Hall, Ken (ECSS)
2003-Feb-24 16:04 UTC
[Samba] Recovery from Domain/WINS Outage - Didn't work well
We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode. This morning we lost contact with our PDC, and for about 2 hours, users were unable to logon. After chasing this down, we determined that we were also unable to contact the WINS server defined in smb.conf. Our backup WINS server was available, but it seems Samba only supports one WINS server in smb.conf, so this didn't help much. After manually switching to the other WINS server, we were able to connect. We're still new with this, and so far Samba isn't looking too reliable to our management. This is the second time a WINS-related problem has knocked us down while the Windows servers remained available. I'm assuming we're still only allowed to specify a single WINS server. Does anyone have any idea if this will be fixed anytime soon? Should Samba have recovered from the DC outage? It appears that after losing contact with the DC, it went back to WINS, and tried to get a new list. Does it only try the first DC on the list, or does it work down till it finds a good one? Am I correct in assuming that being unable to connect to the WINS server would prevent this from happening? Thanks in advance for any info you can provide.
John H Terpstra
2003-Feb-24 17:43 UTC
[Samba] Recovery from Domain/WINS Outage - Didn't work well
On Mon, 24 Feb 2003, Hall, Ken (ECSS) wrote:> We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode. > > This morning we lost contact with our PDC, and for about 2 hours, users > were unable to logon. After chasing this down, we determined that we > were also unable to contact the WINS server defined in smb.conf. Our > backup WINS server was available, but it seems Samba only supports one > WINS server in smb.conf, so this didn't help much. After manually > switching to the other WINS server, we were able to connect. > > We're still new with this, and so far Samba isn't looking too reliable > to our management. This is the second time a WINS-related problem has > knocked us down while the Windows servers remained available. > > I'm assuming we're still only allowed to specify a single WINS server. > Does anyone have any idea if this will be fixed anytime soon?Yes, in Samba-3.0.0 which is currently in Alpha test. Should be released around April. You might want to download it and try it before then. We can do with your feedback.> > Should Samba have recovered from the DC outage? It appears that after > losing contact with the DC, it went back to WINS, and tried to get a new > list. Does it only try the first DC on the list, or does it work down > till it finds a good one? Am I correct in assuming that being unable to > connect to the WINS server would prevent this from happening?If Samba can not resolve the netbios name to an IP address then obviously it can not find the machine it needs to communicate with. If WINS goes down, then in effect you can be hosed. - John T. -- John H Terpstra Email: jht@samba.org
Christopher R. Hertel
2003-Feb-24 18:00 UTC
[Samba] Re: Recovery from Domain/WINS Outage - Didn't work well
"Hall, Ken (ECSS)" wrote:> > We're using Samba 2.2.5 and 2.2.7 in SECURITY=DOMAIN mode. > > This morning we lost contact with our PDC, and for about 2 hours, users > were unable to logon. After chasing this down, we determined that we > were also unable to contact the WINS server defined in smb.conf. Our > backup WINS server was available, but it seems Samba only supports one > WINS server in smb.conf, so this didn't help much. After manually > switching to the other WINS server, we were able to connect.WINS failover has been implemented. It may, however, only be available in the 3.0 beta. I am not sure. I wrote the original implementation but Tridge came up with a (much) better way to handle this.> We're still new with this, and so far Samba isn't looking too reliable to > our management. This is the second time a WINS-related problem has > knocked us down while the Windows servers remained available.Was the missing WINS server a Samba server or a Windows box? In all seriousness, we did not bother implementing WINS failover because the Samba-based WINS servers generally didn't go down. The decision to add it came from pressure from people who used Samba in a primarily Windows environment.> I'm assuming we're still only allowed to specify a single WINS server. > Does anyone have any idea if this will be fixed anytime soon?You might try putting in two IP addresses separated by a colon. The first will be the primary and the second the secondary WINS server. The code that makes this work is in 2.2.7 *but it was not completed* so it was left undocumented. It is a beta feature in 2.2.x.> Should Samba have recovered from the DC outage? It appears that after > losing contact with the DC, it went back to WINS, and tried to get a new > list. Does it only try the first DC on the list, or does it work down > till it finds a good one? Am I correct in assuming that being unable to > connect to the WINS server would prevent this from happening?When a client sends a query for a <1C> name the Windows WINS server responds by sending a list of IPs. This is correct per the RFCs, but unusual for WINS (Microsoft's original implementation was kludged such that it replies to group name queries by sending only the limited broadcast address: 255.255.255.255). Anyway, the first entry in the list of <1C> names is the PDC. All others are BDCs.> Thanks in advance for any info you can provide.Hope that's somewhat useful. Chris -)----- -- Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)----- crh@ubiqx.mn.org OnLineBook -- http://ubiqx.org/cifs/ -)----- crh@ubiqx.org