[Samba] winbindd: how it chooses which LDAP servers to query?
Michael Tokarev
mjt at tls.msk.ru
Wed Jun 25 20:28:12 UTC 2025
A looked at this even more closely, and what's what I observed.
There are 3 DCs, 2 local to the site (svdcm & svdcm2) and one remote,
belonging to the remote site, svdcp. winbindd at startup correctly
determines the site it is on, but sends queries to svdcm and svdcp
(not two local DCs but one local and one remote). Local DC, svdcm,
replies instantly, but it keeps querying the remote one, which always
responds with ENETUNREACH (which is being ignored).
This pattern repeats ad infinitumm - query one local DC (which responds
instantly) and query the remote DC 3 times, and repeat. Eventually it
returns either a cached entry or "not found" error (logging "unable
to find DC").
Once the remote DC becomes available and responds to a single query
out of numerous, winbind stops querying the remote one and from now
on, continues querying only the local DC (one of them). It does
not query the remote DC any more.
It looks like there's an inverted logic somewhere in the code.
But another member server which I just joined to the domain,
does not *always* shows this behavior - sometimes it does the
same, but more often it switches to local DC before the first
answer from the remote.
So it's not exactly conclusive.
It's a fun bug.
Thanks,
/mjt
More information about the samba
mailing list