[Samba] Winbind timeouts/hangs(?)
Rowland penny
rpenny at samba.org
Fri Aug 23 12:56:06 UTC 2019
On 23/08/2019 13:11, Heiko Wundram via samba wrote:
> Hey,
>
> Am 23.08.2019 13:56, schrieb Rowland penny via samba:
>> see Red-Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1663323
>> They no longer support using sssd with winbind.
>
> Yes, I know that discussion, and if you read the corresponding bug
> report, the case that was mentioned (which is outdated already, please
> look for info on idmap_sss for Samba for combining the two)
Yes, I am aware of idmap_sss, but it isn't a Samba product, so we know
nothing about it.
> is if sssd and winbind run against the same domain and both derive
> information for the same user base. There are later bug reports which
> explicitly state that the corresponding note, which was added to the
> documentation at the beginning of this year, is outdated again/should
> be fixed.
You should not run sssd and winbind on the same machine, sssd has its
own versions of some of the winbind libs.
>
> Anyway, all this doesn't apply to my case, as sssd and winbind run
> against completely different authentication sources,
As I say, you shouldn't run sssd and winbind on the same machine.
> and from what I could gather from the Samba bug report I mentioned,
And that wasn't a winbind bug, was it ?
> the problem is that sss is not reentrant as an authentication source,
> whereas winbind is, which causes mayhem when looking up accounts that
> are in neither source. sssd has this fixed in some version which
> doesn't appear to be in Debian yet. But I'll leave it at that and now
> try to get some information on the patch that's required. Have a
> pleasant afternoon.
I repeat these truths, you should not run sssd and winbind on the same
machine, but if you do, you should ask the sssd-users mailing list. This
is because we do not produce sssd and know little or nothing about it.
Rowland
More information about the samba
mailing list