Good morning, Samba list. =) I've been experiencing intermittent winbind failures over the past few weeks. The symptom is that users that haven't connected in a while, and thus aren't in the winbind cache, are unable to connect to any shares. I see a lot of NT_STATUS_PIPE_BROKEN in the logs when the failures occur, like this one from log.winbind: ### [2011/04/26 09:20:54.671225, 5] winbindd/winbindd_getpwnam.c:138(winbindd_getpwnam_recv) Could not convert sid S-1-5-21-1060284298-1450960922-725345543-818338: NT_STATUS_PIPE_BROKEN ###
At the same time, this is from log.somehostname: ### [2011/04/26 09:17:30.597274, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [coolusername] -> [coolusername] FAILED with error NT_STATUS_NO_SUCH_USER ### A few minutes later, I restarted winbind and everything was groovy again. Users that are still cached seem to work fine, sometimes for hours. It's only _some_ new connections that exhibit this problem. Restarting winbindd fixes the issue 100% of the time. I've tried to figure out how to 'detect' when winbind has crapped out on me, but wbinfo -tp, and net ads testjoin all return what would be expected. Most of the time, `id username` works fine, too, for users that are most certainly not cached. I also see a lot of noise in the logs about "more than 200 winbind connections, cleaning up idle connections". This particular server usually has at least 400 client connections all the time, and a good chunk of those are rather active (distributed renderfarm). I see that smb.conf will recognize "winbind max clients" in 3.6. I also understand that I could change WINBINDD_MAX_SIMULTANEOUS_CLIENTS and recompile a new winbindd, but that's not an option for me for a few weeks. Output from uname -a: Linux cias-files 2.6.32-5-amd64 #1 SMP Mon Mar 7 21:35:22 UTC 2011 x86_64 GNU/Linux I'm using Samba 3.5.6 on Debian Squeeze in ADS mode joined to a 2008R2 domain. I'm using the RID idmap backend. Any thoughts on how I can further troubleshoot/debug this problem? Do you think that the 200 clients thing is an issue for me? Thanks! ~Jay -- Jay Sullivan CIAS::RIT [email protected]<mailto:[email protected]> -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
