[Pkg-samba-maint] Bug#707624: winbind: winbind does not recover from DC reboot etc.

Jakob Bohm jb-debbugs at wisemo.com
Thu May 9 18:36:14 UTC 2013 

Package: winbind
Version: 2:3.5.6~dfsg-3squeeze9
Severity: normal

(Note: This bug has been observed on multiple squeeze production
systems, I have no wheezy production systems to test on, but
wheezy might be affected anyway).

A key feature of the Windows Domain Controller authentication
protocols implemented by winbind is domain controller redundancy
and resilliance.  Specifically, as long as at least one of the DCs
for a domain are up, authentication should work, and if all DCs
are down simultaneously, bringing one back up should recover with
no need to actively prod clients and "member" servers.

However at least with the winbind versions in squeeze this is not
working at all, specifically:

   If at least one DC is up when winbind is started, winbind will
   pick one and lock itself onto this one DC until winbind is
   stopped, failing to take advantage of any redundant DCs on the
   network.

   If the one DC winbind has chosen is rebooted, winbind fails to
   reconnect automatically.

   If winbind is started before the DCs have finished booting (as
   happens when bringing up a whole rack or a virtualization host),
   winbind remembers the inability to find a DC until manually
   restarted.

All of the above was seen using a pair of real Windows Server 2008
R2 DCs and Debian winbind clients joined to the domain as member
servers.

The workaround is to login to each Debian machine running winbind
and do "/etc/init.d/winbind restart", which is tedious.


-- System Information:
Debian Release: 6.0.7
   APT prefers stable
   APT policy: (991, 'stable'), (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-0.bpo.4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages winbind depends on:
ii  adduser           3.112+nmu2             add and remove users and groups
ii  libc6             2.11.3-4               Embedded GNU C Library: 
Shared lib
ii  libcap2           1:2.19-3               support for getting/setting 
POSIX.
ii  libcomerr2        1.41.12-4stable1       common error description 
library
ii  libgssapi-krb5-2  1.10.1+dfsg-5          MIT Kerberos runtime 
libraries - k
ii  libk5crypto3      1.10.1+dfsg-5          MIT Kerberos runtime 
libraries - C
ii  libkrb5-3         1.10.1+dfsg-5          MIT Kerberos runtime libraries
ii  libldap-2.4-2     2.4.23-7.3             OpenLDAP libraries
ii  libpam-runtime    1.1.1-6.1+squeeze1     Runtime support for the PAM 
librar
ii  libpam0g          1.1.1-6.1+squeeze1     Pluggable Authentication 
Modules l
ii  libpopt0          1.16-1                 lib for parsing cmdline 
parameters
ii  libtalloc2        2.0.1-1                hierarchical pool based 
memory all
ii  libwbclient0      2:3.5.6~dfsg-3squeeze9 Samba winbind client library
ii  lsb-base          3.2-23.2squeeze1       Linux Standard Base 3.2 
init scrip
ii  samba-common      2:3.5.6~dfsg-3squeeze9 common files used by both 
the Samb
ii  zlib1g            1:1.2.3.4.dfsg-3       compression library - runtime

winbind recommends no packages.

winbind suggests no packages.

-- no debconf information


Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the Pkg-samba-maint mailing list