Ubuntu
samba package

winbind loose domain join after reboot

Bug #1291951 reported by Thomas
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After a reboot we have to rejoin our server with "net ads join -U administrator" to the domain.

I think, it has something to do, that files in /var/run/ (and /var/cache/? ) get cleared on reboot.

We connect to a Windows 2008 R2 Domain Controller.

root@proxysrv:~# ls -lah /var/lib/samba/
insgesamt 200K
drwxr-xr-x 2 root root 4,0K Mär 1 2013 .
drwxr-xr-x 42 root root 4,0K Jul 30 2013 ..
-rw------- 1 root root 36K Dez 10 2012 account_policy.tdb
-rw------- 1 root root 40K Mär 1 2013 group_mapping.tdb
-rw------- 1 root root 36K Dez 10 2012 passdb.tdb
-rw------- 1 root root 44K Mär 12 18:33 secrets.tdb
-rw-r--r-- 1 root root 36K Mär 1 2013 winbindd_idmap.tdb

root@proxysrv:~# ls -lah /var/run/samba/
insgesamt 112K
drwxr-xr-x 4 root root 200 Mär 13 11:49 .
drwxr-xr-x 17 root root 700 Mär 13 11:40 ..
-rw-r--r-- 1 root root 40K Mär 13 11:49 gencache_notrans.tdb
-rw-r--r-- 1 root root 44K Mär 13 11:49 gencache.tdb
-rw------- 1 root root 12K Mär 12 18:33 messages.tdb
-rw------- 1 root root 696 Mär 7 06:38 mutex.tdb
-rw-r--r-- 1 root root 8,0K Mär 7 06:38 serverid.tdb
drwxr-xr-x 2 root root 60 Mär 13 11:49 smb_krb5
-rw-r--r-- 1 root root 5 Mär 7 06:38 winbindd.pid
drwxr-x--- 2 root winbindd_priv 60 Mär 7 06:38 winbindd_privileged

root@proxysrv:~# ls -lah /var/run/samba/smb_krb5/
insgesamt 4,0K
drwxr-xr-x 2 root root 60 Mär 13 11:49 .
drwxr-xr-x 4 root root 200 Mär 13 11:49 ..
-rw-r--r-- 1 root root 327 Mär 13 11:49 krb5.conf.DOMAIN

root@proxysrv:~# dir /var/cache/samba/
insgesamt 144K
drwxr-xr-x 2 root root 4,0K Mär 7 06:38 .
drwxr-xr-x 12 root root 4,0K Dez 11 2012 ..
-rw------- 1 root root 104K Mär 13 12:50 netsamlogon_cache.tdb
-rw------- 1 root root 32K Mär 13 11:49 winbindd_cache.tdb

Any suggestions?

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: winbind 2:3.6.3-2ubuntu2.9
ProcVersionSignature: Ubuntu 3.2.0-60.91-generic 3.2.55
Uname: Linux 3.2.0-60-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: amd64
Date: Thu Mar 13 12:46:16 2014
InstallationMedia: Ubuntu-Server 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120817.3)
MarkForUpload: True
ProcEnviron:
 TERM=screen
 PATH=(custom, no user)
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SambaClientRegression: No
SourcePackage: samba
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Thomas (t.c) wrote :
description: updated
Thomas (t.c)
description: updated
Thomas (t.c)
description: updated
Revision history for this message
Thomas (t.c) wrote :

Ok, when I read this* all tlb´s from /var/run/ and /var/cache/samba/ get automatically cleared on start from samba/winbind - only mutex.tdb not? But on this Page** I can read, that netsamlogon_cache.tdb (from /var/cache/) should be preserved?!

Whats with the /var/run/samba/smb_krb5/krb5.conf.DOMAIN? Possible the file cant get created on boot?

* https://wiki.samba.org/index.php/TDB_Locations
** http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/tdb.html

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
Revision history for this message
Michael Rodrigues (mikebrodrigues) wrote :

I also find that I need to rerun "net ads join" after reboot, but my netsamlogon_cache.tdb file is not being cleared at reboot.

Revision history for this message
Michael Rodrigues (mikebrodrigues) wrote :

I ran `sudo tdbbackup *.tdb` in /var/lib/samba and my join is persisting even with multiple reboots.

Revision history for this message
Michael Rodrigues (mikebrodrigues) wrote :

Turns out the tdbbackup method was a red herring. What I am seeing though is that I can use "net ads testjoin" to rebind without having to authenticate. Running this with debug I see that the /var/run/samba/smb_krb5/krb5.conf.DOMAIN file is generated.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.