[Samba] winbind initialization: GetDC got invalid response type 21
Patrick Rynhart
prynhart at gmail.com
Wed Jan 2 21:20:22 GMT 2008
Hi all,
I'm running Samba 3.0.28 on CentOS 5.1 as a PDC. I'm having problems
with winbind taking a long to initialize or reconnect to the domain.
For example, starting winbind and then checking the trust secret takes
~30 seconds:
# time /usr/local/samba/bin/wbinfo -t
checking the trust secret via RPC calls succeeded
real 0m34.055s
user 0m0.008s
sys 0m0.019s
In the logs I'm getting:
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
winbind eventually appears to fall back to another method to connect.
Could anyone please advise how this problem can be fixed ?
I have created debug level 10 logs of winbind (with debug hires
timestamp). As the logs are too large for the mailing list (with a 64
kb limit) I have uploaded them here:
http://www.massey.ac.nz/~prynhart/log.winbindd_20080103.tgz
http://www.massey.ac.nz/~prynhart/log.seat-dc1_20080103.tgz
http://www.massey.ac.nz/~prynhart/log.130.123.64.84_20080103.tgz
The problem is not the initial connection but when winbind needs
to reconnect to the domain after a period of inactivity. NSS will then
hang and XP clients may then log on using cached credentials (as they
believe that no DC is available). This causes the logon script not to run.
The global section of my smb.conf file is as follows:
[global]
workgroup = SEAT
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = ldapsam:ldap://127.0.0.1
lanman auth = No
client lanman auth = No
client plaintext auth = No
log level = 10
log file = /var/log/samba/log.%m
debug hires timestamp = Yes
smb ports = 139
name resolve order = wins host bcast lmhosts
deadtime = 60
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
SO_BROADCAST
printcap name = /etc/printcap
add user script = /usr/local/smbldaptools/smbldap-useradd -m "%u"
delete user script = /usr/local/smbldaptools/smbldap-userdel "%u"
add group script = /usr/local/smbldaptools/smbldap-groupadd -p "%g"
delete group script = /usr/local/smbldaptools/smbldap-groupdel "%g"
add user to group script =
/usr/local/smbldaptools/smbldap-groupmod -m "%u" "%g"
delete user from group script =
/usr/local/smbldaptools/smbldap-groupmod -x "%u" "%g"
set primary group script =
/usr/local/smbldaptools/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/smbldaptools/smbldap-useradd -w "%u"
logon script = netlogon.bat
logon path =
logon home =
domain logons = Yes
os level = 100
preferred master = Yes
domain master = Yes
wins server = 130.123.128.14
ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz
ldap user suffix = ou=users
panic action = /usr/share/samba/panic-action %d
host msdfs = No
idmap domains = ALLDOMAINS
idmap backend = ldap:ldap://127.0.0.1
idmap alloc backend = ldap
idmap uid = 10000-29000
idmap gid = 10000-29000
winbind use default domain = Yes
idmap alloc config:range = 10000 - 50000
idmap alloc config:ldap_url = ldap://127.0.0.1/
idmap alloc config:ldap_base_dn =
ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap config ALLDOMAINS:range = 10000 - 50000
idmap config ALLDOMAINS:ldap_url = ldap://127.0.0.1/
idmap config ALLDOMAINS:ldap_base_dn =
ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz
idmap config ALLDOMAINS:backend = ldap
idmap config ALLDOMAINS:default = yes
printing = cups
print command = lpr -P'%p' %s; rm %s
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = disable '%p'
queueresume command = enable '%p'
oplocks = No
level2 oplocks = No
Regards,
Patrick
More information about the samba
mailing list