Red Hat Bugzilla – Bug 622333
samba3x winbind won't stop opening connections to windows 2000 PDC
Last modified: 2012-06-22 06:41:52 EDT
Description of problem:
Currently have a working implementation of samba 3.0.33 on CentOS 5.5 (kernel 2.6.18-194.3.1.el5 #1 SMP i686) using AD security, kerberos 5 and winbind.
Upon upgrading to samba3x, everything works until winbind is started. Once started, it gets a good connection to the PDC but keeps attempting to open a new connection until it is either stopped or the server crashes.
I have only tested this on one server, so unsure if this occurs on other servers/setups. This one server is currently available for testing and debugging until samba3x starts working on it. Also, we only have one Windows 2000 server as the PDC, and no other Windows AD servers to test against.
Steps to Reproduce:
1. Working install of samba 3.0.33 with krb5 and winbind on server (see http://wiki.samba.org/index.php/Samba_&_Active_Directory )
2. service winbind stop ; service smb stop
3. net ads leave -U administrator
4. yum remove samba-common samba samba-client libsmbclient
5. rm -rf /var/cache/samba /usr/lib/samba
6. yum install samba3x samba3x-winbind samba3x-client
7. kdestroy ; kinit administrator (no problems reported)
8. mv -f /etc/samba/smb.conf.rpmsave /etc/samba/smb.conf
9. testparm (no issues)
10. net ads join -U administrator (reports no issue with join, but "DNS update failed!" is reported after ~300 seconds)
11. net ads testjoin (reports "Join is OK")
12. service smb start ; service nmb start (no problems and performs as expected)
13. service winbind start (no problems reported)
14. wbinfo -[u|g] (returns "Error looking up domain [users|groups]" after timeout)
Winbind fails to return anything when "wbinfo" is used. winbind process takes ~95% of CPU on server, pushing it to a high load until the server is unusable or winbind is stopped.
netstat shows that winbind is succesfully connected to the PDC, and tcpdump shows that LDAP questions are being answered. winbind keeps attempting to open a new connection to the PDC even though there is already a successful connection open.
wbinfo -[u|g] should return a list of domain users and groups, winbind should not use 95% CPU and should not flood the PDC with connection attempts after getting a successful connection.
Issuing "net ads [user|group]" returns expected results. Logs/confs will be posted in comments below.
Created attachment 437500 [details]
Basic smb.conf used on server
I have sanitised the information in this file, but it is what is being used on the server for both samba 3.0.33 and samba3x.
Created attachment 437509 [details]
TarGz of samba logs from reproducing this issue
Logs were produced from the following commands:
service smb start ; service nmb start
sleep 1 ; echo -e "`date ; netstat -an` \n\n" >/tmp/winbind-issue/netstat.out
service winbind start
sleep 2 ; echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
sleep 1 ; echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
service winbind stop
echo -e "`date ; netstat -an` \n\n" >>/tmp/winbind-issue/netstat.out
service smb stop ; service nmb stop
All logs in samba directory at log level 5 (no max log size) have been included in the file. Logs have been sanitised, but no other information changed.
Please let me know if more details are needed.
I have installed samba 3.3.13 as provided by SerNet ( http://ftp.sernet.de/pub/samba/3.3/rhel/5/i386/ ).
Doing the same upgrade procedure as outlined above when installing Samba3x, winbind now works correctly in all tests and it looks like one connection to the PDC is all it needs.
So the issue seems to be either with the samba3x-winbind package build, or the samba 3.3.8 branch.
*** Bug 831167 has been marked as a duplicate of this bug. ***