[Pkg-samba-maint] DO NOT REPLY [Bug 7818] Repeated winbind_cache.tdb corruption

samba-bugs at samba.org samba-bugs at samba.org
Thu Dec 16 19:54:45 UTC 2010 

https://bugzilla.samba.org/show_bug.cgi?id=7818


dale at BriannasSaladDressing.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dale at BriannasSaladDressing.c
                   |                            |om




------- Comment #13 from dale at BriannasSaladDressing.com  2010-12-16 13:54 CST -------
(In reply to comment #12)
> Samba relies on the normal system DNS resolving routines to look up the IP
> address of the Active Directory Domain Controller. This is because we do not
> want to invent that as well, Samba is already a very large project. So if the
> system DNS resolving routines tell us the Domain Controller is at IP Address
> 67.215.65.132, we try to connect to that. If there is no DC at that address,
> the natural consequence is that your authentication ceases to work.
> 
> Please make sure that the system DNS routines resolve the correct IP addresses
> for your Active Directory Domain Controllers. One way to do this is to put the
> IP address of a Active Directory Domain Controller that also carries a DNS
> server into the configuration line
> 
> nameserver <ip-address>
> 
> in the file /etc/resolv.conf. The exact way to configure this will depend on
> the exact version of Unix you are using. Please also make sure that no DHCP or
> BOOTP client program will change the settings in the file /etc/resolv.conf. One
> way to do this on GNU/Linux is to set this file immutable by issuing
> 
> chattr +i /etc/resolv.conf
> 
> if it is not possible to disable the dhcp client from attempting to change the
> /etc/resolv.conf file.
> 
> I'm closing this bug as WORKSFORME. Please re-open if you still have that issue
> after making sure that your DNS configuration is stable.
> 
> With best regards,
> 
> Volker Lendecke
> 

The problem was not /etc/resolve.conf.  Adding the DC to /etc/resolv.conf had
no effect, and there was no DHCP or BOOTP process changing the settings in
resolv.conf.  The problem turned out to be a sync problem between the master
and slave DNS servers.  The serial number of the reverse DNS zone (PTR records)
in the DC was not the same as that in the slave servers.  After forcing the
master/slaves to resync serial numbers, there have been no more winbind hangs.

Note that this problem has not affected any Windows systems nor Samba systems
prior to 3.5.x.  Earlier versions of Samba had no problem with this DNS error. 
A Lenny server running 3.2.5 ran flawlessly the entire time.  A look at
archived logs show that this problem has existed for some time, long before the
3.5 series was released, but caused no visible problem until upgrading to
3.5.x.  I have to assume something has changed in the way that winbind works
relative to DNS queries.

Thanks for leading me in the right direction.

Dale


-- 
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.

More information about the Pkg-samba-maint mailing list