[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)

Robert LeBlanc robert at leblancnet.us
Fri Oct 23 14:51:03 MDT 2009 

On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison <jra at samba.org> wrote:

> On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote:
> > 3.4.2
>
> Ok, what does your smb.conf look like. What is the
> configured winbindd backend ?
>

We have switched to hash for the increased flexibility. I have flushed the
idmap cache and everything resolves perfectly when a DC is contactable.

#======================= Global Settings =======================

[global]
   workgroup = byu
   realm = BYU.LOCAL
   preferred master = no
   server string = %h server
   dns proxy = no

#### Debugging/Accounting ####

   log file = /cluster/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d

####### Authentication #######

   security = ADS
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:*
%n\n *password\supdated\ssuccessfully* .
   pam password change = yes

########## Printing ##########

   load printers = no
   printing = bsd
   printcap name = /dev/null
   show add printer wizard = no
   disable spoolss = yes

############ Misc ############

  socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#  allow trusted domains = No
#  idmap backend = rid:BYU=10000-100000000
#  idmap config BYU:backend = rid
#  idmap config BYU:range = 10000-100000000
#  idmap uid = 10000-100000000
#  idmap gid = 10000-100000000
  idmap backend = hash
  winbind nss info = hash
  winbind use default domain = yes
  winbind separator = +
  winbind enum groups = no
  winbind enum users = no
  winbind nested groups = yes
  template homedir = /home/%U
  template shell = /bin/bash
  winbind refresh tickets = yes
#  use kerberos keytab = yes
#  kerberos method = system keytab # should work after bug is fixed
  winbind offline logon = yes

#======================= Share Definitions =======================



Robert LeBlanc
Life Sciences & Undergraduate Education Computer Support
Brigham Young University

More information about the samba mailing list