[Samba] winbind warnings filling up syslog

Rowland penny rpenny at samba.org
Mon Feb 1 17:13:36 UTC 2016


On 01/02/16 16:24, HASM wrote:
> hasm> Every few minutes windbindd posts an error message like:
> hasm>   winbindd:  ../source3/libads/ldap.c:552(ads_find_dc)
> hasm>   winbindd:  ads_find_dc: name resolution for realm 'XXX.CO'
> hasm>   (domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS
> hasm> How can I shut this thing up?  I've also seen, not sure
> hasm> whether related, winbindd shooting up to 100% CPU (of this
> hasm> dual core box.)
>
> rpenny> How are you running Samba ?
>
> Fedora 23 daily patched.
> Samba is enabled and started by systemd.
> Status on services smb, nmb and winbind shows them running
> with no error or warning messages.
>
> rpenny> What version of Samba ?
>
> Seems to be 4.3.4.1:
>    samba-4.3.4-1.fc23.x86_64
>    samba-client-4.3.4-1.fc23.x86_64
>    samba-client-libs-4.3.4-1.fc23.x86_64
>    samba-common-4.3.4-1.fc23.noarch
>    samba-common-libs-4.3.4-1.fc23.x86_64
>    samba-common-tools-4.3.4-1.fc23.x86_64
>    samba-devel-4.3.4-1.fc23.x86_64
>    samba-libs-4.3.4-1.fc23.x86_64
>    samba-winbind-4.3.4-1.fc23.x86_64
>    samba-winbind-clients-4.3.4-1.fc23.x86_64
>    samba-winbind-modules-4.3.4-1.fc23.x86_64
>
> rpenny> Can you post (sanitized) versions of smb.conf,
> rpenny> /etc/resolv.conf, /etc/krb5.conf
>
> Below.
>
> -- HASM
>
>
> ------------------------------------------------------------
> /etc/resolv.conf
> ------------------------------------------------------------
>    ;generated by /sbin/dhclient-script
>    search company.com
>    nameserver 10.xx.xx.xx
>    nameserver 10.yy.yy.yy
>    nameserver 10.zz.zz.zz
> ------------------------------------------------------------
> /etc/krb5.conf
> ------------------------------------------------------------
> includedir /etc/krb5.conf.d/
>
> [logging]
>   default = FILE:/var/log/krb5libs.log
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>   dns_lookup_realm = false
>   dns_lookup_kdc = true
>   forwardable = true
>   rdns = false
>   default_realm = COMPANY.COM
>   default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
>   COMPANY.COM = {
>   kdc = dcxx.company.com:88
>   admin_server = COMPANY.COM
>   default_domain = COMPANY.COM
> }
>
> [domain_realm]
>    .company.com = COMPANY.COM
>    company.com = COMPANY.COM
> ------------------------------------------------------------
> /etc/samba/smb.conf
> ------------------------------------------------------------
> [global]
>   guest account = nobody
>   restrict anonymous = 1
>   hosts allow = 10. 127. 192.168.1.
>   load printers = no
>   printing = cups
>   cups options = raw
>   logging = systemd
>   log level = 1
>   map to guest = bad user
>   username map = /etc/samba/smbusers
>   local master = no
>   domain master = no
>   preferred master = no
>   name resolve order = host bcast
>   wins support = no
>
>   server string = HOSTNAME (SAMBA %v)
>   server signing = auto
>
>   client ntlmv2 auth = yes
>   wins server = dcxx
>   security = ADS
>   encrypt passwords = yes
>   password server = dcxx
>   workgroup = COMPANY
>   winbind use default domain = yes
>   realm = COMPANY.COM
> ------------------------------------------------------------		
>
>

OK, based on the fact you are running Fedora and have virtually have no 
winbind lines in smb.conf, you are probably running sssd. In which case, 
you could try turning winbind off, later version of sssd come with the 
their own version of libwinbind.

Rowland




More information about the samba mailing list