Package: winbind Version: 2:3.4.7~dfsg-1~bpo50+1 Severity: important Due to a misconfiguration, we resulted with the following situation: - 3 active directory servers working perfectly - 1 active directory server up, but all ports being blocked by the firewall It appears that this makes winbind unstable. The daemon eventuall does not answer to incoming requests on /tmp/.winbindd/pipe
I report this bug as it may interest others and as it may also occur if the active directory service crashes badly. The steps to reproduce are easy: - refuse incoming connections on active directory (connection closed) as below e...@xxxxxxxxc ~> nmap 172.16.uuu.vv Starting Nmap 4.62 ( http://nmap.org ) at 2010-03-16 17:19 CET All 1715 scanned ports on hostname.fqdn.com (172.16.uuu.vv) are closed Nmap done: 1 IP address (1 host up) scanned in 0.392 seconds After a while, it will eventually block The symptoms are: - if you strace libnss programs, you will see that winbindd refuses to process requests on the /tmp/.winbindd/pipe - You will see such messages: head /var/log/samba/log.winbindd-dc-connect [2010/03/16 03:28:49, 1] libads/cldap.c:166(recv_cldap_netlogon) no reply received to cldap netlogon (ret = -1: Error = Connection refused) /var/log/samba/log.winbindd (at the time it will not work anymore) [2010/03/16 08:52:58, 1] winbindd/winbindd_ads.c:1137(lookup_groupmem) lsa_lookupsids call failed with NT_STATUS_IO_TIMEOUT - retrying... - if you strace winbind processes you will see them sleeping in select() and nothing happens -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (800, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-xen-686 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages winbind depends on: ii adduser 3.110 add and remove users and groups ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libcap2 2.11-2 support for getting/setting POSIX. ii libcomerr2 1.41.3-1 common error description library ii libkrb53 1.6.dfsg.4~beta1-5lenny2 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.11-1+lenny1 OpenLDAP libraries ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libtalloc2 2.0.1-1~bpo50+1 hierarchical pool based memory all hi libwbclient0 2:3.4.7~dfsg-1~bpo50+1 Samba winbind client library ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii samba-common 2:3.4.7~dfsg-1~bpo50+1 common files used by both the Samb ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime winbind recommends no packages. winbind suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
