[Pkg-samba-maint] Bug#603729: Debian Bug report logs - #603729 - Repeated winbind_cache.tdb corruption in Samba 3.5.x
Dale Schroeder
dale at BriannasSaladDressing.com
Thu Dec 16 19:45:07 UTC 2010
For completeness I've added Volker's comments from Samba bugzilla. I
believe his suggestions have lead me
to solve the problem, as I have not had winbind corrupt in 24+ hours.
The problem was not /etc/resolve.conf. Adding the DC to
/etc/resolv.conf had no effect. There was no process
changing the settings in resolv.conf. The problem turned out to be a
sync problem between the master and slave
DNS servers. The serial number of the reverse DNS zone (PTR records) in
the DC was not the same as that in the
slave servers. After forcing the master/slaves to resync serial
numbers, there have been no more winbind hangs.
Note that this problem has not affected any Windows systems nor Samba
systems prior to 3.5.x. Earlier systems
had no problem with this DNS error. A Lenny server running 3.2.5 ran
flawlessly the entire time. A look at archived
logs show that this problem has existed for some time, long before 3.5
was released, but caused no problems until
upgrading to 3.5.x. I have to assume something has changed in the way
that winbind works relative to DNS queries.
As things now stand, it appears you can close this bug. Many thanks for
your help, Christian.
Dale
------- /Comment #12
<https://bugzilla.samba.org/show_bug.cgi?id=7818#c12> From Volker
Lendecke <mailto:vl at samba.org> 2010-12-09 09:15:45 CST / [reply
<https://bugzilla.samba.org/show_bug.cgi?id=7818#add_comment>] -------
Samba relies on the normal system DNS resolving routines to look up the IP
address of the Active Directory Domain Controller. This is because we do not
want to invent that as well, Samba is already a very large project. So if the
system DNS resolving routines tell us the Domain Controller is at IP Address
67.215.65.132, we try to connect to that. If there is no DC at that address,
the natural consequence is that your authentication ceases to work.
Please make sure that the system DNS routines resolve the correct IP addresses
for your Active Directory Domain Controllers. One way to do this is to put the
IP address of a Active Directory Domain Controller that also carries a DNS
server into the configuration line
nameserver<ip-address>
in the file /etc/resolv.conf. The exact way to configure this will depend on
the exact version of Unix you are using. Please also make sure that no DHCP or
BOOTP client program will change the settings in the file /etc/resolv.conf. One
way to do this on GNU/Linux is to set this file immutable by issuing
chattr +i /etc/resolv.conf
if it is not possible to disable the dhcp client from attempting to change the
/etc/resolv.conf file.
I'm closing this bug as WORKSFORME. Please re-open if you still have that issue
after making sure that your DNS configuration is stable.
With best regards,
Volker Lendecke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20101216/60317e4c/attachment.htm>
More information about the Pkg-samba-maint
mailing list