I recently upgraded our file server from Leap 42.2 to 42.3. After that, the problem occurred, that winbind will run into the following error after 1 or two days.
2018-01-09T13:31:15.810272+01:00 #### winbindd[24397]: Could not write result
2018-01-09T13:31:23.979590+01:00 #### winbindd[24402]: [2018/01/09 13:31:23.979453, 0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
2018-01-09T13:31:23.979823+01:00 #### winbindd[24402]: Could not write result
2018-01-09T13:31:25.814089+01:00 #### winbindd[24403]: [2018/01/09 13:31:25.814011, 0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
The log is then full of these messages.
While it is in this state, new logins or authentications are very slow or will get timeouts. Services which are connected and do not ask for new authentications are usable in a normal way. Connecting to the server via ssh is possible but also slow. After restarting winbind with systemctl, everything is normal (perhaps one has to restart the mail client or other client which made trouble).
Anyone out there has similar problems or knows where the reason is for this behavior?
Are you deploying a standalone SAMBA domain or are you part of a LDAP or AD?
If part of an LDAP or AD, windbind is only optional for whatever reason you might have.
Circumstantially, your description suggesting a missing dependency startup issue.
You might also look at the 50 or so entries <before> the errors start appearing for possible related events.
thanks for your answer. I’m running this server just as a domain member in a W2K8 AD domain. With 42.2 we didn’t encounter this behavior. But what we noticed recently that this error appears with an increasing number of authentication requests.
A workaround that seems to work is a restart of winbind once a day at 6am before work starts.
I’ll check whether I can see any missing startup dependencies.
Consider changing to a setup that doesn’t implement winbind.
Not only will you simplify your setup by not storing a cache of valid AD credentials on your SAMBA server, network authentication and authorization will always be granted by the DCs like what happens for resources deployed on Windows servers.
I was always thinking that winbind is essential for the setup of Samba in Windows AD domain. When I set up the systems some years ago, I did it according to the samba doc and how-tos. But I’ll do some research on it. If I can simplify it and get rid of unused parts, that would be great. But what would I write to e.g. /etc/nsswitch.conf. I have the lines
The behaviour you report warrants a bug report IMHO.
FWIW, I found a mailinglist archive describing the same behaviour. I linked to a post in the thread where a recent user reports the same issue as the OP.
Thank you!
I didn’t find this thread till now. But it is really similar to my problem. After some years, where it worked correctly, an update seems to cause the problem. Perhaps I can find anything in this thread, that is a hint to solve the problem.
If not, I will try to send a bug report to the samba team.
I had a quick look but didn’t find an exiting bug report, but this could be due to a corner case that impacts only a few perhaps. I think you’ll make better progress if you just file a report anyway https://bugzilla.samba.org/enter_bug.cgi
Don’t forget to post a link to any bug report you submit so that other who come searching can find it.