FW: Winbindd timeout on unreacheable domains
Andrew Bartlett
abartlet at samba.org
Wed Feb 18 21:19:04 GMT 2004
On Wed, 2004-02-18 at 21:37, ww m-pubsyssamba wrote:
> Hi All,
>
> would anyone like to acknoledge this as a problem or correct me if I'm mistaken, I didn't get a
> responce from the samba mailing list. Seems to me to be an issue with implementing Samba+winbindd in a
> distributed multi-domain windows environment,
Sorry, I meant to get back to you. It's a known issue - there are ways
to work around it however - we can reduce the time we take before we
time out contacting trusted domains.
> thanks Andy.
>
>
>
> Hi All,
>
> I have a concern with the behaviour of winbindd on startup in a multi-domain environment, in my
> case a 6 domain AD forest + trusts to 3 NT 4 domains. I've tested startup of winbindd in a 2 domain
> development environment and found if a trusted domain is not contactable it takes five minutes to
> timeout before winbindd becomes active (/tmp/.winbindd/pipe is created).
This is a bit more excessive than I've seen in the past. Is your DNS
setup correctly?
> If I assume this will be the same behaviour for winbindd in our production environment then if our
> domain were isolated from the rest of the trusted domains then winbindd would take 45 minutes (9x
> 5minutes) to become active if we needed to restart a server. Because our domain is on a physically
> different and separately managed network from the others it is more than possible this type of situation
> could occur. 45 minutes to startup is obviously unacceptable especially as I hope to deploy Samba 3.x on
> one of our clusters. And to put this in comparison with a pure windows solution we would have no such
> issues starting a DC or fileserver in a domain just because it couldn't see any or all trusted domains.
We suffer many pains because we are not windows :-). (Mostly, this is
because windows does not need user lists or user names even, except in
the UI)
> If I am incorrect please can you put me right on this, if I am correct is it possible that winbindd
> can be modified to establish connection only with its local domain at startup and start serving data to
> Samba from cached data for other domains?
There are some problems with this, but it's not that bad an idea.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040219/5ff76d27/attachment.bin
More information about the samba-technical
mailing list