[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

Robert LeBlanc robert at leblancnet.us
Thu Oct 22 16:45:41 MDT 2009

I'm using 3.4.2 right now and I'm seeing a similar problem. We are using
winbind to authenticate our users on our Linux cluster. The worker and
interactive nodes are on a private subnet that is NATed to the local LAN.
Two head nodes provide failover for the NATing. When failover is happening,
winbind whacks out. The system is not unusable, but no authentication
happens for about 30 minutes after the failover. I'm going to see if I can
get iptables to share state between machines to help prevent this, but there
needs to be a faster reconnection after domain controllers seem to be down.

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill <admin at ateamonsite.com> wrote:

> Hi Jason,
> Yup you got the same problem - just going about it a sorta different way
> - ouch that must really suck having winbind\ADdomain own the account you
> are logged in as. bummer!
> My problem is slightly less serious as I am trying to use my local accounts
> (such as root) and I just use samba as a domain member to host files with AD
> ACLs in the filesystem permissions... but we see the same bug. because
> winbind (even caching) kills access to my local accounts.
> I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had a
> chance to run the same test on 3.4
> possibilities:
> winbind is not caching right to allow smooth operation when the DC is
> offline and the system is virtually locked up
> winbind doesnt know the moment it cant connect to the DC that it should
> really use cache or just buzz off and die somehow
> winbind may or may not connect back up to the DC immediately
> I need to play with parameters and see what the new winbind options in 3.4
> do. I have been on 3.2 until yesterday.
> Thanks for the info on the bug report..
> Cheers,
> -Clayton
> Jason Haar wrote:
>> Just a FYI, but this looks an awful lot like the bug I reported months ago
>> https://bugzilla.samba.org/show_bug.cgi?id=6103
>> Basically I'm running Fedora11 with no local accounts (beyond root) -
>> relying on winbind. On occasion winbind appears to "hang" - and no local
>> access works - including root - which shouldn't need winbind to succeed!
>> Normally I have to reboot to fix, however if I was lucky enough for it
>> to happen before my screensaver kicked in, then simply restarting
>> winbind fixes the problem.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list