Josh T
2006-Mar-21 21:35 UTC
[Samba] 2 Windows DCs, one crashes, PAM Winbind stops working
Hi,
I am using Winbind & NSS/PAM on Debian Linux, joined to a Windows 2000
AD Domain, to provide email (SMTP/POP3) based on Windows username and
password. I have two Windows 2000 Servers for domain controllers, DC1
and DC2. Over the weekend DC2 had a CPU fan fail and it overheated and
crashed. Once DC2 failed, PAM Winbind stopped working and my users
could no longer log into their email until I fixed DC2.
I would have thought that Samba would use DC1 if DC2 was unavailable?
Does anyone know what is wrong with my config or else what I could do to
avoid this in the future?
The only thing I could find was in log.nmbd - a network printer is
responding to WINS, a firmware upgrade which I will apply as soon as I
can changes this to "Printer (WINS request) responds only when queried
specifically by name." I don't know if this relates to my problem
though. 192.168.1.40 and 192.168.1.41 are the ip addresses of the email
server, 192.168.1.36 is the ip address of printer:
[2006/03/20 16:20:22, 0] nmbd/nmbd_namequery.c:query_name_response(101)
query_name_response: Multiple (2) responses received for a query on
subnet 192.168.1.41 for name MYDOMAIN<1d>.
This response was from IP 192.168.1.36, reporting an IP address of
0.0.0.0.
[2006/03/20 16:20:22, 0] nmbd/nmbd_namequery.c:query_name_response(101)
query_name_response: Multiple (2) responses received for a query on
subnet 192.168.1.40 for name MYDOMAIN<1d>.
This response was from IP 192.168.1.36, reporting an IP address of
0.0.0.0.
Thanks for any help,
Josh
Samba version is "3.0.14a-Debian", here is my config:
mail:~# cat /etc/samba/smb.conf
[global]
workgroup = MYDOMAIN
netbios name = MAIL
security = ADS
realm = MYDOMAIN.LOCAL
encrypt passwords = true
password server = DC1.MYDOMAIN.LOCAL DC2.MYDOMAIN.LOCAL
hosts allow = 192.168.1. 127.
log file = /var/log/samba/log.%m
log level = 0
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
#testing ldap idmap backend
ldap admin dn = cn=admin,dc=mydomain,dc=local
ldap ssl = off
ldap suffix = dc=mydomain,dc=local
idmap backend = ldap:ldap://127.0.0.1
ldap idmap suffix = ou=Idmap
template homedir = /mnt/shared/homes/%U
obey pam restrictions = yes
#do not become a master browser
local master = no
mail:~# cat /etc/pam.d/popa3d
# PAM configuration for popa3d
#@include common-auth
#@include common-account
auth required pam_winbind.so
account required pam_winbind.so
mail:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this
file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Thomas Limoncelli
2006-Mar-21 23:04 UTC
[Samba] 2 Windows DCs, one crashes, PAM Winbind stops working
Josh T wrote:> I am using Winbind & NSS/PAM on Debian Linux, joined to a Windows 2000 > AD Domain, to provide email (SMTP/POP3) based on Windows username and > password. I have two Windows 2000 Servers for domain controllers, DC1 > and DC2. Over the weekend DC2 had a CPU fan fail and it overheated and > crashed. Once DC2 failed, PAM Winbind stopped working and my users > could no longer log into their email until I fixed DC2. > > I would have thought that Samba would use DC1 if DC2 was unavailable? > Does anyone know what is wrong with my config or else what I could do to > avoid this in the future?Similar issues have been discussed before: http://groups.google.com/group/mailing.unix.samba/browse_thread/thread/57257abf85204cca/2bdf4975abe3af9d I'd recommend upgrading to 3.0.21c (Debian packages available) to fix the known issues. -TL