[Samba] winbind warnings filling up syslog

HASM samba at martins.cc
Mon Feb 1 16:24:21 UTC 2016 

hasm> Every few minutes windbindd posts an error message like:
hasm>   winbindd:  ../source3/libads/ldap.c:552(ads_find_dc)
hasm>   winbindd:  ads_find_dc: name resolution for realm 'XXX.CO'
hasm>   (domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS
hasm> How can I shut this thing up?  I've also seen, not sure
hasm> whether related, winbindd shooting up to 100% CPU (of this
hasm> dual core box.)

rpenny> How are you running Samba ?

Fedora 23 daily patched.
Samba is enabled and started by systemd.
Status on services smb, nmb and winbind shows them running
with no error or warning messages.

rpenny> What version of Samba ?

Seems to be 4.3.4.1:
  samba-4.3.4-1.fc23.x86_64
  samba-client-4.3.4-1.fc23.x86_64
  samba-client-libs-4.3.4-1.fc23.x86_64
  samba-common-4.3.4-1.fc23.noarch
  samba-common-libs-4.3.4-1.fc23.x86_64
  samba-common-tools-4.3.4-1.fc23.x86_64
  samba-devel-4.3.4-1.fc23.x86_64
  samba-libs-4.3.4-1.fc23.x86_64
  samba-winbind-4.3.4-1.fc23.x86_64
  samba-winbind-clients-4.3.4-1.fc23.x86_64
  samba-winbind-modules-4.3.4-1.fc23.x86_64

rpenny> Can you post (sanitized) versions of smb.conf,
rpenny> /etc/resolv.conf, /etc/krb5.conf

Below.

-- HASM


------------------------------------------------------------
/etc/resolv.conf
------------------------------------------------------------
  ;generated by /sbin/dhclient-script
  search company.com
  nameserver 10.xx.xx.xx
  nameserver 10.yy.yy.yy
  nameserver 10.zz.zz.zz
------------------------------------------------------------
/etc/krb5.conf
------------------------------------------------------------
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 dns_lookup_kdc = true
 forwardable = true
 rdns = false
 default_realm = COMPANY.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
 COMPANY.COM = {
 kdc = dcxx.company.com:88
 admin_server = COMPANY.COM
 default_domain = COMPANY.COM
}

[domain_realm]
  .company.com = COMPANY.COM
  company.com = COMPANY.COM
------------------------------------------------------------
/etc/samba/smb.conf
------------------------------------------------------------
[global]
 guest account = nobody
 restrict anonymous = 1
 hosts allow = 10. 127. 192.168.1.
 load printers = no
 printing = cups
 cups options = raw
 logging = systemd
 log level = 1
 map to guest = bad user
 username map = /etc/samba/smbusers
 local master = no
 domain master = no
 preferred master = no
 name resolve order = host bcast
 wins support = no

 server string = HOSTNAME (SAMBA %v)
 server signing = auto

 client ntlmv2 auth = yes
 wins server = dcxx
 security = ADS
 encrypt passwords = yes
 password server = dcxx
 workgroup = COMPANY
 winbind use default domain = yes
 realm = COMPANY.COM
------------------------------------------------------------

More information about the samba mailing list