[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

admin at ateamonsite.com admin at ateamonsite.com
Fri Oct 16 13:59:45 MDT 2009 

Ok I am not hearing replies back - I dont want this issue to be swept under
the rug. 


It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
I know now that the commands I was telling you all access UN/PW info such
as LS or MAN etc, to see if you have permission to run them? IDK I am
guessing.

BUT - if winbind is really caching and the connection is lost, then this
should be a non-issue as you say.

Well here is my nsswitch.conf:


cat /etc/nsswitch.conf


passwd: compat winbind
group:  compat winbind

networks:       files dns

services:       files
protocols:      files
rpc:    files
ethers: files
netmasks:       files
netgroup:       files
publickey:      files

bootparams:     files
automount:      files
aliases:        files

hosts:  files dns
shadow: compat


Isn't this set up right? ;-)


So, famously when DNS is down, crap like SSH and NFS take unreasonable
amounts of time and cause system hangs in linux. This is what I've been
told, and I can accept that.
Since DNS is hosted on the AD server, when that server goes down, SSH, and
even local login hang for extremely long amounts of time - im talking more
than 10 minutes... then fail.

In Windows (im sorry Im about to compare 2 operating systems) this is a non
issue and you can use the machine even if the networking is hosed or you
cant talk to the AD.

So.......

BUMP! :-)





On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
> Hopefully that isn't a bad thing! haha 
> Thanks! 
> 
> 
> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org> wrote:
>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>> Hi Jeremy,
>>> 
>>> 
>>> > Sorry, didn't look too closely at your winbindd issue.
>>> > winbindd will cache all information to allow disconnected
>>> > operation (we made this work perfectly at SuSE), so there
>>> > certainly shouldn't be a problem with a loss of connection to a DC.
>>> 
>>> I am sorry to report that I am in fact using SuSE, and this problem is
>>> very
>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>> minutes - then try and ssh to my Linux box. There is no way to log into
>>> the
>>> box. 
>> 
>> Ok, then I'm going to hand you over to the SuSE Samba Team
>> maintainers on this list (sorry :-).
>> 
>> Jeremy.

More information about the samba mailing list