Mikael M. Hansen
2006-Nov-20 15:11 UTC
[Samba] Winbindd and idletimeout on the LDAP server
Hi We have a problem with samba (winbind) when we enable idletimeout on the OpenLDAP servers. If it is set we sometimes get an error: mhansen@scenic32:~> smbclient -Umhansen //cups/p6 Password: session setup failed: NT_STATUS_IO_TIMEOUT The log entries (log.wb-DOMAIN)on the DOMAIN MEMBER server (cups in this case) are: [2006/11/20 14:24:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine BDC pipe \NETLOGON fnum 0x7357returned critical error. Error was Call timed out: server did not respond after 10000 milliseconds [2006/11/20 14:24:07, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x7357 to machine BDC. Error was Call timed out: server did not respond after 10000 milliseconds It should be said that we sometimes also see the same errors when the connection is successful. I would like to include some more debug info from the BDC/PDC server involved in the connection. But I need some info on which part of samba to increase the log for. If we remove the idletimeout from the ldap servers we no longer get this type of errors. Is it possible that samba does not check if the connection to the LDAP is still valid (not closed on the server side) and returns an error - due to the timeout - to the client rather than re-establishing the connection? -- MVH / Best regards Mikael M. Hansen
Mikael M. Hansen
2006-Nov-22 08:32 UTC
[Samba] Winbindd and idletimeout on the LDAP server
Hi Sorry, forgot to mention which versions we run. The samba servers (PDC,BDC and CUPS) are all running 3.0.23d. OpenLDAP is 2.3.27. All are compiled from source. I've noticed that increasing the value of idletimeout from 15 to 60 on the LDAP servers makes the errors appear less often - but they still appears. Any hints on where to look for more specific debug logging on the PDC/BDC servers? Mikael M. Hansen wrote:> Hi > > We have a problem with samba (winbind) when we enable idletimeout on the > OpenLDAP servers. If it is set we sometimes get an error: > > mhansen@scenic32:~> smbclient -Umhansen //cups/p6 > Password: > session setup failed: NT_STATUS_IO_TIMEOUT > > The log entries (log.wb-DOMAIN)on the DOMAIN MEMBER server (cups in this > case) are: > > [2006/11/20 14:24:07, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) > rpc_api_pipe: Remote machine BDC pipe \NETLOGON fnum 0x7357returned > critical error. Error was Call timed out: server did not respond after > 10000 milliseconds > [2006/11/20 14:24:07, 1] libsmb/clientgen.c:cli_rpc_pipe_close(376) > cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x7357 to > machine BDC. Error was Call timed out: server did not respond after > 10000 milliseconds > > It should be said that we sometimes also see the same errors when the > connection is successful. I would like to include some more debug info > from the BDC/PDC server involved in the connection. But I need some info > on which part of samba to increase the log for. > > > > If we remove the idletimeout from the ldap servers we no longer get this > type of errors. > > Is it possible that samba does not check if the connection to the LDAP > is still valid (not closed on the server side) and returns an error - > due to the timeout - to the client rather than re-establishing the > connection? > >-- MVH / Best regards Mikael M. Hansen IT-administrator Computer Science Dept. Email: mhansen@cs.aau.dk Aalborg University Phone: +45 9635 8905 Fredrik Bajers Vej 7E Room: E2-121 DK-9220 Aalborg, Denmark