samba - Feb 2019 - Winbind, cached logons and 'user persistency'...

On Wed, 30 Jan 2019 17:25:19 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> > nscd caches certain things, as does winbind, if you want to run nscd
> > with winbind, you need to stop nscd caching the things that winbind
> > does, when you do this, nscd isn't caching very much, so you might
> > as well not use it.
> 
> Ok. But for some ''incompatibilities'', or because
double-caching some
> data is not smart and error prone (in the case of a negative cache,
> both cache have to be cleaned...)?
From memory, nscd caches /etc/passwd, /etc/group and /etc/hosts.

Winbind caches the first two and this is a Unix domain member, so all
there should be in /etc/hosts is the computers own info & localhost and
if the computer is using DHCP, there only needs to be local host.
So you do not need nscd
> 
> 
> > AH, how does 'exim' look for the user ?
> 
> I've just asked in exim list.
I was wondering if it was being done by an LDAP lookup, you would
definitely need the LDAP server for that, no amount of caching would
work for that ;-)

Rowland

Sorry. Still on this issue.

Today i'm upgrading my DC (with latest 4.5 from louis repo). Note that
i've 7 DC in total.

In site 'PP' i've upgraded samba, then rebooted the container.
reboot
on 'vdcpp2' happen on:

 Feb 11 13:59:52 vdcpp2 shutdown[33452]: shutting down for system reboot

at '14:00:30' bind, ntp and (i suppose) samba was stared.


After that, i've upgraded and rebooted the second DC in that site
(really, the first ;):

 Feb 11 14:03:09 vdcpp1 shutdown[26601]: shutting down for system reboot

again, for 14:04:00 was up&runing.


But the mail server refuse to deliver messages, fortunately all admin
messages to an admin users (was loop: messages undeliverability errors,
email go to postmaster, so to admin, so error, ...).

 2019-02-11 14:02:34 1gtBEG-0006lw-Qm ** admin123 at fvg.lnf.it F=<root at
pp.lnf.it>: Unrouteable address
 2019-02-11 14:02:35 1gtBEI-0006nz-CH ** admin123 at fvg.lnf.it F=<root at
sv.lnf.it>: Unrouteable address
 2019-02-11 14:02:38 1gtBEL-0006pl-P3 ** admin123 at fvg.lnf.it F=<>:
Unrouteable address
 [...]
 2019-02-11 14:05:18 1gtBGv-0007IA-QR ** admin123 at fvg.lnf.it F=<>:
Unrouteable address
 2019-02-11 14:05:18 1gtBGv-0007I9-Sf ** admin123 at fvg.lnf.it F=<>:
Unrouteable address


So again seems to me that, even if there was at least a DC on the site
active (and, indeed there's other 5 DCs offsite!)
stopping/disconnecting the dc ''make users desappearming'' from
at
least exim.


I need to setup a testbed...

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Mon, 11 Feb 2019 14:47:01 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> 
> Sorry. Still on this issue.
> 
> Today i'm upgrading my DC (with latest 4.5 from louis repo). Note that
> i've 7 DC in total.
> 
> In site 'PP' i've upgraded samba, then rebooted the container.
reboot
> on 'vdcpp2' happen on:
> 
>  Feb 11 13:59:52 vdcpp2 shutdown[33452]: shutting down for system
> reboot
> 
> at '14:00:30' bind, ntp and (i suppose) samba was stared.
> 
> 
> After that, i've upgraded and rebooted the second DC in that site
> (really, the first ;):
> 
>  Feb 11 14:03:09 vdcpp1 shutdown[26601]: shutting down for system
> reboot
> 
> again, for 14:04:00 was up&runing.
> 
> 
> But the mail server refuse to deliver messages, fortunately all admin
> messages to an admin users (was loop: messages undeliverability
> errors, email go to postmaster, so to admin, so error, ...).
> 
>  2019-02-11 14:02:34 1gtBEG-0006lw-Qm ** admin123 at fvg.lnf.it
> F=<root at pp.lnf.it>: Unrouteable address 2019-02-11 14:02:35
> 1gtBEI-0006nz-CH ** admin123 at fvg.lnf.it F=<root at sv.lnf.it>:
> Unrouteable address 2019-02-11 14:02:38 1gtBEL-0006pl-P3 **
> admin123 at fvg.lnf.it F=<>: Unrouteable address [...] 2019-02-11
> 14:05:18 1gtBGv-0007IA-QR ** admin123 at fvg.lnf.it F=<>: Unrouteable
> address 2019-02-11 14:05:18 1gtBGv-0007I9-Sf ** admin123 at fvg.lnf.it
> F=<>: Unrouteable address
> 
> 
> So again seems to me that, even if there was at least a DC on the site
> active (and, indeed there's other 5 DCs offsite!)
> stopping/disconnecting the dc ''make users desappearming''
from at
> least exim.
> 
> 
> I need to setup a testbed...
> 
It sounds to me that 'exim' is using LDAP for its lookups and is NOT
using any cache (winbind or otherwise). So when the LDAP source goes
away, so do your users.

Rowland