[Samba] winbind initialization: GetDC got invalid response type 21

Patrick Rynhart prynhart at gmail.com
Wed Jan 2 21:20:22 GMT 2008

Hi all,

I'm running Samba 3.0.28 on CentOS 5.1 as a PDC.  I'm having problems
with winbind taking a long to initialize or reconnect to the domain.
For example, starting winbind and then checking the trust secret takes
~30 seconds:

# time /usr/local/samba/bin/wbinfo -t
checking the trust secret via RPC calls succeeded

real    0m34.055s
user    0m0.008s
sys     0m0.019s

In the logs I'm getting:

Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21
Received packet for \MAILSLOT\NET\GETDC51417B82
GetDC got invalid response type 21

winbind eventually appears to fall back to another method to connect.

Could anyone please advise how this problem can be fixed ?

I have created debug level 10 logs of winbind (with debug hires
timestamp).  As the logs are too large for the mailing list (with a 64
kb limit) I have uploaded them here:


The problem is not the initial connection but when winbind needs
to reconnect to the domain after a period of inactivity.  NSS will then
hang and XP clients may then log on using cached credentials (as they
believe that no DC is available).  This causes the logon script not to run.

The global section of my smb.conf file is as follows:

        workgroup = SEAT
        server string = %h server (Samba %v)
        obey pam restrictions = Yes
        passdb backend = ldapsam:ldap://
        lanman auth = No
        client lanman auth = No
        client plaintext auth = No
        log level = 10
        log file = /var/log/samba/log.%m
        debug hires timestamp = Yes
        smb ports = 139
        name resolve order = wins host bcast lmhosts
        deadtime = 60
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        printcap name = /etc/printcap
        add user script = /usr/local/smbldaptools/smbldap-useradd -m "%u"
        delete user script = /usr/local/smbldaptools/smbldap-userdel "%u"
        add group script = /usr/local/smbldaptools/smbldap-groupadd -p "%g"
        delete group script = /usr/local/smbldaptools/smbldap-groupdel "%g"
        add user to group script =
/usr/local/smbldaptools/smbldap-groupmod -m "%u" "%g"
        delete user from group script =
/usr/local/smbldaptools/smbldap-groupmod -x "%u" "%g"
        set primary group script =
/usr/local/smbldaptools/smbldap-usermod -g "%g" "%u"
        add machine script = /usr/local/smbldaptools/smbldap-useradd -w "%u"
        logon script = netlogon.bat
        logon path =
        logon home =
        domain logons = Yes
        os level = 100
        preferred master = Yes
        domain master = Yes
        wins server =
        ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz
        ldap group suffix = ou=groups
        ldap idmap suffix = ou=idmap
        ldap machine suffix = ou=machines
        ldap passwd sync = Yes
        ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz
        ldap user suffix = ou=users
        panic action = /usr/share/samba/panic-action %d
        host msdfs = No
        idmap domains = ALLDOMAINS
        idmap backend = ldap:ldap://
        idmap alloc backend = ldap
        idmap uid = 10000-29000
        idmap gid = 10000-29000
        winbind use default domain = Yes
        idmap alloc config:range = 10000 - 50000
        idmap alloc config:ldap_url = ldap://
        idmap alloc config:ldap_base_dn =
        idmap config ALLDOMAINS:range = 10000 - 50000
        idmap config ALLDOMAINS:ldap_url = ldap://
        idmap config ALLDOMAINS:ldap_base_dn =
        idmap config ALLDOMAINS:backend = ldap
        idmap config ALLDOMAINS:default = yes
        printing = cups
        print command = lpr -P'%p' %s; rm %s
        lppause command = lp -i '%p-%j' -H hold
        lpresume command = lp -i '%p-%j' -H resume
        queuepause command = disable '%p'
        queueresume command = enable '%p'
        oplocks = No
        level2 oplocks = No



More information about the samba mailing list