[Samba] winbind + pam - caching + intermittant delay ==~ bug?

[Geoff Oakham]

Hi everybody,

I think I've found a bug in winbind, or I'm out to lunch and need of 
help.. configuring winbind.  Basically, it's working great except once 
in a while it takes 2-5 minutes for a single authentication.  I've also 
seen symptoms winbind isn't caching credentials.

Here are my details:

* for testing purposes, proftpd was configured only authenticate against 
winbind.  I used this pam config:

   auth    required        pam_winbind.so debug
   account required        pam_winbind.so debug

* Samba was previously setup to participate in the local domain.  It 
works, you can connect to the file shares and everything's happy.  (The 
configuration file is included below.)

* The domain controllers are running Server 2003, but are otherwise in 
good health.

* There is network activity for each authentication request (successful 
or otherwise).

* There is a log entry on the domain controller for each authentication 
attempt.

* Even with debugging turned on, the logs on the Linux box don't report 
anything insightful.  (Ask me if you want to see them anyways!)

The smb.conf looks like this:

[global]
  workgroup = KEWL
  server string = %h server (Samba %v)
;  wins support = no
  wins server = 10.1.0.2
  dns proxy = no
;  name resolve order = lmhosts host wins bcast
  log file = /var/log/samba/log.%m
  log level = 10
  max log size = 1000
;  syslog only = no
  syslog = 0
  panic action = /usr/share/samba/panic-action %d
  security = domain
  encrypt passwords = true
  passdb backend = tdbsam guest
  obey pam restrictions = yes
  invalid users = root
  passwd program = /usr/bin/passwd %u
  passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
  socket options = TCP_NODELAY
;; winbind separator = '\'
  winbind cache time = 300
  template shell = /bin/bash
  template homedir = /home/%D/%U
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind use default domain = yes
  password server = 10.1.0.2, 10.1.0.3, *

[shared snipped]
...

If anyone has any suggestions or has had a similar experience, I would 
be happy to hear from you!  Thanks in advance for your help,

Geoff


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba