[Pkg-samba-maint] DO NOT REPLY [Bug 7259] Winbind eventually locks "forever" if one of ActiveDirectory refuses all connections
samba-bugs at samba.org
samba-bugs at samba.org
Thu Apr 1 12:30:56 UTC 2010
https://bugzilla.samba.org/show_bug.cgi?id=7259
------- Comment #3 from eric.castan at elca.ch 2010-04-01 07:30 CST -------
I just tested the build from branch v3-5-test (3.5.2-GIT-9620f5f-test) and
reproduced on my lab.
It is a little bit better, though not perfect. That is:
- under the same test conditions, winbind remains stable and eventually
produces an answer
- however, the answer is not correct because is does not try to connect to the
other ActiveDirectory servers.
Here is the detail of lab
cat /var/run/samba/smb_krb5/krb5.conf.PREPROD
[libdefaults]
default_realm = PREPROD.xxxx.xx
default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5
[realms]
PREPROD.xxxx.xx = {
kdc = 172.29.129.22
kdc = 172.29.129.21
kdc = 172.29.129.21
}
The test conditions are reproduced by
iptables -D OUTPUT -p tcp -d 172.29.129.22 -j REJECT
And in such conditions, winbind does not switch to the other available
ActiveDirectory node and tries to use the already established connections
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Pkg-samba-maint
mailing list