Alexander Menk
2007-Feb-26 22:30 UTC
[Samba] winbind-client: irregular "Connection reset by peer" errors when using Win 2003 server
Hello!
I've integrated samba into an existing NT Domain managed by a windows
2003 server. Recently I'm have trouble to use the "groups" command
get
the group of domain users. It worked well for weeks (but perhaps after
setting up an ldap-connection to the same server via the apache2 module
auth_ldap), there are irregular connection-losses, so winbind seems not
to be able to retrieve the groupnames. Sure, there are some possible
workarounds, but it would be nice to have a stable connection to the DC.
Perhaps there is any nice way to auto-resume that winbind-lookup-connection?
## I try to get the group-membership of username:
$ groups DOMAIN-NAME\\username
id: cannot find name for group ID 16777235
## sometimes a second try work's .. but now it doesn't seem to help...
$ groups DOMAIN-NAME\\username
id: cannot find name for group ID 16777235
## log:
$ tail /var/log/samba/log.wb-DOMAIN-NAME
[2007/02/26 22:21:14, 0] lib/util_sock.c:write_data(559)
write_data: write failure. Error = Connection reset by peer
[2007/02/26 22:21:14, 0] libsmb/clientgen.c:write_socket(138)
write_socket: Error writing 190 bytes to socket 3: ERRNO = Connection
reset by peer
[2007/02/26 22:21:14, 0] libsmb/clientgen.c:cli_send_smb(168)
Error writing 190 bytes to client. -1 (Connection reset by peer)
[2007/02/26 22:21:14, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790)
rpc_api_pipe: Remote machine SERVER01 pipe \NETLOGON fnum
0xc00creturned critical error. Error was Write error: Connection reset
by peer
## only after restarting winbind it works:
self@server03:/var/log/samba$ sudo /etc/init.d/winbind restart
* Restarting the Winbind daemon winbind
[ ok ]
$ groups DOMAIN-NAME\\username
DOMAIN-NAME\\username : DOMAIN-NAME\dom?nen-benutzer ntadmin
DOMAIN-NAME\technik
## log for the case it worked
$ tail /var/log/samba/log.wb-DOMAIN-NAME
[2007/02/26 22:26:14, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375)
cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0xc00c to
machine SERVER01. Error was Write error: Connection reset by peer
[2007/02/26 22:26:14, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(533)
Doing kerberos session setup
[2007/02/26 22:29:55, 0] nsswitch/winbindd_dual.c:child_read_request(49)
Got invalid request length: 0
[2007/02/26 22:29:57, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(533)
Doing kerberos session setup
Any Ideas?
TIA!
--
Alexander Menk
Gerald (Jerry) Carter
2007-Mar-01 15:19 UTC
[Samba] winbind-client: irregular "Connection reset by peer" errors when using Win 2003 server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Alexander Menk wrote:> Hello! > > I've integrated samba into an existing NT Domain managed > by a windows 2003 server. Recently I'm have trouble > to use the "groups" command get the group of domain > users. It worked well for weeks (but perhaps after > setting up an ldap-connection to the same server via > the apache2 module auth_ldap), there are irregularWinbindd and apache don't share ldap sessions.> connection-losses, so winbind seems not to be able > to retrieve the groupnames. Sure, there are some possible > workarounds, but it would be nice to have a stable > connection to the DC. Perhaps there is any nice > way to auto-resume that winbind-lookup-connection?Seems like the DC dropping what it thinks are idle connections. We should reconnect. Could you test 3.0.25pre1 and let me know if that behaves any better? cheers, jerry ====================================================================Samba ------- http://www.samba.org Centeris ----------- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5u78IR7qMdg1EfYRAg/7AJ9TIx8LsQ0LqS5XzwbsrPrJJMGQrgCfdkUn S9M0MS9bZiYzI8GHs1eQIog=/IxA -----END PGP SIGNATURE-----