[Samba] Winbind timeouts/hangs(?)

Rowland penny rpenny at samba.org
Fri Aug 23 12:56:06 UTC 2019


On 23/08/2019 13:11, Heiko Wundram via samba wrote:
> Hey,
>
> Am 23.08.2019 13:56, schrieb Rowland penny via samba:
>> see Red-Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1663323
>> They no longer support using sssd with winbind.
>
> Yes, I know that discussion, and if you read the corresponding bug 
> report, the case that was mentioned (which is outdated already, please 
> look for info on idmap_sss for Samba for combining the two) 
Yes, I am aware of idmap_sss, but it isn't a Samba product, so we know 
nothing about it.
> is if sssd and winbind run against the same domain and both derive 
> information for the same user base. There are later bug reports which 
> explicitly state that the corresponding note, which was added to the 
> documentation at the beginning of this year, is outdated again/should 
> be fixed.
You should not run sssd and winbind on the same machine, sssd has its 
own versions of some of the winbind libs.
>
> Anyway, all this doesn't apply to my case, as sssd and winbind run 
> against completely different authentication sources, 
As I say, you shouldn't run sssd and winbind on the same machine.
> and from what I could gather from the Samba bug report I mentioned,
And that wasn't a winbind bug, was it ?
> the problem is that sss is not reentrant as an authentication source, 
> whereas winbind is, which causes mayhem when looking up accounts that 
> are in neither source. sssd has this fixed in some version which 
> doesn't appear to be in Debian yet. But I'll leave it at that and now 
> try to get some information on the patch that's required. Have a 
> pleasant afternoon.

I repeat these truths, you should not run sssd and winbind on the same 
machine, but if you do, you should ask the sssd-users mailing list. This 
is because we do not produce sssd and know little or nothing about it.

Rowland






More information about the samba mailing list