[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
Clayton Hill
admin at ateamonsite.com
Sun Oct 18 17:41:27 MDT 2009
Good to know, and your description fits my understanding of this issue
and reproduces my scenario well.
Basically all I have to to render the server completely unresponsive
(even basic command line stuff) is take _any_ domain offline.
This seems to mean winbind's caching is not behaving as designed.
François Legal wrote:
> I don't know if it helps, but I ran through similar problems with one
> samba DC trusting another domain connected via a VPN.
> Each time the VPN went down, I had to hard reboot the server (no I did not
> have an open session all the time to kill winbindd).
>
> As far as I remember, this was with self built versions 3.2.4 through
> 3.2.6.
> After that, I decided to surrender with trusting another domain with
> samba.
>
> François
>
> On Fri, 16 Oct 2009 13:59:45 -0600, <admin at ateamonsite.com> wrote:
>
>> Ok I am not hearing replies back - I dont want this issue to be swept
>>
> under
>
>> the rug.
>>
>>
>> It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even..
>> I know now that the commands I was telling you all access UN/PW info
>>
> such
>
>> as LS or MAN etc, to see if you have permission to run them? IDK I am
>> guessing.
>>
>> BUT - if winbind is really caching and the connection is lost, then this
>> should be a non-issue as you say.
>>
>> Well here is my nsswitch.conf:
>>
>>
>> cat /etc/nsswitch.conf
>>
>>
>> passwd: compat winbind
>> group: compat winbind
>>
>> networks: files dns
>>
>> services: files
>> protocols: files
>> rpc: files
>> ethers: files
>> netmasks: files
>> netgroup: files
>> publickey: files
>>
>> bootparams: files
>> automount: files
>> aliases: files
>>
>> hosts: files dns
>> shadow: compat
>>
>>
>> Isn't this set up right? ;-)
>>
>>
>> So, famously when DNS is down, crap like SSH and NFS take unreasonable
>> amounts of time and cause system hangs in linux. This is what I've been
>> told, and I can accept that.
>> Since DNS is hosted on the AD server, when that server goes down, SSH,
>>
> and
>
>> even local login hang for extremely long amounts of time - im talking
>>
> more
>
>> than 10 minutes... then fail.
>>
>> In Windows (im sorry Im about to compare 2 operating systems) this is a
>>
> non
>
>> issue and you can use the machine even if the networking is hosed or you
>> cant talk to the AD.
>>
>> So.......
>>
>> BUMP! :-)
>>
>>
>>
>>
>>
>> On Wed, 14 Oct 2009 16:51:10 -0600, <admin at ateamonsite.com> wrote:
>>
>>> Hopefully that isn't a bad thing! haha
>>> Thanks!
>>>
>>>
>>> On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <jra at samba.org>
>>>
> wrote:
>
>>>> On Wed, Oct 14, 2009 at 04:02:41PM -0600, admin at ateamonsite.com wrote:
>>>>
>>>>> Hi Jeremy,
>>>>>
>>>>>
>>>>>
>>>>>> Sorry, didn't look too closely at your winbindd issue.
>>>>>> winbindd will cache all information to allow disconnected
>>>>>> operation (we made this work perfectly at SuSE), so there
>>>>>> certainly shouldn't be a problem with a loss of connection to a DC.
>>>>>>
>>>>> I am sorry to report that I am in fact using SuSE, and this problem
>>>>>
> is
>
>>>>> very
>>>>> easy to reproduce if I power off my AD domain, then wait (I guess) 10
>>>>> minutes - then try and ssh to my Linux box. There is no way to log
>>>>>
> into
>
>>>>> the
>>>>> box.
>>>>>
>>>> Ok, then I'm going to hand you over to the SuSE Samba Team
>>>> maintainers on this list (sorry :-).
>>>>
>>>> Jeremy.
>>>>
More information about the samba
mailing list