[Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity)
admin at ateamonsite.com
admin at ateamonsite.com
Fri Oct 23 17:36:07 MDT 2009
Doh! wrong protocol for logs! lol
here is the right link:
http://djfuq.org/logs10.tar
have alot of fun
-Clayton
On Fri, 23 Oct 2009 17:33:15 -0600, <admin at ateamonsite.com> wrote:
> Ok folks,
>
> Got ya some log level 10 of this fun stuff..
>
> Steps:
> First everything is normal. DCs are up.
> Log level 10 is set.
>
> I run
> wbinfo -t
>
> I run
> net ads info
>
> I run
> net ads testjoin
>
> then I bring the DC down.
>
> Now I run
> time getfacl /xymount/tera
>
>
> HSA-PFX10101001:/var/log/samba # time getfacl /xymount/tera
> getfacl: Removing leading '/' from absolute path names
> # file: xymount/tera
> # owner: root
> # group: root
> user::rwx
> user:webadmin:rwx
> group::r-x
> group:webadmin:r-x
> group:2000512:rwx
> group:2000513:rwx
> mask::rwx
> other::r--
> default:user::rwx
> default:group::r-x
> default:group:webadmin:r-x
> default:group:2000512:rwx
> default:group:2000513:rwx
> default:mask::rwx
> default:other::r--
>
>
> real 29m10.058s
> user 0m0.020s
> sys 0m0.008s
>
>
>
> Then I bring the DCs back up
>
> then I run again
>
> getfacl /xymount/tera
>
> All is well - winbind recovered after the DCs were back up. This must be
> because Im on 3.4.2 now instead of 3.2.X or earlier which would not
recover
> quickly after the DCs were back.
>
> LOGS here: ftp://djfuq.org/logs10.tar
>
>
> Cheers,
> -Clayton
>>
>>
>>
>>
>> On Fri, 23 Oct 2009 14:51:03 -0600, Robert LeBlanc
<robert at leblancnet.us>
>> wrote:
>>> On Fri, Oct 23, 2009 at 2:45 PM, Jeremy Allison <jra at samba.org> wrote:
>>>
>>>> On Fri, Oct 23, 2009 at 02:34:45PM -0600, Robert LeBlanc wrote:
>>>> > 3.4.2
>>>>
>>>> Ok, what does your smb.conf look like. What is the
>>>> configured winbindd backend ?
>>>>
>>>
>>> We have switched to hash for the increased flexibility. I have flushed
>> the
>>> idmap cache and everything resolves perfectly when a DC is contactable.
>>>
>>> #======================= Global Settings =======================
>>>
>>> [global]
>>> workgroup = byu
>>> realm = BYU.LOCAL
>>> preferred master = no
>>> server string = %h server
>>> dns proxy = no
>>>
>>> #### Debugging/Accounting ####
>>>
>>> log file = /cluster/log/samba/log.%m
>>> max log size = 1000
>>> syslog = 0
>>> panic action = /usr/share/samba/panic-action %d
>>>
>>> ####### Authentication #######
>>>
>>> security = ADS
>>> encrypt passwords = true
>>> passdb backend = tdbsam
>>> obey pam restrictions = yes
>>> invalid users = root
>>> unix password sync = yes
>>> passwd program = /usr/bin/passwd %u
>>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>>> *Retype\snew\s*\spassword:*
>>> %n\n *password\supdated\ssuccessfully* .
>>> pam password change = yes
>>>
>>> ########## Printing ##########
>>>
>>> load printers = no
>>> printing = bsd
>>> printcap name = /dev/null
>>> show add printer wizard = no
>>> disable spoolss = yes
>>>
>>> ############ Misc ############
>>>
>>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
>> SO_SNDBUF=8192
>>> # allow trusted domains = No
>>> # idmap backend = rid:BYU=10000-100000000
>>> # idmap config BYU:backend = rid
>>> # idmap config BYU:range = 10000-100000000
>>> # idmap uid = 10000-100000000
>>> # idmap gid = 10000-100000000
>>> idmap backend = hash
>>> winbind nss info = hash
>>> winbind use default domain = yes
>>> winbind separator = +
>>> winbind enum groups = no
>>> winbind enum users = no
>>> winbind nested groups = yes
>>> template homedir = /home/%U
>>> template shell = /bin/bash
>>> winbind refresh tickets = yes
>>> # use kerberos keytab = yes
>>> # kerberos method = system keytab # should work after bug is fixed
>>> winbind offline logon = yes
>>>
>>> #======================= Share Definitions =======================
>>>
>>>
>>>
>>> Robert LeBlanc
>>> Life Sciences & Undergraduate Education Computer Support
>>> Brigham Young University
More information about the samba
mailing list