Bug 11397 - vicious cycle of more and more client connections in winbindd
Summary: vicious cycle of more and more client connections in winbindd
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.2.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
Depends on:
Reported: 2015-07-13 09:33 UTC by Uri Simchoni
Modified: 2016-08-09 12:04 UTC (History)
2 users (show)

See Also:

Proposed fix (25.84 KB, patch)
2015-07-13 19:36 UTC, Uri Simchoni
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Uri Simchoni 2015-07-13 09:33:29 UTC
When the rate of requests made by winbindd clients (mostly smbd processes) exceeds winbindd's ability to service those requests, a vicious cycle is created wherein the clients re-open the connection to winbindd in order to retry, winbindd does not cancel the pending request and does not close its end of the client connection, and so more and more requests get piled and more and more client connections get open, until the file descriptor limit is exhausted.

This of course be simulated, but appears to have happened in actual customer setups, in combination with bugs 11259 and 11267 (each session setup requires an ldap query, and the query opens a new connection which involves lengthy handshake with the domain controller)
Comment 1 Uri Simchoni 2015-07-13 19:36:34 UTC
Created attachment 11253 [details]
Proposed fix

This is v6 of a fix that has been circling samba-technical for a while now.
Comment 2 Andreas Schneider 2016-08-09 12:04:16 UTC
This has been pushed upstream with 2c1c567ee1a59fa7bf09be0ed0554d2dc01cd0b9 and is in Samba 4.3.0 and newer.