[Samba] winbindd becomes unresponsive on member server
Brian De Wolf
bldewolf at cpp.edu
Tue Apr 26 01:33:05 UTC 2016
Hello,
I've been working on converting our OmniOS home directory member
servers from Samba 3.6.25 to 4.3.8. For the first few hours after
startup, everything is accessible and works as expected. Eventually,
winbindd stops responding and smbd starts logging this error:
domain_client_validate: Domain password server not available.
At this point, authentications no longer work. "wbinfo -p" fails. If
I run it with debug logging, winbindd only logs these messages every 5
minutes post-failure:
[2016/04/25 15:47:10.676347, 10, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:385(winbind_msg_domain_online)
Domain ad is marked as online now.
[2016/04/25 15:47:10.682186, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0
[2016/04/25 15:47:10.682226, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain YUKON () SID S-1-5-21-1178196917-3343520102-2534146612, flags = 0x0, attribs = 0x0, type = 0x0
[2016/04/25 15:47:10.682257, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain ad (ad.cpp.edu) SID S-1-5-21-2732431017-2472381161-1794148792, flags = 0x1d, attribs = 0x0, type = 0x2
[2016/04/25 15:47:10.682285, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain WIN (win.csupomona.edu) SID S-1-5-21-117609710-706699826-1801674531, flags = 0x22, attribs = 0x48, type = 0x2
[2016/04/25 15:52:10.651117, 5, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:579(winbind_child_died)
Already reaped child 2409 died
[2016/04/25 15:52:10.684484, 10, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cm.c:385(winbind_msg_domain_online)
Domain ad is marked as online now.
[2016/04/25 15:52:10.689225, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0
[2016/04/25 15:52:10.689260, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain YUKON () SID S-1-5-21-1178196917-3343520102-2534146612, flags = 0x0, attribs = 0x0, type = 0x0
[2016/04/25 15:52:10.689283, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain ad (ad.cpp.edu) SID S-1-5-21-2732431017-2472381161-1794148792, flags = 0x1d, attribs = 0x0, type = 0x2
[2016/04/25 15:52:10.689306, 11, pid=1739, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:4597(unpack_tdc_domains)
unpack_tdc_domains: Unpacking domain WIN (win.csupomona.edu) SID S-1-5-21-117609710-706699826-1801674531, flags = 0x22, attribs = 0x48, type = 0x2
Note that the host is joined to the ad.cpp.edu domain and there's trust
to win.csupomona.edu. Before the failure, I authenticated using both
domains.
Has anyone seen something like this before? What should be my next
steps?
And here's our config:
[global]
allow trusted domains = yes
enable privileges = no
deadtime = 10
debug pid = yes
disable netbios = yes
idmap config * : backend = nss
idmap config * : range = 1000-2147483648
lanman auth = no
load printers = no
log level = 1
map archive = no
name resolve order = host
realm = ad.cpp.edu
restrict anonymous = 1
security = ads
server signing = auto
show add printer wizard = no
workgroup = ad
writable = yes
max log size = 512000
unix extensions = no
veto files = /$RECYCLE.BIN/
vfs objects = shadow_copy2 zfsacl
shadow: snapdir = .zfs/snapshot
shadow: format = backup-%Y.%m.%d-%H.%M.%S
shadow: sort = desc
shadow: localtime = yes
nfs4: mode = special
multicast dns register = no
wide links = yes
private dir = /etc/samba/private
logging = file
[homes]
browseable = no
path = /export/user/%S
More information about the samba
mailing list