[Samba] winbind : suspend nightmare
jra at samba.org
Thu Oct 24 05:21:30 UTC 2019
On Wed, Oct 23, 2019 at 11:58:33PM +0000, Jon Gerdes wrote:
> winbind has a concept of offline and online but I don't know what that
> is, nor how nss works with it. I've tried using smbcontrol to tell
> winbind it is offline or online but that does not seem to work.
> Restarting winbind normally gets my account working again. If I had to
> guess, then offline and online mean "network available" (layer 2/3) and
> not "AD available" (layer 3/4)
I implemented the 'winbind offline' code many years ago
whilst working for SuSE to cover this exact use case.
It detects when it can't contact a DC and puts itself
into the 'offline' mode, which means serve logins out
of local cache. It should do this for whatever reason
when it can't talk to a DC (network fail, DC not
found etc. etc.).
On startup if winbind can't talk to a DC it sets
a retry timer to go off every 10 seconds to try
and re-connect to the DC. It keeps that timeout
until it does contact a DC, when it resets the
reconnect timer to be 30 seconds. If it loses
connection to the DC after it has once made
connection it puts itself in offline mode and
then retries every 30 seconds.
The long (30) second timeout can be changed
by setting the parameter:
winbind reconnect delay = X.
Hope this helps !
More information about the samba