[Samba] FIXED AGAIN: Win2003 ADS, wbinfo -u and -g bug
herman
herman at aeronetworks.ca
Sat Oct 13 00:32:37 GMT 2007
System: Win2003 ADS, Samba 3.0.26a on RHEL5.
>
> I thought I had this fixed but sadly no - it came back. The situation
> changes when I reboot the PC, or cycle power on the PC. This
> indicates to me that there is a structure in winbind that is not
> initialized properly.
>
> wbinfo -t: OK, shows domain joined fine.
> wbinfo -g: Shows all groups, or only the first two BUILTIN groups, or
> nothing at all.
> wbinfo -u: Shows all users, or no users.
>
> Login works if wbinfo -g shows all groups, fails otherwise.
>
> kinit user at DOMAIN: works
> wbinit -a user%domain: works
---
This weird Winbind/Kerberos problem has been fixed again - hopefully for
good.
I started to read the source code, followed the log messages at debug
level 10 and sniffed the network with tcpdump. Eventually, I figured
out that Kerberos is generating an inordinate amount of traffic, with
the result that the Windows server doesn't always get around to
answering the LDAP request and the user/group query then times out.
The solution is to reset the Windows Administrator password.
I remembered reading in the Samba howto guide that the Administrator
password reset also does something to Kerberos, so I tried it and it
worked. I haven't been able to break it again for the rest of the day.
Cheers,
Herman
More information about the samba
mailing list