First, I am not sure if this is a problem with samba or a misconfiguration somewhere along the way in AD. Unfortunately, I am a little peon on a large campus who is trying to use samba, so I have to figure out how to make samba work with what is in place.
I am using samba 3.5.8 on Ubuntu 11.04 Here is the issue, I have gotten Samba/Winbind to successfully communicate with AD and perform authentication and all that jazz. Then I started getting email messages about sending 700,000 requests a day to our dns servers. So I started digging deeper. It appears that when winbindd starts up and searches the UMROOT domain, it finds a trusted domain (MPATHWAYS2). It then tries to track down MPATHWAYS2 and is unsuccessful, it receives a NT_STATUS_CONNECTION_REFUSED. Because it can't find the domain, it schedules a retry in 30 secs and then repeats the whole process. So every 30 seconds it is sending 500+ dns requests to the server. (isn't there a caching mechanism?). A small snippet from a tcpdump capture of the DNS requests is below. I have found the variable 'winbind reconnect delay' which I can use to change the 30 secs into say 5 minutes, but it is only decreasing the number of requests, not really solving any problems. Is there any way for me to tell Samba not to look for MPATHWAYS2? a full debug dump of what is repeated every reconnect attempt is at http://pastebin.com/A3GvYWRp Thanks, Nathaniel -------------- DNS requests (http://pastebin.com/wqsij79H for all 500+ entries) ------------- 10:35:16.081633 IP 10.224.53.248.56483 > dns.umich.edu.domain: 20669+ AAAA? itcs-dc01.umich.edu. (50) 10:35:16.082452 IP 10.224.53.248.59121 > dns.umich.edu.domain: 6691+ AAAA? itcs-dc01.umich.edu. (50) 10:35:16.083343 IP 10.224.53.248.42311 > dns.umich.edu.domain: 43846+ A? itcs-dc01.umich.edu. (50) 10:35:16.084457 IP 10.224.53.248.40043 > dns.umich.edu.domain: 3355+ AAAA? itcs-dc02.umich.edu. (50) 10:35:16.085337 IP 10.224.53.248.42704 > dns.umich.edu.domain: 17221+ AAAA? itcs-dc02.umich.edu. (50) 10:35:16.086085 IP 10.224.53.248.44859 > dns.umich.edu.domain: 8613+ A? itcs-dc02.umich.edu. (50) 10:35:16.087147 IP 10.224.53.248.43603 > dns.umich.edu.domain: 29799+ AAAA? itcs-dc03.umich.edu. (50) 10:35:16.088032 IP 10.224.53.248.34606 > dns.umich.edu.domain: 36522+ AAAA? itcs-dc03.umich.edu. (50) 10:35:16.088833 IP 10.224.53.248.34569 > dns.umich.edu.domain: 37501+ A? itcs-dc03.umich.edu. (50) 10:35:16.089942 IP 10.224.53.248.43461 > dns.umich.edu.domain: 14302+ AAAA? itcs-dc04.umich.edu. (50) 10:35:16.091454 IP 10.224.53.248.36589 > dns.umich.edu.domain: 41996+ AAAA? itcs-dc04.umich.edu. (50) 10:35:16.092592 IP 10.224.53.248.57894 > dns.umich.edu.domain: 38619+ A? itcs-dc04.umich.edu. (50) 10:35:16.096440 IP 10.224.53.248.38878 > dns.umich.edu.domain: 48760+ SRV? _kerberos-master._tcp.UMICH.EDU. (62) -------------- cat /etc/samba/smb.conf -------------- [global] workgroup = UMROOT realm = UMICH.EDU netbios name = TRI-BIO-PROFILE server string = Biosciences Profile Server interfaces = eth1, localhost bind interfaces only = Yes security = ADS allow trusted domains = No map to guest = Bad User password server = itcs-dc01.umich.edu itcs-dc02.umich.edu itcs-dc03.umich.edu restrict anonymous = 2 client NTLMv2 auth = Yes syslog = 0 log file = /var/log/samba/log.%m smb ports = 139 name resolve order = lmhosts wins host dns proxy = No wins server = 141.213.143.150, 141.213.238.150 usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d idmap uid = 10000-60000 idmap gid = 10000-60000 template shell = /bin/bash winbind reconnect delay = 300 winbind enum users = Yes winbind enum groups = Yes [ProfileStore] comment = Users profiles path = /shares/profiles read only = No create mask = 0600 strict locking = No --- Nathaniel Madura Engineer in Research UMTRI - Biosciences Division 2901 Baxter Rd Ann Arbor, MI 48109 W: 734-936-1109 F: 734-647-3330 [email protected] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
