Hi, I'm testing out Samba 3.0.25c with Active Directory using the rid idmap backend. In certain cases there seems to be a repeatable deadlock in winbind.
I have a local user "ed" created with uid 100 and no user exists with uid 1001. Here's the behavior I'm seeing with wbinfo: # time wbinfo -U 100 S-1-22-1-100 real 0m0.047s user 0m0.014s sys 0m0.007s # time wbinfo -U 1001 S-1-22-1-1001 real 5m35.097s user 0m0.015s sys 0m0.011s The first command behaves as expected but the expected result of the second command is "Could not convert uid 1001 to sid" with an execution time of much less than 1 second as is seen with Samba 3.0.24 and lower. This is running on Solaris 10 (x86) and compiled with Sun Studio 11 using the OpenLDAP and MIT Kerberos 5 libraries from Blastwave. The exact same configuration works fine with 3.0.24 with the only difference being the idmap configuration changes between 3.0.24 and 3.0.25. In /etc/nsswitch.conf I have: passwd: files winbind group: files winbind During the query to winbindd, uid 1001 is not within the range used for the MYAD rid backend which causes the lookup to then be attempted by passdb. passdb in turn calls getpwuid which ends up querying winbind through nss_winbind which is what leads to the deadlock. When I remove winbind from nsswitch.conf the 5 minute delay is gone but wbinfo returns "S-1-22-1-1001" which is different from what previous Samba versions returned. Here's the contents smb.conf: [global] workgroup = MYAD realm = MYAD.ORG security = ads encrypt passwords = yes smb passwd file = /etc/samba/private/smbpasswd winbind separator = + winbind use default domain = yes winbind nested groups = no obey pam restrictions = yes winbind enum users = yes winbind enum groups = yes allow trusted domains = no idmap uid = 10000-100000000 idmap gid = 10000-100000000 idmap domains = MYAD idmap config MYAD: default = yes idmap config MYAD: backend = rid idmap config MYAD: range = 10000-100000000 idmap config MYAD: readonly = yes name resolve order = host dns proxy = no In Samba versions prior to 3.0.25 the idmap options in smb.conf were: idmap uid = 10000-100000000 idmap gid = 10000-100000000 idmap backend = idmap_rid:MYAD=10000-100000000 Is there something wrong with my new idmap configuration or is this a bug? 3.0.25 implicitly adds the passdb backend which I don't think older versions did. Disabling this might fix the problem but is there any way to do that? Any other ideas on things to try? Thanks, Ed Plese -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba