Bug 622333

Summary: samba3x winbind won't stop opening connections to windows 2000 PDC
Product: Red Hat Enterprise Linux 5 Reporter: Will <william.hausler>
Component: samba3xAssignee: Guenther Deschner <gdeschner>
Status: CLOSED NEXTRELEASE QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: andy.mek, dpal, theo_nra
Target Milestone: rc   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-15 19:35:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Basic smb.conf used on server
none
TarGz of samba logs from reproducing this issue none

Description Will 2010-08-09 01:03:39 UTC 
Description of problem:

Currently have a working implementation of samba 3.0.33 on CentOS 5.5 (kernel 2.6.18-194.3.1.el5 #1 SMP i686) using AD security, kerberos 5 and winbind.

Upon upgrading to samba3x, everything works until winbind is started. Once started, it gets a good connection to the PDC but keeps attempting to open a new connection until it is either stopped or the server crashes.


How reproducible:

I have only tested this on one server, so unsure if this occurs on other servers/setups. This one server is currently available for testing and debugging until samba3x starts working on it. Also, we only have one Windows 2000 server as the PDC, and no other Windows AD servers to test against.


Steps to Reproduce:
 1. Working install of samba 3.0.33 with krb5 and winbind on server (see http://wiki.samba.org/index.php/Samba_&_Active_Directory )

 2. service winbind stop ; service smb stop

 3. net ads leave -U administrator

 4. yum remove samba-common samba samba-client libsmbclient

 5. rm -rf /var/cache/samba /usr/lib/samba

 6. yum install samba3x samba3x-winbind samba3x-client

 7. kdestroy ; kinit administrator (no problems reported)

 8. mv -f /etc/samba/smb.conf.rpmsave /etc/samba/smb.conf

 9. testparm (no issues)

10. net ads join -U administrator (reports no issue with join, but "DNS update failed!" is reported after ~300 seconds)

11. net ads testjoin (reports "Join is OK")

12. service smb start ; service nmb start (no problems and performs as expected)

13. service winbind start (no problems reported)

14. wbinfo -[u|g] (returns "Error looking up domain [users|groups]" after timeout)

  
Actual results:

Winbind fails to return anything when "wbinfo" is used. winbind process takes ~95% of CPU on server, pushing it to a high load until the server is unusable or winbind is stopped.

netstat shows that winbind is succesfully connected to the PDC, and tcpdump shows that LDAP questions are being answered. winbind keeps attempting to open a new connection to the PDC even though there is already a successful connection open.


Expected results:

wbinfo -[u|g] should return a list of domain users and groups, winbind should not use 95% CPU and should not flood the PDC with connection attempts after getting a successful connection.


Additional info:

Issuing "net ads [user|group]" returns expected results. Logs/confs will be posted in comments below.
Comment 1 Will 2010-08-09 01:10:57 UTC 
Created attachment 437500 [details]
Basic smb.conf used on server

I have sanitised the information in this file, but it is what is being used on the server for both samba 3.0.33 and samba3x.
Comment 2 Will 2010-08-09 02:37:10 UTC 
Created attachment 437509 [details]
TarGz of samba logs from reproducing this issue

Logs were produced from the following commands:

 service smb start ; service nmb start
 sleep 1 ; echo -e "`date ; netstat -an` \n\n" >/tmp/winbind-issue/netstat.out
 service winbind start
 sleep 2 ; echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
 wbinfo -u
 sleep 1 ; echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
 service winbind stop
 echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
 service smb stop ; service nmb stop

All logs in samba directory at log level 5 (no max log size) have been included in the file. Logs have been sanitised, but no other information changed.

Please let me know if more details are needed.
Comment 3 Will 2010-08-11 23:41:42 UTC 
I have installed samba 3.3.13 as provided by SerNet ( http://ftp.sernet.de/pub/samba/3.3/rhel/5/i386/ ).

Doing the same upgrade procedure as outlined above when installing Samba3x, winbind now works correctly in all tests and it looks like one connection to the PDC is all it needs.

So the issue seems to be either with the samba3x-winbind package build, or the samba 3.3.8 branch.
Comment 7 Tim Waugh 2012-06-22 10:41:52 UTC 
*** Bug 831167 has been marked as a duplicate of this bug. ***