[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

François Legal devel at thom.fr.eu.org
Fri Oct 16 14:33:07 MDT 2009 

I don't know if it helps, but I ran through similar problems with one
samba DC trusting another domain connected via a VPN.
Each time the VPN went down, I had to hard reboot the server (no I did not
have an open session all the time to kill winbindd).

As far as I remember, this was with self built versions 3.2.4 through
3.2.6.
After that, I decided to surrender with trusting another domain with
samba.

François

On Fri, 16 Oct 2009 13:59:45 -0600, <admin at ateamonsite.com> wrote:
> Ok I am not hearing replies back - I dont want this issue to be swept
under
> the rug. 
> 
> 
> It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
> I know now that the commands I was telling you all access UN/PW info
such
> as LS or MAN etc, to see if you have permission to run them? IDK I am
> guessing.
> 
> BUT - if winbind is really caching and the connection is lost, then this
> should be a non-issue as you say.
> 
> Well here is my nsswitch.conf:
> 
> 
> cat /etc/nsswitch.conf
> 
> 
> passwd: compat winbind
> group:  compat winbind
> 
> networks:       files dns
> 
> services:       files
> protocols:      files
> rpc:    files
> ethers: files
> netmasks:       files
> netgroup:       files
> publickey:      files
> 
> bootparams:     files
> automount:      files
> aliases:        files
> 
> hosts:  files dns
> shadow: compat
> 
> 
> Isn't this set up right? ;-)
> 
> 
> So, famously when DNS is down, crap like SSH and NFS take unreasonable
> amounts of time and cause system hangs in linux. This is what I've been
> told, and I can accept that.
> Since DNS is hosted on the AD server, when that server goes down, SSH,
and
> even local login hang for extremely long amounts of time - im talking
more
> than 10 minutes... then fail.
> 
> In Windows (im sorry Im about to compare 2 operating systems) this is a
non
> issue and you can use the machine even if the networking is hosed or you
> cant talk to the AD.
> 
> So.......
> 
> BUMP! :-)
> 
> 
> 
> 
> 
> On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
>> Hopefully that isn't a bad thing! haha 
>> Thanks! 
>> 
>> 
>> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org>
wrote:
>>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>>> Hi Jeremy,
>>>> 
>>>> 
>>>> > Sorry, didn't look too closely at your winbindd issue.
>>>> > winbindd will cache all information to allow disconnected
>>>> > operation (we made this work perfectly at SuSE), so there
>>>> > certainly shouldn't be a problem with a loss of connection to a DC.
>>>> 
>>>> I am sorry to report that I am in fact using SuSE, and this problem
is
>>>> very
>>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>>> minutes - then try and ssh to my Linux box. There is no way to log
into
>>>> the
>>>> box. 
>>> 
>>> Ok, then I'm going to hand you over to the SuSE Samba Team
>>> maintainers on this list (sorry :-).
>>> 
>>> Jeremy.

More information about the samba mailing list