Your /etc/nsswitch.conf looks correct to me. For services like ssh, you should just disable ptr lookups (VerifyReverseMapping no). Regarding winbind, do you have any services or processes running on the box as a domain user? Perhaps there is a timeout setting for krb and winbind. I don't recall seeing one for winbind, but I would imagine that there is one for kerberos. Have you bumped up the debugging and purposefully caused an ad failure (ifdown or bad route) ? Have you had the console open and watched top to see if it's a processes consuming to much cpu? What kind of troubleshooting have you done? and what are the results?
----- Original Message ---- From: "[email protected]" <[email protected]> To: [email protected] Cc: [email protected]; Jeremy Allison <[email protected]> Sent: Fri, October 16, 2009 3:59:45 PM Subject: Re: [Samba] winbind causes Linux to lockup when connectivity to AD is lost (subject line edited for clarity) Ok I am not hearing replies back - I dont want this issue to be swept under the rug. It has been a issue for me since SuSE 10.1 + samba-3.0.30-0.1.112 even.. I know now that the commands I was telling you all access UN/PW info such as LS or MAN etc, to see if you have permission to run them? IDK I am guessing. BUT - if winbind is really caching and the connection is lost, then this should be a non-issue as you say. Well here is my nsswitch.conf: cat /etc/nsswitch.conf passwd: compat winbind group: compat winbind networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files aliases: files hosts: files dns shadow: compat Isn't this set up right? ;-) So, famously when DNS is down, crap like SSH and NFS take unreasonable amounts of time and cause system hangs in linux. This is what I've been told, and I can accept that. Since DNS is hosted on the AD server, when that server goes down, SSH, and even local login hang for extremely long amounts of time - im talking more than 10 minutes... then fail. In Windows (im sorry Im about to compare 2 operating systems) this is a non issue and you can use the machine even if the networking is hosed or you cant talk to the AD. So....... BUMP! :-) On Wed, 14 Oct 2009 16:51:10 -0600, <[email protected]> wrote: > Hopefully that isn't a bad thing! haha > Thanks! > > > On Wed, 14 Oct 2009 15:44:54 -0700, Jeremy Allison <[email protected]> wrote: >> On Wed, Oct 14, 2009 at 04:02:41PM -0600, [email protected] wrote: >>> Hi Jeremy, >>> >>> >>> > Sorry, didn't look too closely at your winbindd issue. >>> > winbindd will cache all information to allow disconnected >>> > operation (we made this work perfectly at SuSE), so there >>> > certainly shouldn't be a problem with a loss of connection to a DC. >>> >>> I am sorry to report that I am in fact using SuSE, and this problem is >>> very >>> easy to reproduce if I power off my AD domain, then wait (I guess) 10 >>> minutes - then try and ssh to my Linux box. There is no way to log into >>> the >>> box. >> >> Ok, then I'm going to hand you over to the SuSE Samba Team >> maintainers on this list (sorry :-). >> >> Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
