[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
admin at ateamonsite.com
admin at ateamonsite.com
Fri Oct 23 17:33:15 MDT 2009
Ok folks,
Got ya some log level 10 of this fun stuff..
Steps:
First everything is normal. DCs are up.
Log level 10 is set.
I run
wbinfo -t
I run
net ads info
I run
net ads testjoin
then I bring the DC down.
Now I run
time getfacl /xymount/tera
HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera
getfacl: Removing leading '/' from absolute path names
# file: xymount/tera
# owner: root
# group: root
user::rwx
user:webadmin:rwx
group::r-x
group:webadmin:r-x
group:2000512:rwx
group:2000513:rwx
mask::rwx
other::r--
default:user::rwx
default:group::r-x
default:group:webadmin:r-x
default:group:2000512:rwx
default:group:2000513:rwx
default:mask::rwx
default:other::r--
real 29m10.058s
user 0m0.020s
sys 0m0.008s
Then I bring the DCs back up
then I run again
getfacl /xymount/tera
All is well - winbind recovered after the DCs were back up. This must be
because Im on 3.4.2 now instead of 3.2.X or earlier which would not recover
quickly after the DCs were back.
LOGS here: ftp://djfuq.org/logs10.tar
Cheers,
-Clayton
>
>
>
>
> On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc <robert at leblancnet.us>
> wrote:
>> On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison <jra at samba.org> wrote:
>>
>>> On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote:
>>> > 3.4.2
>>>
>>> Ok, what does your smb.conf look like. What is the
>>> configured winbindd backend ?
>>>
>>
>> We have switched to hash for the increased flexibility. I have flushed
> the
>> idmap cache and everything resolves perfectly when a DC is contactable.
>>
>> #======================= Global Settings =======================
>>
>> [global]
>> workgroup = byu
>> realm = BYU.LOCAL
>> preferred master = no
>> server string = %h server
>> dns proxy = no
>>
>> #### Debugging/Accounting ####
>>
>> log file = /cluster/log/samba/log.%m
>> max log size = 1000
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>>
>> ####### Authentication #######
>>
>> security = ADS
>> encrypt passwords = true
>> passdb backend = tdbsam
>> obey pam restrictions = yes
>> invalid users = root
>> unix password sync = yes
>> passwd program = /usr/bin/passwd %u
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:*
>> %n\n *password\supdated\ssuccessfully* .
>> pam password change = yes
>>
>> ########## Printing ##########
>>
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> show add printer wizard = no
>> disable spoolss = yes
>>
>> ############ Misc ############
>>
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
> SO_SNDBUF=8192
>> # allow trusted domains = No
>> # idmap backend = rid:BYU=10000-100000000
>> # idmap config BYU:backend = rid
>> # idmap config BYU:range = 10000-100000000
>> # idmap uid = 10000-100000000
>> # idmap gid = 10000-100000000
>> idmap backend = hash
>> winbind nss info = hash
>> winbind use default domain = yes
>> winbind separator = +
>> winbind enum groups = no
>> winbind enum users = no
>> winbind nested groups = yes
>> template homedir = /home/%U
>> template shell = /bin/bash
>> winbind refresh tickets = yes
>> # use kerberos keytab = yes
>> # kerberos method = system keytab # should work after bug is fixed
>> winbind offline logon = yes
>>
>> #======================= Share Definitions =======================
>>
>>
>>
>> Robert LeBlanc
>> Life Sciences & Undergraduate Education Computer Support
>> Brigham Young University
More information about the samba
mailing list