[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
devel at thom.fr.eu.org
Fri Oct 16 14:33:07 MDT 2009
I don't know if it helps, but I ran through similar problems with one
samba DC trusting another domain connected via a VPN.
Each time the VPN went down, I had to hard reboot the server (no I did not
have an open session all the time to kill winbindd).
As far as I remember, this was with self built versions 3.2.4 through
After that, I decided to surrender with trusting another domain with
On Fri, 16 Oct 2009 13:59:45 -0600, <admin at ateamonsite.com> wrote:
> Ok I am not hearing replies back - I dont want this issue to be swept
> the rug.
> It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
> I know now that the commands I was telling you all access UN/PW info
> as LS or MAN etc, to see if you have permission to run them? IDK I am
> BUT - if winbind is really caching and the connection is lost, then this
> should be a non-issue as you say.
> Well here is my nsswitch.conf:
> cat /etc/nsswitch.conf
> passwd: compat winbind
> group: compat winbind
> networks: files dns
> services: files
> protocols: files
> rpc: files
> ethers: files
> netmasks: files
> netgroup: files
> publickey: files
> bootparams: files
> automount: files
> aliases: files
> hosts: files dns
> shadow: compat
> Isn't this set up right? ;-)
> So, famously when DNS is down, crap like SSH and NFS take unreasonable
> amounts of time and cause system hangs in linux. This is what I've been
> told, and I can accept that.
> Since DNS is hosted on the AD server, when that server goes down, SSH,
> even local login hang for extremely long amounts of time - im talking
> than 10 minutes... then fail.
> In Windows (im sorry Im about to compare 2 operating systems) this is a
> issue and you can use the machine even if the networking is hosed or you
> cant talk to the AD.
> BUMP! :-)
> On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
>> Hopefully that isn't a bad thing! haha
>> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org>
>>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>>> Hi Jeremy,
>>>> > Sorry, didn't look too closely at your winbindd issue.
>>>> > winbindd will cache all information to allow disconnected
>>>> > operation (we made this work perfectly at SuSE), so there
>>>> > certainly shouldn't be a problem with a loss of connection to a DC.
>>>> I am sorry to report that I am in fact using SuSE, and this problem
>>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>>> minutes - then try and ssh to my Linux box. There is no way to log
>>> Ok, then I'm going to hand you over to the SuSE Samba Team
>>> maintainers on this list (sorry :-).
More information about the samba