[Samba] winbind causing huge timeouts/delays since 4.8

Alexander Spannagel aspannagel at gmx.de
Fri Feb 22 21:40:38 UTC 2019 

Am 22.02.19 um 17:02 schrieb Rowland Penny via samba:
> If you do have 'files sss winbind' in /etc/nsswitch.conf' and sssd
> is running, then it is highly likely that even if winbind is running,
> it will not be used. You also shouldn't use winbind on the shadow line
> and you shouldn't run winbind and sssd together, sssd has its own
> version of one of the winbind libs, and this will undoubtedly interfere
> with the Samba one.
On our linux servers ldap should always be used before asking AD via 
samba/winbind (as stated in nsswitch.conf). The sssd and samba libs are 
separated (we are on unix not windows) so there shouldn't be any 
"randomly" usage and if one of them or both have some buggy code maybe 
triggered by special config combinations - but really don't want to 
point to one or the other just want to solve an issue we hit in our 
environment.

Anyhow i did some more patch testing and found two more ways to solve 
our issues instead of adding the line "return false;":
1. replace the patched line with this one:
	fstrcpy(domain, namespace);
    so in our setup domain would be set to namespace which is is set to
2. don't use the patch added via Bug 13503 at all

So for me it looks the issue is caused somehwere later in code, when 
function parse_domain_user sets namespace to something different than 
domain - in our case namespace=lp_netbios_name()='HOSTNAME' and domain=''.
If i would be asked, i would go with solution 1 (patch file attached) to 
keep fix for Bug 13503 and assume not breaking it - maybe Mr. Schneider 
could take a look if it would still fix the reported Bug.

> 
> Finally, your smb.conf is borked for winbind.
> 
We have different setup on some servers using ldap server as idmap 
backend instead using autorid, but those show same issue and so 
shouldn't be related at all.

Alex
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-4.8.9-fix_winbind_empty_domain_2.patch
Type: text/x-patch
Size: 473 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20190222/a9853cc5/samba-4.8.9-fix_winbind_empty_domain_2.bin>

More information about the samba mailing list