On 10/23/2009 11:45 AM, Robert LeBlanc wrote: > I'm using 3.4.2 right now and I'm seeing a similar problem. We are > using winbind to authenticate our users on our Linux cluster. The > worker and interactive nodes are on a private subnet that is NATed to > the local LAN. Two head nodes provide failover for the NATing. When > failover is happening, winbind whacks out. The system is not unusable, > but no authentication happens for about 30 minutes after the failover. > I'm going to see if I can get iptables to share state between machines > to help prevent this, but there needs to be a faster reconnection > after domain controllers seem to be down.
What I see (as a winbind-laptop user) is that sometimes winbind thinks it has working connections to domain controllers when either the network is down or is no longer the corporate network. e.g. I can be logged in at work, sleep my laptop and take it home. After coming out of sleep, "netstat -t" shows that there are still ESTABLISHED tcp sessions to domain controllers - even though my home network has no access to my work network. I think winbind then gets into a state where it is continually trying to talk to these non-available domain controllers and it never gives up - and so the offline mode never kicks in. It's got so bad that I now have scripts that run whenever a network change occurs, to check if winbind is "stuck" and restart accordingly. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
