[Samba] winbind trouble under load?
Samba Samba /pers
samba at skola.skelleftea.se
Tue Oct 1 12:13:00 GMT 2002
We have a large W2K domain with numerous terminalservers at the local
sites. Those sites also have a linux-2.2.20 server with samba-2.2.5.
The samba is used to store the profiles for both the terminalservers
and for the windows 2000/xp clients.
I use winbind and have joined the server to the domain without problem. I
can set rights on directories and so on. However from time to time when the
users login to the W2K terminalserver they get a popup-message:
"
Windows cant locate your roaming profile and is attempting to log you on
with your local profile. Changes to the profile will not be propagated to
the server.
DETAIL - The specified network password is not correct.
"
However since the user can login there is nothing wrong with their
password. One of
my teories is that there is something wrong when samba tries to auth the
user to
the W2K domain. Either it has lost the connection (and can't reconnect
automatically)
or there is some other error. The user does get a logon but are of course
missing their
profiles and such. Since this is a school environment the users login much
at the same
time and another idea I have is that the problem seems to show up when
many users
login at the same time.
I have tried both samba-2.2.5 and currently samba-2.2.6cvs (020926). The
problem still persists. This is leading me to the maillist in search for
an answer.
I have disable the "winbind enum user/groups" since if I enable them
winbind goes
into a nonresponsive state, probably due to that we have 10K users and
more.
Im also testing to let samba create the users profile directory but that
didn't effect
the problem.
Samba also seems to loose the ability to lookup the users name in the
domain and display the
as this:
drwx------ 4 10283 SKOLA\Do 4096 Aug 22 23:30 dla0826
instead of:
drwx------ 4 SKOLA\dla0826 SKOLA\Do 4096 Aug 22 23:30 dla0826
I have enclosed all my logs and the configuration.
This is turning into a major problem with the users and if I cant get this
fixed then my only other option is to move the profiles back to the
windows2000 fileservers. However that option would leave me with needing
to transfer the profiles over the WAN to the users site.
smb.conf (from testparm)
root at ka-proxy /var/log/samba# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[tftp$]"
Processing section "[installZone]"
Processing section "[profiler$]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[datasal]"
No path in service datasal - using /tmp
Processing section "[bravo]"
No path in service bravo - using /tmp
Processing section "[media]"
No path in service media - using /tmp
Processing section "[axet]"
No path in service axet - using /tmp
Processing section "[orion]"
No path in service orion - using /tmp
Loaded services file OK.
WARNING: You have some share names that are longer than 8 chars
These may give errors while browsing or may not be accessible
to some older clients
Press enter to see a dump of your service definitions
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /etc/samba/codepages
workgroup = SKOLA
netbios name =
netbios aliases =
netbios scope =
server string = Trustix Samba Server
interfaces = br0
bind interfaces only = No
security = DOMAIN
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
ssl = No
ssl hosts =
ssl hosts resign =
ssl CA certDir =
ssl CA certFile =
ssl server cert =
ssl server key =
ssl client cert =
ssl client key =
ssl egd socket =
ssl entropy file =
ssl entropy bytes = 256
ssl require clientcert = No
ssl require servercert = No
ssl ciphers =
ssl version = ssl2or3
ssl compatibility = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%I
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = wins host lmhosts bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = No
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 32
lm announce = Auto
lm interval = 60
preferred master = True
local master = Yes
domain master = False
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server = 193.180.x.z
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
pid directory = /var/run
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
winbind uid = 10000-40000
winbind gid = 10000-40000
template homedir = /dev/null
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin = @"SKOLA\Support",@"SKOLA\Administrators"
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
[profiler$]
path = /samba/profiler
valid users = @"SKOLA\KA Personal", @"SKOLA\KA Elev", @"SKOLA\KA Diverse"
admin users = @"SKOLA\Domain Admins"
read only = No
directory mask = 0700
browseable = No
exec = /usr/local/bin/crehome.sh %U
-----------------
/usr/local/bin/crehome.sh
#!/bin/sh
# 1.0.1 (2002-09-23)
SMBUSER=$1
if [ ! -d /samba/profiler/$SMBUSER ]; then
echo creating $SMBUSER >> /tmp/crehome.txt
mkdir /samba/profiler/$SMBUSER >> /tmp/crehome.txt
mkdir /samba/profiler/$SMBUSER/nt >> /tmp/crehome.txt
mkdir /samba/profiler/$SMBUSER/ts >> /tmp/crehome.txt
chgrp -R "SKOLA\Domain Users" /samba/profiler/$SMBUSER >>
/tmp/crehome.txt
chmod 700 /samba/profiler/$SMBUSER >> /tmp/crehome.txt
echo "-----------------" >> /tmp/crehome.txt
fi
-----------------
Error on terminalserver:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2002-10-01
Time: 09:26:03
User: SKOLA\llu0731
Computer: KA-WTS01
Description:
Windows cannot locate your roaming profile and is attempting to log you on
with your local profile. Changes to the profile will not be propagated to
the server.
DETAIL - The specified network password is not correct.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 2002-10-01
Time: 09:26:04
User: NT AUTHORITY\SYSTEM
Computer: KA-WTS01
Description:
Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you
log off.
....
"The specified network password is not correct" is however bullshit.
-------------------
Error on W2K DC
Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2006
Date: 2002-09-30
Time: 12:28:58
User: N/A
Computer: DC01
Description:
The server received an incorrectly formatted request from \\193.180.x.y
Data:
0000: 00 00 34 00 02 00 7c 00 ..4...|.
0008: 00 00 00 00 d6 07 00 c0 ....Ö..À
0010: 00 00 00 00 01 20 98 c0 ..... ?À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: b3 06 00 00 ff 53 4d 42 ³...ÿSMB
0030: 25 00 00 00 00 08 01 c0 %......À
0038: 00 00 00 00 00 00 00 00 ........
0040: 00 00 00 00 00 d0 6d 38 .....Ðm8
0048: 02 50 01 00 10 00 00 48 .P.....H
0050: 00 00 00 48 00 00 00 00 ...H....
0058: 00 00 00 00 ....
-------------------
/var/log/samba/log.winbind (earlier errors not related in time to the
login troubles)
[2002/09/30 01:01:31, 0] lib/util_sock.c:read_socket_with_timeout(300)
read_socket_with_timeout: timeout read. read error = Connection reset by
peer.
[2002/09/30 01:01:31, 0] rpc_client/cli_pipe.c:rpc_api_pipe(359)
cli_pipe: return critical error. Error was SUCCESS - 0
[2002/09/30 01:25:31, 0] lib/util_sock.c:read_socket_with_timeout(300)
read_socket_with_timeout: timeout read. read error = Connection reset by
peer.
[2002/09/30 01:25:31, 0] rpc_client/cli_pipe.c:rpc_api_pipe(359)
cli_pipe: return critical error. Error was SUCCESS - 0
[2002/09/30 07:51:59, 0] lib/util_sock.c:read_socket_with_timeout(300)
read_socket_with_timeout: timeout read. read error = Connection reset by
peer.
[2002/09/30 07:51:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(359)
cli_pipe: return critical error. Error was SUCCESS - 0
-------------------
/var/log/samba/log.193.180.x.y (the terminalserver)
[2002/10/01 13:21:50, 0] smbd/sec_ctx.c:initialise_groups(244)
Unable to initgroups. Error was Input/output error
The logs are full of those message. However I think the are due to
the fact that I have winbind enum groups = no in /etc/samba/smb.conf
-------------------
Any log i missed?
=====================================================
Janåke Rönnblom
SKERIA Utveckling AB (Teknous)
Assistentgatan 23
931 77 Skelleftea (Sweden)
-----------------------------------------------------
Phone : +46-910-585424
Mobile : 070-3970743
Fax : +46-910-585499
URL : http://skeria.skelleftea.se
-----------------------------------------------------
More information about the samba
mailing list