[Samba] Samba crashes and domain problems

Stephen Mulcahy smulcahy at bmr.ie
Thu Aug 7 11:58:31 GMT 2008 

Hi,

I have inherited a Samba PDC running on SuSE Linux Enterprise Server 10.1 
(the Samba version is 3.0.24-2.23-1296-SUSE-CODE10).

The server has been giving problems for a few weeks including the following 
symptoms:

1. Users accessing a share are experiencing intermittent problems writing to 
the share (Excel tells them the file they are trying to write is read-only).
2. when I try to add a domain account to a Workstations that is a member of 
the domain - it succeeds, but subsequently fails to allow me to login with 
those credentials.
3. Samba is logging intermittent errors and dumping core e.g.

Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/fault.c:fault_report(41)
Aug  7 12:26:54 XXXXX smbd[23462]:   
===============================================================
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/fault.c:fault_report(42)
Aug  7 12:26:54 XXXXX smbd[23462]:   INTERNAL ERROR: Signal 6 in pid 23462 
(3.0.24-2.23-1296-SUSE-CODE10)
Aug  7 12:26:54 XXXXX smbd[23462]:   Please read the Trouble-Shooting 
section of the Samba3-HOWTO
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/fault.c:fault_report(44)
Aug  7 12:26:54 XXXXX smbd[23462]:
Aug  7 12:26:54 XXXXX smbd[23462]:   From: 
http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/fault.c:fault_report(45)
Aug  7 12:26:54 XXXXX smbd[23462]:   
===============================================================
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/util.c:smb_panic(1599)
Aug  7 12:26:54 XXXXX smbd[23462]:   PANIC (pid 23462): internal error
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/util.c:log_stack_trace(1706)
Aug  7 12:26:54 XXXXX smbd[23462]:   BACKTRACE: 24 stack frames:
Aug  7 12:26:54 XXXXX smbd[23462]:    #0 
/usr/sbin/smbd(log_stack_trace+0x1c) [0x55555575482c]
Aug  7 12:26:54 XXXXX smbd[23462]:    #1 /usr/sbin/smbd(smb_panic+0x43) 
[0x555555754913]
Aug  7 12:26:54 XXXXX smbd[23462]:    #2 /usr/sbin/smbd [0x555555742bf2]
Aug  7 12:26:54 XXXXX smbd[23462]:    #3 /lib64/libc.so.6 [0x2b6533045c10]
Aug  7 12:26:54 XXXXX smbd[23462]:    #4 /lib64/libc.so.6(gsignal+0x35) 
[0x2b6533045b95]
Aug  7 12:26:54 XXXXX smbd[23462]:    #5 /lib64/libc.so.6(abort+0x110) 
[0x2b6533046f90]
Aug  7 12:26:54 XXXXX smbd[23462]:    #6 /usr/sbin/smbd [0x5555557598f9]
Aug  7 12:26:54 XXXXX smbd[23462]:    #7 /usr/sbin/smbd(talloc_steal+0x35) 
[0x555555759aa5]
Aug  7 12:26:54 XXXXX smbd[23462]:    #8 /usr/sbin/smbd(lookup_sids+0x341) 
[0x555555719c41]
Aug  7 12:26:54 XXXXX smbd[23462]:    #9 /usr/sbin/smbd [0x555555667a5f]
Aug  7 12:26:54 XXXXX smbd[23462]:    #10 
/usr/sbin/smbd(_lsa_lookup_sids+0x129) [0x555555668179]
Aug  7 12:26:54 XXXXX smbd[23462]:    #11 /usr/sbin/smbd [0x55555566238e]
Aug  7 12:26:54 XXXXX smbd[23462]:    #12 /usr/sbin/smbd(api_rpcTNP+0x16d) 
[0x5555556b68cd]
Aug  7 12:26:54 XXXXX smbd[23462]:    #13 
/usr/sbin/smbd(api_pipe_request+0x168) [0x5555556b6e08]
Aug  7 12:26:54 XXXXX smbd[23462]:    #14 /usr/sbin/smbd [0x5555556b21d6]
Aug  7 12:26:54 XXXXX smbd[23462]:    #15 /usr/sbin/smbd [0x5555556b266d]
Aug  7 12:26:54 XXXXX smbd[23462]:    #16 /usr/sbin/smbd [0x5555555caaf3]
Aug  7 12:26:54 XXXXX smbd[23462]:    #17 /usr/sbin/smbd [0x5555555caed2]
Aug  7 12:26:54 XXXXX smbd[23462]:    #18 /usr/sbin/smbd(reply_trans+0x650) 
[0x5555555cb7f0]
Aug  7 12:26:54 XXXXX smbd[23462]:    #19 /usr/sbin/smbd [0x555555618312]
Aug  7 12:26:54 XXXXX smbd[23462]:    #20 /usr/sbin/smbd(smbd_process+0x720) 
[0x5555556192f0]
Aug  7 12:26:54 XXXXX smbd[23462]:    #21 /usr/sbin/smbd(main+0xa0b) 
[0x5555557e8beb]
Aug  7 12:26:54 XXXXX smbd[23462]:    #22 
/lib64/libc.so.6(__libc_start_main+0xf4) [0x2b6533033154]
Aug  7 12:26:54 XXXXX smbd[23462]:    #23 /usr/sbin/smbd [0x5555555b25c9]
Aug  7 12:26:54 XXXXX smbd[23462]: [2008/08/07 12:26:54, 0] 
lib/fault.c:dump_core(180)
Aug  7 12:26:54 XXXXX smbd[23462]:   dumping core in 
/var/log/samba/cores/smbd
Aug  7 12:26:54 XXXXX smbd[23462]:


