https://bugzilla.novell.com/show_bug.cgi?id=885062 https://bugzilla.novell.com/show_bug.cgi?id=885062#c0 Summary: Winbind using cache even with online DCs Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Samba AssignedTo: samba-maintainers@SuSE.de ReportedBy: luizluca@tre-sc.gov.br QAContact: samba-maintainers@SuSE.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 Hello, Randomly, user authentication with winbind returns this message: Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable However, network is OK, DC (all of them) are online. I checked this with smbcontrol and it seems to be the online: tresc031501:~ # smbcontrol winbind onlinestatus PID 1484: global:Online BUILTIN:Online TRESC031501:Online REDETRESC:Online TRE-SC:Online FYI: TRESC031501:localhost REDETRESC:user domain TRE-SC:trusted foreign domain But winbind keeps using cached auth. Also, no kerberos ticket is created on login. However, I can manually kinit it (does not seems to be a config problem at krb5.conf). I got this msg sometimes in log: [2014/06/30 16:31:53.648582, 0] ../source3/libsmb/cliconnect.c:1843(cli_session_setup_spnego_send) Kinit failed: Cannot contact any KDC for requested realm I changed loglevel to 10 using smbcontrol and got this msgs: ==> /var/log/samba/log.wb-REDETRESC <== [2014/06/30 15:39:50.523160, 4, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1446(child_handler) child daemon request 13 [2014/06/30 15:39:50.523245, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:504(child_process_request_send) request fn PAM_AUTH [2014/06/30 15:39:50.523286, 3, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_pam.c:1627(winbindd_dual_pam_auth) [ 1484]: dual pam auth REDETRESC\luizluca [2014/06/30 15:39:50.523314, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_pam.c:1669(winbindd_dual_pam_auth) winbindd_dual_pam_auth: domain: REDETRESC last was offline [2014/06/30 15:39:50.523335, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_pam.c:858(winbindd_dual_pam_auth_cached) winbindd_dual_pam_auth_cached [2014/06/30 15:39:50.523372, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:596(centry_expired) centry_expired: Key NS/REDETRESC/LUIZLUCA for domain REDETRESC valid as winbindd is globally offline. [2014/06/30 15:39:50.523399, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:732(wcache_fetch) wcache_fetch: returning entry NS/REDETRESC/LUIZLUCA for domain REDETRESC [2014/06/30 15:39:50.523423, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1830(wcache_name_to_sid) name_to_sid: [Cached] - cached name for domain REDETRESC status: NT_STATUS_OK [2014/06/30 15:39:50.523452, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:596(centry_expired) centry_expired: Key CRED/S-1-5-21-1313609982-432800545-848847219-4246 for domain REDETRESC valid as winbindd is globally offline. [2014/06/30 15:39:50.523487, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:732(wcache_fetch) wcache_fetch: returning entry CRED/S-1-5-21-1313609982-432800545-848847219-4246 for domain REDETRESC [2014/06/30 15:39:50.523509, 10, pid=1713, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:1391(wcache_get_creds) wcache_get_creds: [Cached] - cached creds for user S-1-5-21-1313609982-432800545-848847219-4246 status: NT_STATUS_OK [2014/06/30 15:39:50.523553, 10, pid=1713, effective(0, 0), real(0, 0)] ../source3/libsmb/samlogon_cache.c:213(netsamlogon_cache_get) netsamlogon_cache_get: SID [S-1-5-21-1313609982-432800545-848847219-4246] Notice these msg: winbindd_dual_pam_auth: domain: REDETRESC last was offline winbindd_dual_pam_auth_cached centry_expired: Key NS/REDETRESC/LUIZLUCA for domain REDETRESC valid as winbindd is globally offline. Offline? But smbcontrol winbind onlinestatus said it was online? If I enable loglevel to 10 in smb.conf, I cannot reproduce the problem. It seems that winbind get slower on boot and the problem does not occur. I also tried smbcontrol winbind offline/online sequence and got this result: tresc031501:~ # smbcontrol winbind onlinestatus PID 1484: global:Online BUILTIN:Online TRESC031501:Online REDETRESC:Offline TRE-SC:Offline And some time latter: tresc031501:~ # smbcontrol winbind onlinestatus PID 1484: global:Online BUILTIN:Online TRESC031501:Online REDETRESC:Online TRE-SC:Offline With the same "using cache" on authentications. If I reload winbind (using systemctl or smbcontrol), the error does not change. If I restart winbind, it is gone. Any idea where to start to debug it? Reproducible: Sometimes Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.