[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

Sun Oct 18 17:41:27 MDT 2009

Good to know, and your description fits my understanding of this issue 
and reproduces my scenario well.
Basically all I have to to render the server completely unresponsive 
(even basic command line stuff) is take _any_ domain offline.
This seems to mean winbind's caching is not behaving as designed.

François Legal wrote:
> I don't know if it helps, but I ran through similar problems with one
> samba DC trusting another domain connected via a VPN.
> Each time the VPN went down, I had to hard reboot the server (no I did not
> have an open session all the time to kill winbindd).
>
> As far as I remember, this was with self built versions 3.2.4 through
> 3.2.6.
> After that, I decided to surrender with trusting another domain with
> samba.
>
> François
>
> On Fri, 16 Oct 2009 13:59:45 -0600, <admin at ateamonsite.com> wrote:
>   
>> Ok I am not hearing replies back - I dont want this issue to be swept
>>     
> under
>   
>> the rug. 
>>
>>
>> It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
>> I know now that the commands I was telling you all access UN/PW info
>>     
> such
>   
>> as LS or MAN etc, to see if you have permission to run them? IDK I am
>> guessing.
>>
>> BUT - if winbind is really caching and the connection is lost, then this
>> should be a non-issue as you say.
>>
>> Well here is my nsswitch.conf:
>>
>>
>> cat /etc/nsswitch.conf
>>
>>
>> passwd: compat winbind
>> group:  compat winbind
>>
>> networks:       files dns
>>
>> services:       files
>> protocols:      files
>> rpc:    files
>> ethers: files
>> netmasks:       files
>> netgroup:       files
>> publickey:      files
>>
>> bootparams:     files
>> automount:      files
>> aliases:        files
>>
>> hosts:  files dns
>> shadow: compat
>>
>>
>> Isn't this set up right? ;-)
>>
>>
>> So, famously when DNS is down, crap like SSH and NFS take unreasonable
>> amounts of time and cause system hangs in linux. This is what I've been
>> told, and I can accept that.
>> Since DNS is hosted on the AD server, when that server goes down, SSH,
>>     
> and
>   
>> even local login hang for extremely long amounts of time - im talking
>>     
> more
>   
>> than 10 minutes... then fail.
>>
>> In Windows (im sorry Im about to compare 2 operating systems) this is a
>>     
> non
>   
>> issue and you can use the machine even if the networking is hosed or you
>> cant talk to the AD.
>>
>> So.......
>>
>> BUMP! :-)
>>
>>
>>
>>
>>
>> On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
>>     
>>> Hopefully that isn't a bad thing! haha 
>>> Thanks! 
>>>
>>>
>>> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org>
>>>       
> wrote:
>   
>>>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>>>         
>>>>> Hi Jeremy,
>>>>>
>>>>>
>>>>>           
>>>>>> Sorry, didn't look too closely at your winbindd issue.
>>>>>> winbindd will cache all information to allow disconnected
>>>>>> operation (we made this work perfectly at SuSE), so there
>>>>>> certainly shouldn't be a problem with a loss of connection to a DC.
>>>>>>             
>>>>> I am sorry to report that I am in fact using SuSE, and this problem
>>>>>           
> is
>   
>>>>> very
>>>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>>>> minutes - then try and ssh to my Linux box. There is no way to log
>>>>>           
> into
>   
>>>>> the
>>>>> box. 
>>>>>           
>>>> Ok, then I'm going to hand you over to the SuSE Samba Team
>>>> maintainers on this list (sorry :-).
>>>>
>>>> Jeremy.
>>>>         