[Samba] winbind stop working

Daniele Bernazzi samba.10.danber at spamgourmet.com
Thu May 10 04:55:07 MDT 2012

On 05/10/2012 11:21 AM, sigunas wrote:
> We have similar problem to with samba file server, serving about 800 users.
> After server restart samba/winbind works as intended. After some time (it
> may be couple of weeks, or it may be 1 day) server does not authenticate new
> connections. Old connections work.
> For example: I don't turn off my computer, and next day I can access samba
> shares, reade/create/delete files and directories as usual. Users who just
> started computers and try to access shares are rejected with unknown
> user/password. After winbind restart (don't need to restart samba)
> everything works as intended again for day or sometimes for couple of weeks.
> Server configuration:
> security=ADS
> realm=our.domain.com
> client schanel=no
> wins support=no
> domain logons=no
> domain master=auto
> password server=dc.our.domain.com
> server string=failai
> local master=yes
> idmap uid=10000-20000
> idmap gid=10000-20000
> winbind enum users=yes
> winbind enum groups=yes
> encrypt password=true
> keepalive=600
> socket options=TCP_NODELAY
> dns proxy=no
> log level=1
> large readwrite=yes

 From my experience reducing idmap cache time seems to solve the problem.
I also experienced problems with idmap uid and idmap gid to such values 
(10000-20000); try lo raise over 65536 (100000-200000).
I made some tests on another server acting as a file server with 
validation on AD (no user and group mappings) in which winbind is 
usually off. Starting winbind and playing with parameters brought samba 
to deny the service after about 1 day; after stopping winbind and 
restarting nmbd smbd it works good ...

More information about the samba mailing list