'Re: [Samba] 'winbind' on the 'shadow' line in nsswitch.conf'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [Samba] 'winbind' on the 'shadow' line in nsswitch.conf
From:       Marco Gaiarin via samba <samba () lists ! samba ! org>
Date:       2019-02-27 9:01:32
Message-ID: 20190227090132.GE3578 () sv ! lnf ! it
[Download RAW message or body]

Mandi! Alexey A Nikitin via samba
  In chel di` si favelave...

> I understand that I don't need to add 'winbind' to the 'shadow' line. I also \
> understand that it would be a potential mistake too, since Winbind doesn't \
> implement 'shadow' database (according to the docs, anyway). Problem is, we already \
> got several thousand machines in production with 'winbind' in the 'shadow' line, \
> and they (mostly) appear to be working OK, except for about 2-4% that have \
> intermittent failures of getpwnam() and/or authentication failures. Changing the \
> configuration in those production machines is definitely possible, but I'm trying \
> to understand what's the exact risk of leaving existing machines as-is, and whether \
> there may be any connection between those intermittent auth/getpwnam failures and \
> this config option. Any insight into the system behavior with unimplemented \
> 'shadow' database in nsswitch.conf is appreciated.

I feel i've still hit this, see my thread 'Winbind, cached logons and 'user
persistency'...'.

Also for be, and absolutely randomly, i've the MTA (Exim) that seems
'forget' user, like getpwnam() return nothing (or, anyway, bad data).

I've spotted this behaviour while rebooting DC, but clearly not all at
the same time, so there was a DC reachable.


I've tried to debug this a bit, but with no success: anytime i try to
trick this, does not trick. ;(

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della BontĂ , 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic