[Samba] Samba 3.0.31 stills fails to read and write to socket.

Jeremy Allison jra at samba.org
Fri Aug 1 17:19:17 GMT 2008

On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote:
> Hi,
> I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the
> winbind issue previously reported (Bug# 5551) but the issue is still
> happening in my servers.
> I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth
> and I see some random disconnects and my users cant login. My samba servers
> are member of a Windows 2003 domain.
> The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the
> socket failed because the connection was reset by peer, this happened also
> on 3.0.28, i was hoping that 3.0.31 fix this issue.
> Im including my configuration and my log files. This happens only when
> pam_winbind authenticates users of other domains, sometimes it gets fixed
> itself because in my krb5.conf i have configured several domain controllers
> for the other domains and it changes the connections to the next server, but
> sometimes it gets stuck with one failed server and all my users cant login
> for a while.

This is your problem :

config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN]
[2008/07/31 10:03:55, 10]
  got TGT for accountXYZ at OTHERDOMAIN.FORREST.COM in
MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT
(1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT
[2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610)
  ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew

Note the 30 second gap in timestamps.

Looks like the call :

        krb5_ret = cli_krb5_get_ticket(local_service,

at line 604: in nsswitch/winbindd_pam.c is taking ages
to contact a KDC. Do you have DNS resolution issues ?


More information about the samba mailing list