[Samba] Samba bug 7818 / Debian bug 603729 RESOLVED finally (I think)

[Dale Schroeder]

I thought I would post this in case it might be of help to someone else 
who has experienced winbind crashes since moving to 3.5.x.

Back in November 2010, after upgrading to Samba 3.5.x, I started 
experiencing repeated winbind crashed resulting in the generation of 
"winbind_cache.corrupt" files.  I was premature in saying the problem 
was resolved and the bugs could be closed because my attempted winbind 
fix lasted less than 36 hours.  In the interim, I've been constantly 
monitoring and trying other things.  A recent unrelated problem 
affecting the entire LAN apparently enabled me to resolve the repeated 
winbind crashes.

Actually, Steve Langasek provided the necessary clue in December, but I 
did not know what to do with the info at the time.  He said:

	It's the nature of OpenDNS that if you send a query to it for*any*  hostname
	that doesn't resolve, instead of (properly) giving a "no such host" message,
	it instead responds with an IP address pointing to one of its own
	webservers.

	So any failure to resolve a name via WINS will result in it being resolved
	to OpenDNS instead, in this situation.


Using redirecting DNS forwarders appears to be the source of my winbind 
problem.  Using DNS Benchmark ( http://www.grc.com/dns/benchmark.htm ), 
I was able to identify public non-redirecting servers to use.  After 
changing the forwarders, I have not had a winbind crash in 5+ days.

Note that I have a server still using 3.2.5 that has not had a single 
winbind problem during this entire period.  In fact, all versions 
through 3.4.x worked flawlessly, so something in the internal workings 
of winbind/DNS changed with 3.5.  During the entire problem period, the 
DC was available and fuctioning properly, as was the WINS server.  My 
suspicion is that the DC was not responding as fast as winbind expected 
it to, then resorting to OpenDNS to resolve the name, resulting in a 
redirection to an OpenDNS server, ultimately leading to the winbind 
crash.  If my suspicion is correct, this may be another manifestation of 
one of the bugs fixed in 3.5.8:

	o  Fix Winbind crash bug when no DC is available (bug #7730).


So, if you are using Samba 3.5.x and are having winbind problems, ensure 
that the DNS servers that you are using are non-redirecting.  It might 
give you a reprieve until 3.5.8 comes to your distribution.

Dale