Elvar
2008-Jan-24 09:15 UTC
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
Hello, Can someone tell me how to resolve the "winbindd: Exceeding 200 client connections, no idle connection found" error in my log.winbind? I see tons of them on a regular basis. samba-3.0.28,1 squid-2.6.18 FreeBSD 6.2-STABLE #1: Thu Mar 15 01:46:50 CDT 2007 Kind regards, Elvar
Elvar
2008-Jan-25 08:26 UTC
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
Is there a way to allow more than 200 connections? Elvar wrote:> Hello, > > Can someone tell me how to resolve the "winbindd: Exceeding 200 client > connections, no idle connection found" error in my log.winbind? I see > tons of them on a regular basis. > > samba-3.0.28,1 > squid-2.6.18 > FreeBSD 6.2-STABLE #1: Thu Mar 15 01:46:50 CDT 2007 > > > > > Kind regards, > Elvar >
Elvar
2008-Feb-19 17:55 UTC
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
I know I'm beating a dead dog asking about this but I still haven't seen a resolution. Can anyone out there tell me how to fix this? When this happens my users cannot get past the Squid proxy and are presented with an authentication popup window in their browser which does not let them past until the 200 connections limit is no longer maxed out. There are probably 500 computers total at this facility and sometimes more than 200 connections is needed. Kind regards, Elvar
Jason Haar
2008-May-30 21:37 UTC
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
Elvar wrote:> > I meant to respond to this a long time ago and I'm sorry for the > delay. Yes, I'm using NTLM to authenticate the users to Active > Directory requiring specific group membership. If the users don't > belong to group "Internet Access" they are denied out. I can stomach > the lack of encryption, but with basic proxy auth can they still > authenticate to AD? >Absolutely. There is no difference in Squid's ntlm_auth functionality between choosing Basic or NTLM/Negotiate. ie you can still do group-based access controls using Basic. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Copied to list. (Forgot to hit 'Reply All'_ On Mon, Jun 2, 2008 at 3:02 PM, Rob Shinn <rob.shinn@gmail.com> wrote:> > I can ping each server's IP from the other server. The following nmblookup >> commands both work: > > > Hi, Misty: > > The all-important question is not whether you can ping each server's IP > address from the other server, but can you ping each server *by* *name* from > the other. In otherwords, can you type 'ping corpsrv' from furnsrv and get > a response? > > In order for cross-subnet browsing to work, it is /essential/ that this > work. The easiest way to get this working if you don't already have a DNS > server is to add CORPSRV and FURNSRV to each machines' /etc/hosts file. > > >