[Samba] samba shares fail after active directory reboot

Jack Downes jax at nwmt.us
Mon Jan 17 11:20:41 MST 2011 

Hong K Phooey wrote:
> We have a samba server that uses active directory security.  We have three active directory servers and use a dfs namespace (test.local) to encompass those three servers.  We currently are using password server = TEST.local, but have had all three AD servers listed, but it has not helped.
>
> Whenever ANY of those servers go down for maintenance, the samba shares do not come up and restarting the winbind and smb services does not seem to help.  We have to reboot the linux box for the shares to show up again.
>
> Should samba not try to query one of the other two servers when one is down?  It does not appear to do so, or we have failed to modify a setting that will allow that.
>
> Any assistance with this issue would be appreciated.
>
> Here are the log entries for the failure:
>
> [2011/01/15 11:19:28,  1] smbd/sesssetup.c:464(reply_spnego_kerberos)
>   Username TEST\sql-svc-agent-prod is invalid on this system
> [2011/01/15 11:19:28,  0] lib/util_sock.c:738(write_data)
> [2011/01/15 11:19:28,  0] lib/util_sock.c:1491(get_peer_addr_internal)
>   getpeername failed. Error was Transport endpoint is not connected
>   write_data: write failure in writing to client 0.0.0.0. Error Broken pipe
> [2011/01/15 11:19:28,  0] smbd/process.c:62(srv_send_smb)
>   Error writing 39 bytes to client. -1. (Transport endpoint is not connected)
>
> PDC: windows 2008 R2
> Samba: 3.4.7 on ubuntu 10.4
>
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
> Processing section "[printers]"
> Processing section "[print$]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = TEST
>         realm = TEST.LOCAL
>         server string = %h server (Samba, Ubuntu)
>         security = ADS
>         map to guest = Bad User
>         obey pam restrictions = Yes
>         password server = TEST.local
>         pam password change = Yes
>         passwd program = /usr/bin/passwd %u
>         passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>         unix password sync = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 1000
>         machine password timeout = 0
>         domain master = No
>         dns proxy = No
>         usershare allow guests = Yes
>         panic action = /usr/share/samba/panic-action %d
>         idmap uid = 500-10000000
>         idmap gid = 500-10000000
>         template shell = /bin/bash
>         winbind refresh tickets = Yes
>         create mask = 0664
>         hosts deny = 172.17.4.0/255.255.255.0, 172.19.4.0/255.255.255.0
>
> [printers]
>         comment = All Printers
>         path = /var/spool/samba
>         create mask = 0700
>         printable = Yes
>         browseable = No
>         browsable = No
>
> [print$]
>         comment = Printer Drivers
>         path = /var/lib/samba/printers
>   
I don't have this issue. It looks like you are aiming at producing a
printserver. I'm going to show you my working config. it seems to
survive reboots of the ADS machines fine. We don't reboot often, but,
it's a non-issue so far.
I do have a significant problem with my config though. when adding
printers (not drivers, just the printers part) via the APW (windows
client side), I get an Access Denied error the first time I click. If I
dismiss that error, wait 5-10 seconds, and click again, the printer will
install correctly. Please let me know if you too run into this.

If I were you, I'd pick out stuff that looks like it might be useful and
place it into the new config rather than copy pasting. You'll notice
there is a difference in where we put the [print$] directory anyway.
Anyway, hope this helps, and if you don't have that problem.. please,
please copy me your working smb.conf back.


Here's my smb.conf for comparison:
[global]
display charset = UTF-8
workgroup = KRH
realm = KRH.INT
server string = Samba Server
security = ADS
password server = kal-dc3.krh.int, kal-dc4.krh.int, kal-dc2.krh.int, *
ntlm auth = No
client NTLMv2 auth = Yes
syslog = 0
log level= 3
log file = /var/log/samba/log.%m
debug prefix timestamp = Yes
max protocol = SMB2
unix extensions = No
max open files = 20000
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
hostname lookups = Yes
printcap name = /usr/local/etc/printcap
addprinter command = /usr/local/sbin/smbaddprinter.pl
deleteprinter command = /usr/local/sbin/smbdelprinter.pl
local master = No
domain master = No
dns proxy = No
wins server = 10.6.1.21
utmp = Yes
host msdfs = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind cache time = 300
winbind use default domain = Yes
winbind refresh tickets = Yes
cups options = raw
force printername = Yes
wide links = Yes

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[print$]
comment = Where the printer drivers are kept
path = /home/printserver/drivers
write list = root, jax, KRH\jdown
force user = printserver
force group = printserver
create mask = 0666
security mask = 0666
directory mask = 0777

More information about the samba mailing list