[Samba] Intermitent winbind failure resolving groups via nss

Wed Jul 25 07:58:04 GMT 2007

Hi all,

I have 2 Linux machines running winbind attached to a Windows 2003
server in AD mode to resolve users and groups via nss (nscd is disabled
for passwd and group info).

In an intermittent way winbind stops resolving group names, for instance
the 'id' command returns just the GID and no name for the primary user
group and executables trying to resolve members of groups cannot find
the groups by name.

For instance 'id' returns

uid=16778359(dsc) gid=16777729 groups=16777728(domain
admins),16777729,16778337(sbs report users),16778338(sbs mobile
users),16778339(web workplace users),16778348(offer remote assistance
helpers),16778352(sbs internet users),16778392(remote
users),16778394(crossdevs)

instead of

uid=16778359(dsc) gid=16777729(domain users) groups=16777728(domain
admins),16777729(domain users),16778337(sbs report users),16778338(sbs
mobile users),16778339(web workplace users),16778348(offer remote
assistance helpers),16778352(sbs internet users),16778392(remote
users),16778394(crossdevs)

when winbind is working correctly.

Restarting the winbind service immediately solves the problem and
issuing the command 'wbinfo -n crossdevs' (where crossdevs is a group on
AD) apparently solves the problem as well.

I tried to search the mailing list archives for similar problems but I
did not find any relevant info. Any ideas what might be the problem?

Version info:

Linux: Fedora Core 5 - x86

Samba : 3.0.24-7.fc5

In the winbind logs I see messages like

[2007/07/22 23:04:11, 0] lib/util_sock.c:write_data(564)

  write_data: write failure. Error = Connection reset by peer

[2007/07/22 23:04:11, 0] libsmb/clientgen.c:write_socket(138)

  write_socket: Error writing 238 bytes to socket 31: ERRNO = Connection
reset by peer

[2007/07/22 23:04:11, 0] libsmb/clientgen.c:cli_send_smb(168)

  Error writing 238 bytes to client. -1 (Connection reset by peer)

[2007/07/22 23:04:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)

  rpc_api_pipe: Remote machine ASTERIX pipe \lsarpc fnum 0x3returned
critical error. Error was Write error: Connection reset by peer

[2007/07/22 23:04:11, 1]
nsswitch/winbindd_group.c:winbindd_getgrnam(259)

  group crossdevs in domain SPINETIX does not exist

And

[2007/07/23 11:50:18, 0] lib/util_sock.c:write_data(564)

  write_data: write failure. Error = Connection reset by peer

[2007/07/23 11:50:18, 0] libsmb/clientgen.c:write_socket(138)

  write_socket: Error writing 222 bytes to socket 62: ERRNO = Connection
reset by peer

[2007/07/23 11:50:18, 0] libsmb/clientgen.c:cli_send_smb(168)

  Error writing 222 bytes to client. -1 (Connection reset by peer)

[2007/07/23 11:50:18, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)

  rpc_api_pipe: Remote machine ASTERIX pipe \lsarpc fnum 0x4013returned
critical error. Error was Write error: Connection reset by peer

[2007/07/23 11:50:18, 1] nsswitch/winbindd_group.c:getgrgid_got_sid(346)

  could not lookup sid

--
------------------------------------------------------------------------
--

Diego Santa Cruz, PhD
Software Architect, SpinetiX S.A.

PSE-C, CH-1015, Lausanne, Switzerland
Tel:    +41 (0) 21 693 89 81
Mail:   Diego.SantaCruz at spinetix.com

Get Information : www.spinetix.com

------------------------------------------------------------------------
--

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received
this in error, please contact the sender and delete the material from
any
computer.