samba - Feb 2003 - Recovery from Domain/WINS Outage - Didn't work well

We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode.

This morning we lost contact with our PDC, and for about 2 hours, users were
unable to logon.  After chasing this down, we determined that we were also
unable to contact the WINS server defined in
smb.conf.  Our backup WINS server was available, but it seems Samba only
supports one WINS server in smb.conf, so this didn't help much.  After
manually switching to the other WINS server, we were
able to connect.

We're still new with this, and so far Samba isn't looking too reliable
to our management.  This is the second time a WINS-related problem has knocked
us down while the Windows servers remained
available.

I'm assuming we're still only allowed to specify a single WINS server. 
Does anyone have any idea if this will be fixed anytime soon?

Should Samba have recovered from the DC outage?  It appears that after losing
contact with the DC, it went back to WINS, and tried to get a new list.  Does it
only try the first DC on the list, or
does it work down till it finds a good one?  Am I correct in assuming that being
unable to connect to the WINS server would prevent this from happening?

Thanks in advance for any info you can provide.

On Mon, 24 Feb 2003, Hall, Ken (ECSS) wrote:
> We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode.
>
> This morning we lost contact with our PDC, and for about 2 hours, users
> were unable to logon.  After chasing this down, we determined that we
> were also unable to contact the WINS server defined in smb.conf.  Our
> backup WINS server was available, but it seems Samba only supports one
> WINS server in smb.conf, so this didn't help much.  After manually
> switching to the other WINS server, we were able to connect.
>
> We're still new with this, and so far Samba isn't looking too
reliable
> to our management.  This is the second time a WINS-related problem has
> knocked us down while the Windows servers remained available.
>
> I'm assuming we're still only allowed to specify a single WINS
server.
> Does anyone have any idea if this will be fixed anytime soon?
Yes, in Samba-3.0.0 which is currently in Alpha test. Should be released
around April. You might want to download it and try it before then. We can
do with your feedback.
>
> Should Samba have recovered from the DC outage?  It appears that after
> losing contact with the DC, it went back to WINS, and tried to get a new
> list.  Does it only try the first DC on the list, or does it work down
> till it finds a good one?  Am I correct in assuming that being unable to
> connect to the WINS server would prevent this from happening?
If Samba can not resolve the netbios name to an IP address then obviously
it can not find the machine it needs to communicate with. If WINS goes
down, then in effect you can be hosed.

- John T.
-- 
John H Terpstra
Email: jht@samba.org

"Hall, Ken (ECSS)" wrote:
> 
> We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode.
> 
> This morning we lost contact with our PDC, and for about 2 hours, users
> were unable to logon.  After chasing this down, we determined that we
> were also unable to contact the WINS server defined in smb.conf.  Our
> backup WINS server was available, but it seems Samba only supports one
> WINS server in smb.conf, so this didn't help much.  After manually
> switching to the other WINS server, we were able to connect.
WINS failover has been implemented.  It may, however, only be available in
the 3.0 beta.  I am not sure.  I wrote the original implementation but
Tridge came up with a (much) better way to handle this.
> We're still new with this, and so far Samba isn't looking too
reliable to
> our management.  This is the second time a WINS-related problem has
> knocked us down while the Windows servers remained available.
Was the missing WINS server a Samba server or a Windows box?  In all
seriousness, we did not bother implementing WINS failover because the
Samba-based WINS servers generally didn't go down.  The decision to add it
came from pressure from people who used Samba in a primarily Windows
environment.
> I'm assuming we're still only allowed to specify a single WINS
server.
> Does anyone have any idea if this will be fixed anytime soon?
You might try putting in two IP addresses separated by a colon.  The first
will be the primary and the second the secondary WINS server.  The code that
makes this work is in 2.2.7 *but it was not completed* so it was left
undocumented.  It is a beta feature in 2.2.x.
> Should Samba have recovered from the DC outage?  It appears that after
> losing contact with the DC, it went back to WINS, and tried to get a new
> list.  Does it only try the first DC on the list, or does it work down
> till it finds a good one?  Am I correct in assuming that being unable to
> connect to the WINS server would prevent this from happening?
When a client sends a query for a <1C> name the Windows WINS server
responds
by sending a list of IPs.  This is correct per the RFCs, but unusual for
WINS (Microsoft's original implementation was kludged such that it replies
to group name queries by sending only the limited broadcast address:
255.255.255.255).  Anyway, the first entry in the list of <1C> names is
the
PDC.  All others are BDCs.
> Thanks in advance for any info you can provide.
Hope that's somewhat useful.

Chris -)-----

-- 
Samba Team -- http://www.samba.org/     -)-----   Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/   -)-----   ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/     -)-----   crh@ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/    -)-----   crh@ubiqx.org