[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

Fri Oct 23 09:33:11 MDT 2009

Just out of curiosity, do any of you have mdns4_minimal or mdsn4 in your
/etc/nsswitch.conf file? I think mdns4 doesn't work too well and I usually
take it out, but it was alive and well on these machines. Does removing
those items help anyone?

Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

On Thu, Oct 22, 2009 at 4:45 PM, Robert LeBlanc <robert at leblancnet.us>wrote:

> I'm using 3.4.2 right now and I'm seeing a similar problem. We are using
> winbind to authenticate our users on our Linux cluster. The worker and
> interactive nodes are on a private subnet that is NATed to the local LAN.
> Two head nodes provide failover for the NATing. When failover is happening,
> winbind whacks out. The system is not unusable, but no authentication
> happens for about 30 minutes after the failover. I'm going to see if I can
> get iptables to share state between machines to help prevent this, but there
> needs to be a faster reconnection after domain controllers seem to be down.
>
> Robert LeBlanc
> Life Sciences & Undergraduate Education Computer Support
> Brigham Young University
>
>
>
> On Thu, Oct 22, 2009 at 1:55 AM, Clayton Hill <admin at ateamonsite.com>wrote:
>
>> Hi Jason,
>>
>> Yup you got the same problem - just going about it a sorta different way
>> - ouch that must really suck having winbind\ADdomain own the account you
>> are logged in as. bummer!
>> My problem is slightly less serious as I am trying to use my local
>> accounts (such as root) and I just use samba as a domain member to host
>> files with AD ACLs in the filesystem permissions... but we see the same bug.
>> because winbind (even caching) kills access to my local accounts.
>> I hope this is fixed in 3.4 (I just installed it yesterday) I haven't had
>> a chance to run the same test on 3.4
>>
>> possibilities:
>> winbind is not caching right to allow smooth operation when the DC is
>> offline and the system is virtually locked up
>> winbind doesnt know the moment it cant connect to the DC that it should
>> really use cache or just buzz off and die somehow
>> winbind may or may not connect back up to the DC immediately
>>
>> I need to play with parameters and see what the new winbind options in 3.4
>> do. I have been on 3.2 until yesterday.
>>
>>
>> Thanks for the info on the bug report..
>>
>> Cheers,
>> -Clayton
>>
>> Jason Haar wrote:
>>
>>> Just a FYI, but this looks an awful lot like the bug I reported months
>>> ago
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=6103
>>>
>>> Basically I'm running Fedora11 with no local accounts (beyond root) -
>>> relying on winbind. On occasion winbind appears to "hang" - and no local
>>> access works - including root - which shouldn't need winbind to succeed!
>>> Normally I have to reboot to fix, however if I was lucky enough for it
>>> to happen before my screensaver kicked in, then simply restarting
>>> winbind fixes the problem.
>>>
>>>
>>>
>>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>