In a bid to fix these problems, I've been working through the Samba 
Troubleshooting HOWTO and various other resources but I'm not even sure what 
the problem is.

As I said, I inherited this system recently so I'm not sure how it was 
originally configured or what quirks exist in the config. Running testparm 
doesn't shed any errors (output below)

# testparm
Load smb config files from /etc/samba/smb.conf
WARNING: The "acl group control" option is deprecated
Processing section "[homes]"
Processing section "[users]"
Processing section "[groups]"
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

[global]
    workgroup = YYYYY 
    server string = XXXX 
    passdb backend = ldapsam:ldap://localhost
    guest account = guest
    add machine script = /usr/sbin/useradd  -c Machine -d /home/temp -s 
/bin/false %m$
    logon script = logon.bat
    logon path = 
    logon home = 
    domain logons = Yes
    os level = 65
    preferred master = Yes
    domain master = Yes
    wins support = Yes
    ldap admin dn = cn=admin,dc=xxx,dc=zzz
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Idmap
    ldap machine suffix = ou=People
    ldap suffix = dc=bmr,dc=ie
    ldap ssl = no
    ldap user suffix = ou=People
    usershare allow guests = Yes
    usershare max shares = 100
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    admin users = administrator, root
    acl group control = Yes
    create mask = 0770
    force create mode = 0770
    directory mask = 0770
    directory security mask = 0770

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    read only = No
    inherit acls = Yes
    browseable = No

[users]
    comment = All users
    path = /home
    read only = No
    inherit acls = Yes
    veto files = /aquota.user/groups/shares/

[groups]
    comment = All groups
    path = /home/groups
    read only = No
    inherit acls = Yes

[netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    write list = user

The system was originally used an smbpasswd backend, in a bid to solve these 
problems I've migrated it to LDAP but it doesn't seem to have made any 
difference.

Am I missing something obvious here? Ideally, I'd reinstall Samba from 
scratch on this system but it is a production server in active use and there 
is no backup so I'm reluctant to do anything too drastic.

I did notice an earlier problem with the SID as follows,

GALLX2:~ # net getdomainsid
SID for domain SERVER is: S-1-5-21-860234368-2443234672-3268433367
SID for domain DOMAIN is: S-1-5-21-2621714563-1870540207-2549702314

I fixed this by shutting down Samba and resetting SERVER's SID to 
S-1-5-21-2621714563-1870540207-2549702314 (and removed secrets.tdb for good 
measure). Again, this didn't seem to make things any better (or worse).

Thanks,

-stephen


**********************************
CONFIDENTIALITY WARNING: The contents of this e-mail and any attachment are
the property of Bio-Medical Research Ltd ("BMR") and intended for the
addressee only. Any reader of this message who is not the intended
recipient, or an employee/agent responsible for delivering to the intended
recipient, is notified that any dissemination, distribution or copying of
this communication is strictly prohibited. If you receive this communication
in error please notify us immediately and delete all copies from your
computer system. Subsequent alterations to this electronic message after its
transmission will be disregarded.

VIRUS WARNING: You are requested to carry out your own virus check before
opening any attachment. BMR accepts no liability for any loss or damage
which may be caused by software viruses.

More information about the samba mailing list