Package: winbind
Version: 2:3.5.6~dfsg-3squeeze9
Severity: normal
(Note: This bug has been observed on multiple squeeze production
systems, I have no wheezy production systems to test on, but
wheezy might be affected anyway).
A key feature of the Windows Domain Controller authentication
protocols implemented by winbind is domain controller redundancy
and resilliance. Specifically, as long as at least one of the DCs
for a domain are up, authentication should work, and if all DCs
are down simultaneously, bringing one back up should recover with
no need to actively prod clients and "member" servers.
However at least with the winbind versions in squeeze this is not
working at all, specifically:
If at least one DC is up when winbind is started, winbind will
pick one and lock itself onto this one DC until winbind is
stopped, failing to take advantage of any redundant DCs on the
network.
If the one DC winbind has chosen is rebooted, winbind fails to
reconnect automatically.
If winbind is started before the DCs have finished booting (as
happens when bringing up a whole rack or a virtualization host),
winbind remembers the inability to find a DC until manually
restarted.
All of the above was seen using a pair of real Windows Server 2008
R2 DCs and Debian winbind clients joined to the domain as member
servers.
The workaround is to login to each Debian machine running winbind
and do "/etc/init.d/winbind restart", which is tedious.
-- System Information:
Debian Release: 6.0.7
APT prefers stable
APT policy: (991, 'stable'), (500, 'stable-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-0.bpo.4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages winbind depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii libc6 2.11.3-4 Embedded GNU C Library:
Shared lib
ii libcap2 1:2.19-3 support for getting/setting
POSIX.
ii libcomerr2 1.41.12-4stable1 common error description
library
ii libgssapi-krb5-2 1.10.1+dfsg-5 MIT Kerberos runtime
libraries - k
ii libk5crypto3 1.10.1+dfsg-5 MIT Kerberos runtime
libraries - C
ii libkrb5-3 1.10.1+dfsg-5 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.23-7.3 OpenLDAP libraries
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM
librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication
Modules l
ii libpopt0 1.16-1 lib for parsing cmdline
parameters
ii libtalloc2 2.0.1-1 hierarchical pool based
memory all
ii libwbclient0 2:3.5.6~dfsg-3squeeze9 Samba winbind client library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2
init scrip
ii samba-common 2:3.5.6~dfsg-3squeeze9 common files used by both
the Samb
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
winbind recommends no packages.
winbind suggests no packages.
-- no debconf information
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
