Created attachment 7541 [details] Samba log files using default message level Upon booting Fedora 16 (kernel 3.3.4), winbind is defunct. Logging in via X times out. Booting into init level 3, logging in takes ~20 seconds after typing in the password. sudo su - hangs after entering a password, can only ctrl/c out. This machine is configured as a domain member using domain security.
This machine is being used as a department level server. The domain controller is using Windows 2003 R2.
Looks like there is a problem with your cacheing tdb: [2012/05/09 17:58:46.521120, 0] winbindd/winbindd_cache.c:4037(cache_traverse_validate_fn) cache_traverse_validate_fn: key length too large: (1031) > (1024) Can you try moving winbind_cache.tdb to another location and retry ?
Created attachment 7549 [details] Debug level 3, winbindd debug level 10 log files The winbindd cache .tdb file was moved and the system was rebooted. The long keys error is now gone, but still no joy. The winbindd process is still defunct.
I re-ran the test with winbind really set to log level 10 and no other changes. Now it connects properly. Reset the log level back to defaults, rebooted, and the system is working OK. You can mark the bug closed and I will monitor and re-open if needed.
Closing out bug report as requested by the reporter.
Similar problem here, 3.6.5, FreeBSD: cache_traverse_validate_fn: key length too large: (1029) > (1024) In the tdb dump I've found this entry: key(1029) = "NDR/AD/2/\..." So there really is a long key. What to do know? I have the whole tdb file and a maximum level debug log...
After removing the cache.tdb there is no such long entry, even after enumerating/listing all groups (~2000) and users (~30000). In both cases (database with an without the long key) "smbcontrol winbindd validate-cache" says: Winbindd cache is valid. How to debug this now...?
In winbindd_cache.c is some code calles "paranoia check". If the key conatains "UA/" then the max_key_len=1024 is multiplied by 1024. What are UA keys and why are they allowed to be longer than my NDR key? Maybe we should it patch like this? if (strncmp("UA/", (const char *)kbuf.dptr, 3) == 0 || strncmp("NDR/", (const char *)kbuf.dptr, 4) == 0) { max_key_len = 1024 * 1024; }
Any ideas here? Log files still (3.6.20) contain al ot of winbindd/winbindd_cache.c:4059(cache_traverse_validate_fn) cache_traverse_validate_fn: key length too large: (4665) > (1024) messages.
Created attachment 10707 [details] log level = 10 all:10 full log when a user receive an access denied error even browsing a folder that he have permission to