[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
François Legal
devel at thom.fr.eu.org
Fri Oct 16 14:33:07 MDT 2009
I don't know if it helps, but I ran through similar problems with one
samba DC trusting another domain connected via a VPN.
Each time the VPN went down, I had to hard reboot the server (no I did not
have an open session all the time to kill winbindd).
As far as I remember, this was with self built versions 3.2.4 through
3.2.6.
After that, I decided to surrender with trusting another domain with
samba.
François
On Fri, 16 Oct 2009 13:59:45 -0600, <admin at ateamonsite.com> wrote:
> Ok I am not hearing replies back - I dont want this issue to be swept
under
> the rug.
>
>
> It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
> I know now that the commands I was telling you all access UN/PW info
such
> as LS or MAN etc, to see if you have permission to run them? IDK I am
> guessing.
>
> BUT - if winbind is really caching and the connection is lost, then this
> should be a non-issue as you say.
>
> Well here is my nsswitch.conf:
>
>
> cat /etc/nsswitch.conf
>
>
> passwd: compat winbind
> group: compat winbind
>
> networks: files dns
>
> services: files
> protocols: files
> rpc: files
> ethers: files
> netmasks: files
> netgroup: files
> publickey: files
>
> bootparams: files
> automount: files
> aliases: files
>
> hosts: files dns
> shadow: compat
>
>
> Isn't this set up right? ;-)
>
>
> So, famously when DNS is down, crap like SSH and NFS take unreasonable
> amounts of time and cause system hangs in linux. This is what I've been
> told, and I can accept that.
> Since DNS is hosted on the AD server, when that server goes down, SSH,
and
> even local login hang for extremely long amounts of time - im talking
more
> than 10 minutes... then fail.
>
> In Windows (im sorry Im about to compare 2 operating systems) this is a
non
> issue and you can use the machine even if the networking is hosed or you
> cant talk to the AD.
>
> So.......
>
> BUMP! :-)
>
>
>
>
>
> On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
>> Hopefully that isn't a bad thing! haha
>> Thanks!
>>
>>
>> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org>
wrote:
>>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>>> Hi Jeremy,
>>>>
>>>>
>>>> > Sorry, didn't look too closely at your winbindd issue.
>>>> > winbindd will cache all information to allow disconnected
>>>> > operation (we made this work perfectly at SuSE), so there
>>>> > certainly shouldn't be a problem with a loss of connection to a DC.
>>>>
>>>> I am sorry to report that I am in fact using SuSE, and this problem
is
>>>> very
>>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>>> minutes - then try and ssh to my Linux box. There is no way to log
into
>>>> the
>>>> box.
>>>
>>> Ok, then I'm going to hand you over to the SuSE Samba Team
>>> maintainers on this list (sorry :-).
>>>
>>> Jeremy.
More information about the samba
mailing list