System: Win2003 ADS, Samba 3.0.26a on RHEL5.
I thought I had this fixed but sadly no - it came back. The situation
changes when I reboot the PC, or cycle power on the PC. This
indicates to me that there is a structure in winbind that is not
initialized properly.
wbinfo -t: OK, shows domain joined fine.
wbinfo -g: Shows all groups, or only the first two BUILTIN groups, or
nothing at all.
wbinfo -u: Shows all users, or no users.
Login works if wbinfo -g shows all groups, fails otherwise.
kinit [EMAIL PROTECTED]: works
wbinit -a user%domain: works
---
This weird Winbind/Kerberos problem has been fixed again - hopefully for
good.
I started to read the source code, followed the log messages at debug
level 10 and sniffed the network with tcpdump. Eventually, I figured
out that Kerberos is generating an inordinate amount of traffic, with
the result that the Windows server doesn't always get around to
answering the LDAP request and the user/group query then times out.
The solution is to reset the Windows Administrator password.
I remembered reading in the Samba howto guide that the Administrator
password reset also does something to Kerberos, so I tried it and it
worked. I haven't been able to break it again for the rest of the day.
Cheers,
Herman
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba