Patrick Rynhart
2008-Jan-02 21:25 UTC
[Samba] winbind initialization: GetDC got invalid response type 21
Hi all, I'm running Samba 3.0.28 on CentOS 5.1 as a PDC. I'm having problems with winbind taking a long to initialize or reconnect to the domain. For example, starting winbind and then checking the trust secret takes ~30 seconds: # time /usr/local/samba/bin/wbinfo -t checking the trust secret via RPC calls succeeded real 0m34.055s user 0m0.008s sys 0m0.019s In the logs I'm getting: Received packet for \MAILSLOT\NET\GETDC51417B82 GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC51417B82 GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC51417B82 GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC51417B82 GetDC got invalid response type 21 Received packet for \MAILSLOT\NET\GETDC51417B82 GetDC got invalid response type 21 winbind eventually appears to fall back to another method to connect. Could anyone please advise how this problem can be fixed ? I have created debug level 10 logs of winbind (with debug hires timestamp). As the logs are too large for the mailing list (with a 64 kb limit) I have uploaded them here: http://www.massey.ac.nz/~prynhart/log.winbindd_20080103.tgz http://www.massey.ac.nz/~prynhart/log.seat-dc1_20080103.tgz http://www.massey.ac.nz/~prynhart/log.130.123.64.84_20080103.tgz The problem is not the initial connection but when winbind needs to reconnect to the domain after a period of inactivity. NSS will then hang and XP clients may then log on using cached credentials (as they believe that no DC is available). This causes the logon script not to run. The global section of my smb.conf file is as follows: [global] workgroup = SEAT server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = ldapsam:ldap://127.0.0.1 lanman auth = No client lanman auth = No client plaintext auth = No log level = 10 log file = /var/log/samba/log.%m debug hires timestamp = Yes smb ports = 139 name resolve order = wins host bcast lmhosts deadtime = 60 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_BROADCAST printcap name = /etc/printcap add user script = /usr/local/smbldaptools/smbldap-useradd -m "%u" delete user script = /usr/local/smbldaptools/smbldap-userdel "%u" add group script = /usr/local/smbldaptools/smbldap-groupadd -p "%g" delete group script = /usr/local/smbldaptools/smbldap-groupdel "%g" add user to group script /usr/local/smbldaptools/smbldap-groupmod -m "%u" "%g" delete user from group script /usr/local/smbldaptools/smbldap-groupmod -x "%u" "%g" set primary group script /usr/local/smbldaptools/smbldap-usermod -g "%g" "%u" add machine script = /usr/local/smbldaptools/smbldap-useradd -w "%u" logon script = netlogon.bat logon path logon home domain logons = Yes os level = 100 preferred master = Yes domain master = Yes wins server = 130.123.128.14 ldap admin dn = cn=admin,dc=seat,dc=massey,dc=ac,dc=nz ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=seat,dc=massey,dc=ac,dc=nz ldap user suffix = ou=users panic action = /usr/share/samba/panic-action %d host msdfs = No idmap domains = ALLDOMAINS idmap backend = ldap:ldap://127.0.0.1 idmap alloc backend = ldap idmap uid = 10000-29000 idmap gid = 10000-29000 winbind use default domain = Yes idmap alloc config:range = 10000 - 50000 idmap alloc config:ldap_url = ldap://127.0.0.1/ idmap alloc config:ldap_base_dn ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap config ALLDOMAINS:range = 10000 - 50000 idmap config ALLDOMAINS:ldap_url = ldap://127.0.0.1/ idmap config ALLDOMAINS:ldap_base_dn ou=idmap,dc=seat,dc=massey,dc=ac,dc=nz idmap config ALLDOMAINS:backend = ldap idmap config ALLDOMAINS:default = yes printing = cups print command = lpr -P'%p' %s; rm %s lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = disable '%p' queueresume command = enable '%p' oplocks = No level2 oplocks = No Regards, Patrick
Reasonably Related Threads
- GetDC got invalid response type 21
- [SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
- [SECURITY] CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd
- [SECURITY] Buffer overrun in send_mailslot()
- idmap_nss: Default domain not being used