enterprise-support team mailing list archive

Thread
Date

Re: [Question #167637]: winbind problem with two domain controller

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Olivier B <question167637@xxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Aug 2011 14:05:54 -0000
Reply-to: question167637@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Question #167637 on samba in Ubuntu changed:
https://answers.launchpad.net/ubuntu/+source/samba/+question/167637

Description changed to:
Ubuntu 10.04 LTS server 
winbind, samba-common, samba-common-bin, libwbclient0 3.4.7~dfsg-1ubuntu3.7

Hi,

I have my ubuntu machines authenticating against windows 2008 AD, it is working fine. But if one of the Domain Controller stop responding, winbind doesn't fall back to the secondary domain controller, and winbind is stuck for ever.
But wbinfo -u and wbinfo -g commands are working.
getent paswd myuser is working
getent group mygroup is NOT working

I need to restart winbind manually, to get the authentication working
again.

/var/log/samba/log.winbindd 
[2011/08/10 20:41:53,  0] winbindd/winbindd_dual.c:186(async_request_timeout_handler)
  async_request_timeout_handler: child pid 1284 is not responding. Closing connection to it.
[2011/08/10 20:41:53,  1] winbindd/winbindd_util.c:303(trustdom_recv)
  Could not receive trustdoms
[2011/08/11 09:05:56,  1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
  lsa_lookupsids call failed with NT_STATUS_IO_TIMEOUT - retrying...
[2011/08/11 09:31:12,  1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
  lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/11 09:31:12,  1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
  lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/11 09:31:12,  1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
  lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...
[2011/08/11 09:31:19,  1] winbindd/winbindd_ads.c:1137(lookup_groupmem)
  lsa_lookupsids call failed with NT_STATUS_PIPE_BROKEN - retrying...


/etc/samba/smb.conf
[global]

   security = ADS
   realm = MYDOMAIN.LOCAL
   password server = dc1 dc2 
   kerberos method = system keytab
   workgroup = MYDOMAIN
   idmap uid = 70000-100000000
   idmap gid = 70000-100000000
   idmap config MYDOMAIN : backend = rid
   idmap config MYDOMAIN : range = 70000-100000000
   idmap config MYDOMAIN : base = 1000
   template shell = /bin/bash
   template homedir = /home/%D/%U
   winbind enum users = no
   winbind enum groups = no
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = true
   winbind use default domain = yes
   restrict anonymous = 2
   users = @"Domain Users"

Is my config OK ? How can I get this fixed ?

Is there a way to have a newer version of samba on 10.04 LTS?
I am using 10.04 LTS because it is used for business purpose and I want to have updates for a long time.

Cheers, Olivier

-- 
You received this question notification because you are a member of
Ubuntu Server/Client Support Team, which is an answer contact for samba
in Ubuntu.