[Pkg-samba-maint] Bug#603729: Repeated winbind_cache.tdb corruption in Samba 3.5.x
Dale Schroeder
dale at BriannasSaladDressing.com
Tue Nov 16 19:43:33 UTC 2010
Package: winbind
Version: 2:3.5.6~dfsg-1
Samba 3.5.6~dfsg-1 on Debian Squeeze. Updates are current.
Ever since upgrading from 3.4.x to 3.5.x, winbind_cache.tdb is
repeatedly corrupted, rendering authentication impossible.
I have a script that checks every 15 minutes for connectivity to the AD
server and restarts samba and winbind if the connection is corrupted.
This happens on every winbind system, so it is not system specific.
ls of this file in /var/cache/samba is as follows:
-rw------- 1 root root 139264 Nov 16 11:21 winbindd_cache.tdb
-rw------- 1 root root 946176 Nov 16 11:20 winbindd_cache.tdb.bak
-rw------- 1 root root 946176 Nov 16 09:16 winbindd_cache.tdb.bak.old
The corrupted tdb's are almost 7 times as large as the working version.
In 3.3.5, a winbind_cache.corrupt was generated at each restart after
a corruption. In 3.5.6, 2 backups are maintained instead. This is the
only difference I have noted between the two versions.
I notice this is repeated in the logs at the time of the corruption:
[2010/11/16 11:19:40.933366, 10]
winbindd/winbindd_cache.c:4674(wcache_fetch_ndr)
Entry has wrong sequence number: 1573542
[2010/11/16 11:19:40.933684, 1] winbindd/winbindd_util.c:289(trustdom_recv)
Could not receive trustdoms
A level 10 log during a corruption is attached.
Dependencies:
adduser 3.112
libc6 2.11.2-7
libcomerr2 1.41.12-2
libkrb53 1.6.dfsg.4~beta1-13
libldap-2.4-2 2.4.23-6
libpam0g 1.1.1-6.1
libpopt0 1.16-1
libtalloc1 1.2.0~git20080616-1
libwbclient0 2:3.5.6~dfsg-1
lsb-base 3.2-23.1
samba-common 2:3.5.6~dfsg-1
Also:
linux-image-2.6.32-5-686 2.6.32-27
smb.conf:
[global]
workgroup = DOMAIN
realm = DOMAIN.COM
server string = %h server (Samba %v)
security = ADS
allow trusted domains = No
map to guest = Bad User
obey pam restrictions = Yes
password server = ad_dc
passdb backend = tdbsam
username map = /etc/samba/users.map
log level = 1 winbind:10 idmap:4
log file =/var/log/samba/%m
max log size = 1000
name resolve order = wins host bcast
deadtime = 15
load printers = No
printcap name = cups
wins proxy = Yes
wins server = 192.168.x.xxx
ldap ssl = no
panic action = /usr/share/samba/panic-action %d
#idmap backend = rid:DOMAIN=1000-20000000
idmap backend = tdb
idmap uid = 1000-20000000
idmap gid = 1000-20000000
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 1000 - 20000000
template homedir =/home/domain/%U
template shell = /bin/bash
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind offline logon = Yes
admin users = root, DOMAIN\user1, "@DOMAIN\group1"
ea support = Yes
map archive = No
map readonly = no
store dos attributes = Yes
I found that the corruptions occurred less frequently if I converted to
the newer idmap_rid syntax; however, they still occur at the rate of 5
to 6 daily.
Thanks,
Dale Schroeder
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug1.txt
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20101116/93dac315/attachment-0001.txt>
More information about the Pkg-samba-maint
mailing list