[Samba] Samba 3.0.31 stills fails to read and write to socket.
Jose Santiago Oyervides
joseoyervides at gmail.com
Fri Aug 1 17:50:48 GMT 2008
I think i could be DNS resolution like you say, since this problem only
happens with accounts from other domains. I have had troubles in the past in
order to get DNS resolution to work, because this server also has a public
postfix server, so If I configured the internal DNS the external resolution
didn't work and viceversa, in order to cope with this issue I configured and
internal DNS server with both internal and external resolution and that
seemed to work.
If I ping the domain controllers from any another domain it responds very
fast, since I have all DC's in /etc/hosts and /etc/samba/lmhosts and in my
nsswitch.conf I have configured this: hosts: files wins dns winbind and in
/etc/samba/smb.conf I have name resolve order=lmhosts wins bcast.
Would it help if I configured the Ip address in my krb5.conf for all domains
instead of their name? Why in /var/lib/samba/smb_krb5 is only created
krb5.conf.MYDOMAIN and not the file for the others domains? May be this has
somethng to do...
Jose Santiago Oyervides.
On Fri, Aug 1, 2008 at 12:19 PM, Jeremy Allison <jra at samba.org> wrote:
> On Fri, Aug 01, 2008 at 10:46:54AM -0500, Jose Santiago Oyervides wrote:
> > Hi,
> > I recently upgraded my servers from 3.0.28 to 3.0.31 trying to solve the
> > winbind issue previously reported (Bug# 5551) but the issue is still
> > happening in my servers.
> > I have an ftp server (vsftpd), configured to use pam_winbind with
> > and I see some random disconnects and my users cant login. My samba
> > are member of a Windows 2003 domain.
> > The relevant lines on my log.wb-OTHERDOMAIN are saying that the write to
> > socket failed because the connection was reset by peer, this happened
> > on 3.0.28, i was hoping that 3.0.31 fix this issue.
> > Im including my configuration and my log files. This happens only when
> > pam_winbind authenticates users of other domains, sometimes it gets fixed
> > itself because in my krb5.conf i have configured several domain
> > for the other domains and it changes the connections to the next server,
> > sometimes it gets stuck with one failed server and all my users cant
> > for a while.
> This is your problem :
> config [/var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN]
> [2008/07/31 10:03:55, 10]
> got TGT for accountXYZ at OTHERDOMAIN.FORREST.COM in
> MEMORY:winbindd_pam_ccache (valid until: Thu, 31 Jul 2008 20:03:57 CDT
> (1217552637), renewable till: Thu, 31 Jul 2008 20:03:57 CDT
> [2008/07/31 10:04:05, 4] libsmb/clikrb5.c:ads_krb5_mk_req(610)
> ads_krb5_mk_req: Advancing clock by 2 seconds to cope with clock skew
> Note the 30 second gap in timestamps.
> Looks like the call :
> krb5_ret = cli_krb5_get_ticket(local_service,
> at line 604: in nsswitch/winbindd_pam.c is taking ages
> to contact a KDC. Do you have DNS resolution issues ?
More information about the samba