[Samba] Winbind and caching - idmap, DC

Ralph Böhme slow at samba.org
Fri Oct 18 20:10:57 UTC 2019



> Am 18.10.2019 um 21:38 schrieb Alexey A Nikitin <nikitin at amazon.com>:
> 
> On Friday, 18 October 2019 12:24:46 PDT Ralph Boehme wrote:
>> You won't loose connectivity anyway. winbindd will just have to go
>> through DC lookup again in certain scenarios.
> 
> This is exactly what I'd like to avoid.

as long as you don't restart winbindd it will continue to use the currently selected DC.

> As I wrote in another message in this thread, it appears that switching DC shortly after domain join causes machine authentication failures until the new machine account gets replicated.

yes, we've seen that too iirc. So again, if you just run net cache flush *without restarting winbindd* you should be fine.

> If I'm not mistaken, I can use 'wbinfo --ping-dc' to find out the DC that winbindd is currently connected to. Is there a way for me to use that info then to force winbindd to connect to the same DC after restart?

Hm, you could try to set that entry in the cache. Isn't there a net cache set?

> Alternatively,
> 
> On Friday, 18 October 2019 12:24:46 PDT Ralph Boehme wrote:
>> There's no tool to do that currently, but it would be trivial to write one.
> 
> would you be able to point someone unfamiliar with the Samba codebase where they should start looking to figure out how to do that?

https://git.samba.org/?p=samba.git;a=blob;f=source3/utils/net_cache.c;h=5691f04d8d6827db011e308c7da7615085c96b6f;hb=HEAD#l335

Implement a similar function with a iterate callback that looks at the key prefix.

-slow

-- 
Ralph Boehme, Samba Team                https://samba.org/
Samba Developer, SerNet GmbH   https://sernet.de/en/samba/
GPG-Fingerprint   FAE2C6088A24252051C559E4AA1E9B7126399E46




More information about the samba mailing list