[Samba] Authentication problems during a Windows DC reboot
Billy Macdonald
I currently have samba (samba-3.0.14a) on a fedora server (Fedora Core
release 1 (Yarrow)). I use it only for NTLM authentication for squid (
squid-2.5.STABLE9).
The samba service is joined to the AD domain and works great. However
this morning the NT admin team needed to reboot two of our 11 domain
controllers. During the time winbindd doesn't seem to have been able to
switch to a different server and didn't stop working again until after we
restarted winbindd.
Is this expected? I tried searching the archives but didn't have much
luck.
Thanks,
Billy
smb.conf:
global]
workgroup =3D *******
netbios name =3D ******
winbind use default domain =3D yes
winbind uid =3D 10000-20000
winbind gid =3D 10000-20000
winbind enum users =3D yes
winbind enum groups =3D yes
wins server =3D x.x.x.x
security =3D ads
realm =3D *******
domain master =3D no
local master =3D no
preferred master =3D no
os level =3D 0
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Thomas Limoncelli
> The samba service is joined to the AD domain and works great. However
> this morning the NT admin team needed to reboot two of our 11 domain
> controllers. During the time winbindd doesn't seem to have been able to
> switch to a different server and didn't stop working again until after we
> restarted winbindd.
What errors do you see in the winbindd log(s)? We've suffered similar
problems with 3.0.21b and AFAIK they're now fixed in 3.0.21c (check the
release notes for socket-related fixes). We'd need to see your log to
tell whether your 3.0.14a problems are the same.
BTW, what's the content of your krb5.conf (if any)?
-TL
Billy Macdonald
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On 3/8/06, Thomas Limoncelli <limon...@web.de> wrote:
>
> Billy Macdonald wrote:
> > The samba service is joined to the AD domain and works
> great. However
> > this morning the NT admin team needed to reboot two of our 11 domain
> > controllers. During the time winbindd doesn't seem to have been able t=
o
> > switch to a different server and didn't stop working again until after
> we
> > restarted winbindd.
>
> What errors do you see in the winbindd log(s)? We've suffered similar
> problems with 3.0.21b and AFAIK they're now fixed in 3.0.21c (check the
> release notes for socket-related fixes). We'd need to see your log to
> tell whether your 3.0.14a problems are the same.
>
> BTW, what's the content of your krb5.conf (if any)?
>
>
> -TL
I don't have a krb5.conf. I think it uses DNS to find the Kerberos servers=
.
I have attached the excerpt from my log.winbindd from when the problem
started. The messages at the end go on for another 30 minutes until the
winbindd service was reset.
The server x...@XXX.XXX in the logs isn't a Domain Controller. I'm not
really sure why it's even being referenced in this log file.
Thanks,
Billy
------=_Part_453_27525801.1141870273993
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
------=_Part_453_27525801.1141870273993--
Thomas Limoncelli
> I have attached the excerpt from my log.winbindd from when the problem
> started. The messages at the end go on for another 30 minutes until the
> winbindd service was reset.
The socket-related error messages look familiar to me. As for the good
news, the 3.0.21c release notes
(http://de.samba.org/samba/history/samba-3.0.21c.html) say:
* Ensure that the correct error is checked when encountering a
socket error (fixes crashes in winbindd).
I'd try upgrading before anything else.
-TL