[Samba] Samba 3.0.31 stills fails to read and write to socket.
Jeremy Allison
jra at samba.org
Fri Aug 1 17:19:17 GMT 2008
On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote:
> Hi,
> I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the
> winbind issue previously reported (Bug# 5551) but the issue is still
> happening in my servers.
>
> I have an ftp server (vsftpd), configured to use pam_winbind with krb5_auth
> and I see some random disconnects and my users cant login. My samba servers
> are member of a Windows 2003 domain.
>
> The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to the
> socket failed because the connection was reset by peer, this happened also
> on 3.0.28, i was hoping that 3.0.31 fix this issue.
>
> Im including my configuration and my log files. This happens only when
> pam_winbind authenticates users of other domains, sometimes it gets fixed
> itself because in my krb5.conf i have configured several domain controllers
> for the other domains and it changes the connections to the next server, but
> sometimes it gets stuck with one failed server and all my users cant login
> for a while.
This is your problem :
config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN]
[2008/07/31 10:03:55, 10]
nsswitch/winbindd_pam.c:winbindd_raw_kerberos_login(580)
got TGT for accountXYZ at OTHERDOMAIN.FORREST.COM in
MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT
(1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT
(1217552617))
[2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610)
ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew
Note the 30 second gap in timestamps.
Looks like the call :
krb5_ret = cli_krb5_get_ticket(local_service,
time_offset,
&tkt,
&session_key_krb5,
0,
cc,
NULL);
at line 604: in nsswitch/winbindd_pam.c is taking ages
to contact a KDC. Do you have DNS resolution issues ?
Jeremy.
More information about the samba
mailing list