Every few minutes windbindd posts an error message like:
winbindd: ../source3/libads/ldap.c:552(ads_find_dc)
winbindd: ads_find_dc: name resolution for realm 'XXX.CO'
(domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS
where XXX.CO is the domain name of a company my company
recently acquired and XXX_01 seems to be like they name of
the DCs around here.
I'm assuming winbindd is looking this up on the AD, even
though I have realm/default realm configured in smb.conf,
krb5.conf and no mention of XXX.CO in there or in ldap.conf
(actually nowhere in this box).
How can I shut this thing up? I've also seen, not sure
whether related, winbindd shooting up to 100% CPU (of this
dual core box.)
-- HASM
On 01/02/16 15:14, HASM wrote:> Every few minutes windbindd posts an error message like: > winbindd: ../source3/libads/ldap.c:552(ads_find_dc) > winbindd: ads_find_dc: name resolution for realm 'XXX.CO' > (domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS > > where XXX.CO is the domain name of a company my company > recently acquired and XXX_01 seems to be like they name of > the DCs around here. > > I'm assuming winbindd is looking this up on the AD, even > though I have realm/default realm configured in smb.conf, > krb5.conf and no mention of XXX.CO in there or in ldap.conf > (actually nowhere in this box). > > How can I shut this thing up? I've also seen, not sure > whether related, winbindd shooting up to 100% CPU (of this > dual core box.) > > -- HASM > >How are you running Samba ? What version of Samba ? Can you post (sanitized) versions of smb.conf, /etc/resolv.conf, /etc/krb5.conf Rowland
hasm> Every few minutes windbindd posts an error message like:
hasm> winbindd: ../source3/libads/ldap.c:552(ads_find_dc)
hasm> winbindd: ads_find_dc: name resolution for realm 'XXX.CO'
hasm> (domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS
hasm> How can I shut this thing up? I've also seen, not sure
hasm> whether related, winbindd shooting up to 100% CPU (of this
hasm> dual core box.)
rpenny> How are you running Samba ?
Fedora 23 daily patched.
Samba is enabled and started by systemd.
Status on services smb, nmb and winbind shows them running
with no error or warning messages.
rpenny> What version of Samba ?
Seems to be 4.3.4.1:
samba-4.3.4-1.fc23.x86_64
samba-client-4.3.4-1.fc23.x86_64
samba-client-libs-4.3.4-1.fc23.x86_64
samba-common-4.3.4-1.fc23.noarch
samba-common-libs-4.3.4-1.fc23.x86_64
samba-common-tools-4.3.4-1.fc23.x86_64
samba-devel-4.3.4-1.fc23.x86_64
samba-libs-4.3.4-1.fc23.x86_64
samba-winbind-4.3.4-1.fc23.x86_64
samba-winbind-clients-4.3.4-1.fc23.x86_64
samba-winbind-modules-4.3.4-1.fc23.x86_64
rpenny> Can you post (sanitized) versions of smb.conf,
rpenny> /etc/resolv.conf, /etc/krb5.conf
Below.
-- HASM
------------------------------------------------------------
/etc/resolv.conf
------------------------------------------------------------
;generated by /sbin/dhclient-script
search company.com
nameserver 10.xx.xx.xx
nameserver 10.yy.yy.yy
nameserver 10.zz.zz.zz
------------------------------------------------------------
/etc/krb5.conf
------------------------------------------------------------
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
forwardable = true
rdns = false
default_realm = COMPANY.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
COMPANY.COM = {
kdc = dcxx.company.com:88
admin_server = COMPANY.COM
default_domain = COMPANY.COM
}
[domain_realm]
.company.com = COMPANY.COM
company.com = COMPANY.COM
------------------------------------------------------------
/etc/samba/smb.conf
------------------------------------------------------------
[global]
guest account = nobody
restrict anonymous = 1
hosts allow = 10. 127. 192.168.1.
load printers = no
printing = cups
cups options = raw
logging = systemd
log level = 1
map to guest = bad user
username map = /etc/samba/smbusers
local master = no
domain master = no
preferred master = no
name resolve order = host bcast
wins support = no
server string = HOSTNAME (SAMBA %v)
server signing = auto
client ntlmv2 auth = yes
wins server = dcxx
security = ADS
encrypt passwords = yes
password server = dcxx
workgroup = COMPANY
winbind use default domain = yes
realm = COMPANY.COM
------------------------------------------------------------