous versions of Samba (<3.0.23c) used to work perfectly but since I
upgraded to 3.0.23c, I have very disturbing timeouts problems affecting
winbind.
A simple "smbclient -L <myserver> -U testuser" from any client fails
with a timeout error. Whereas "wbinfo -u", "wbinfo -t" are OK on the
samba server (which has be successfully joined to my MS domain).
Of course Windows clients also fail (the browser freezes).
Here are excerpts from my smb.conf (global settings):
[global]
workgroup = PARIS
server string = Serveur Samba de test
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
encrypt passwords = true
max ttl = 86500
log file = /var/log/samba/samba.log
syslog=0
max log size = 5000
log level=5
security = ads
realm = PARIS.LCPC.FR
password server = kdc1 kdc2
winbind use default domain = yes
winbind cache time = 10
template shell = /bin/true
template homedir = /home/%U
homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
In my log.winbindd I can see, using a grep on "testuser":
Got user=[testuser] domain=[PARIS] workstation=[MARIO] len1=24 len2=24
make_user_info_map: Mapping user [PARIS]\[testuser] from workstation
[MARIO]
attempting to make a user_info for testuser (testuser)
making strings for testuser's user_info struct
making blobs for testuser's user_info struct
check_ntlm_password: Checking password for unmapped user
[PARIS]\[testuser]@[MARIO] with the new password interface
check_ntlm_password: mapped user is:
[PARIS]\[testuser]@[MARIO]
[ 0]: pam auth crap domain: [PARIS] user: testuser
Finding user PARIS\testuser
Trying _Get_Pwnam(), username as lowercase is
paris\testuser
[ 0]: getpwnam paris\testuser
[ 0]: getpwnam paris\testuser
[ 0]: getpwnam paris\testuser
..and it loops..
My DCs are recognized since "net lookup dc" gives me kdc1 et kdc2.
Any idea about this pb?
Greetings
--
***************************************************************************
* Jean-Vincent BAYARRI Ingénieur système & réseau *
* Service Informatique Laboratoire Central des Ponts et Chaussées *
* 58, boulevard Lefebvre 75732 PARIS CEDEX 15 *
* Tel 01 40 43 51 70 Fax 01 56 56 16 99 *
***************************************************************************
More information about the samba
mailing list