Re: [Samba] 'winbind' on the 'shadow' line in nsswitch.conf
- Date: Wed, 27 Feb 2019 10:01:32 +0100
- From: Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] 'winbind' on the 'shadow' line in nsswitch.conf
Mandi! Alexey A Nikitin via samba
In chel di` si favelave...
> I understand that I don't need to add 'winbind' to the 'shadow' line. I also understand that it would be a potential mistake too, since Winbind doesn't implement 'shadow' database (according to the docs, anyway). Problem is, we already got several thousand machines in production with 'winbind' in the 'shadow' line, and they (mostly) appear to be working OK, except for about 2-4% that have intermittent failures of getpwnam() and/or authentication failures. Changing the configuration in those production machines is definitely possible, but I'm trying to understand what's the exact risk of leaving existing machines as-is, and whether there may be any connection between those intermittent auth/getpwnam failures and this config option. Any insight into the system behavior with unimplemented 'shadow' database in nsswitch.conf is appreciated.
I feel i've still hit this, see my thread 'Winbind, cached logons and 'user
Also for be, and absolutely randomly, i've the MTA (Exim) that seems
'forget' user, like getpwnam() return nothing (or, anyway, bad data).
I've spotted this behaviour while rebooting DC, but clearly not all at
the same time, so there was a DC reachable.
I've tried to debug this a bit, but with no success: anytime i try to
trick this, does not trick. ;(
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
To unsubscribe from this list go to the following URL and read the