samba - Feb 2005 - Authentication issues causing smbd processes to stop

I'm running samba 3.0.11 on SuSE Linux Pro 9.2.

RPM's:

samba-doc-3.0.11-0.1
samba-client-3.0.11-0.1
samba-3.0.11-0.1
samba-winbind-3.0.11-0.1
libsmbclient-3.0.11-0.1

Kernel :

Linux printserver 2.6.8-24-smp #1 SMP Wed Oct 6 09:16:23 UTC 2004 i686 i686
i386 GNU/Linux

The server is currently serving up only printing to a network of 170ish
users.

Printing was originally being handled by CUPS, however we saw very heavy
load on the CUPSD process (15%+) constantly, and decided to switch to LPRNG
to see if this "lighter" protocol would alleviate the problems.

All symptons detailed in this email are evident with both CUPS and LPRNG.

Authentication is handled by winbind which is configured to authenticate to
an NT4 PDC and NT4 BDC.

After a few hours, the following errors start appearing in my log files :

[2005/02/24 16:45:38, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(429)
  winbindd_pam_auth_crap: non-privileged access denied.  !
  winbindd_pam_auth_crap: Ensure permissions on
/var/lib/samba/winbindd_privileged are set correctly.
[2005/02/24 16:45:38, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)
  NTLM CRAP authentication for user [(null)]\[(null)] returned
NT_STATUS_ACCESS_DENIED (PAM: 4)

Users cannot print, nor can they open "Settings > Printers".

When I try to restart SAMBA with

rcsmb stop
rcsmb start

It doesn't stop all the smbd processes first time, I have to perform two
"rcsmb stop" commands.

In normal running, we see the following output in "top".

28189 root      16   0  8188 3528 7020 S  2.9  0.7   1:50.85 winbindd
28195 MPLC+mcf  15   0 18232  12m 8692 S  1.4  2.4   0:10.50 smbd
28161 MPLC+sme  15   0 20312  14m 8644 S  0.7  2.9   0:22.83 smbd
28159 root      25   0  9448 3336 8440 S  0.5  0.6   0:07.46 smbd
28191 MPLC+mac  15   0 21532  15m 8644 S  0.3  3.1   0:24.89 smbd

When the error messages occur, winbindd, and one or more smbd processes will
rise to 20+% of CPU.

I suspect that the authentication through winbind is causing the problem,
and in fact the very reason I have a separate print server box is that
previously printing and file sharing was on the same box and the smbd
hanging was causing havoc with user's file access. I split the two functions
onto separate servers to see where the problem moved, and the file server is
now sitting idle most of the time. It would seem that it's the printing that
causes most of the winbindd activity.

I don't know if it's related, but we are also seeing loads of failed
authentication messages for "local" i.e. linux user accounts, such as 

nsswitch/winbindd_group.c:winbindd_getgroups(1032)
  user 'root' does not exist
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)
  NTLM CRAP authentication for user [MPLC]\[root] returned
NT_STATUS_WRONG_PASSWORD (PAM: 7)
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(642)
  NTLM CRAP authentication for user [MPLC]\[root] returned
NT_STATUS_WRONG_PASSWORD (PAM: 7)

I'm hoping that someone has come across similar problems, although I've
tried looking through the archives and googling without any success.

Cheers
Gordon

________________________________________________________________________
Mortgages plc is authorised and regulated by the Financial Services 
Authority.  Your home may be repossessed if you do not keep up
repayments on your mortgage.  Please note that not all types of
mortgages are regulated by the Financial Services Authority.

This e-mail has been scanned for all viruses by Star. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________