[Samba] winbind : suspend nightmare

Jon Gerdes gerdesj at blueloop.net
Thu Oct 24 12:53:53 UTC 2019


On Wed, 2019-10-23 at 22:21 -0700, Jeremy Allison wrote:
> On Wed, Oct 23, 2019 at 11:58:33PM +0000, Jon Gerdes wrote:
> > winbind has a concept of offline and online but I don't know what
> > that
> > is, nor how nss works with it.  I've tried using smbcontrol to tell
> > winbind it is offline or online but that does not seem to work.
> > Restarting winbind normally gets my account working again. If I had
> > to
> > guess, then offline and online mean "network available" (layer 2/3)
> > and
> > not "AD available" (layer 3/4)
> 
> I implemented the 'winbind offline' code many years ago
> whilst working for SuSE to cover this exact use case.
> 
> It detects when it can't contact a DC and puts itself
> into the 'offline' mode, which means serve logins out
> of local cache. It should do this for whatever reason
> when it can't talk to a DC (network fail, DC not
> found etc. etc.).
> 
> On startup if winbind can't talk to a DC it sets
> a retry timer to go off every 10 seconds to try
> and re-connect to the DC. It keeps that timeout
> until it does contact a DC, when it resets the
> reconnect timer to be 30 seconds. If it loses
> connection to the DC after it has once made
> connection it puts itself in offline mode and
> then retries every 30 seconds.
> 
> The long (30) second timeout can be changed
> by setting the parameter:
> 
> winbind reconnect delay = X.
> 
> Hope this helps !
> 
> Jeremy.

Jeremy

Thanks for that.  I was steeling myself to diving into the code but
having the author describe it is fantastic.

Cheers
Jon



More information about the samba mailing list