[Samba] Samba 3.0 beta 3 issues

Paul Eggleton paule at cjntech.co.nz
Wed Jul 23 21:39:40 GMT 2003


Hi there,

I'm using Samba 3.0 beta 3 on RH 9 (connecting to a Windows 2000 domain,
as a member server) and I'm having trouble keeping samba running
reliably. At random times it seems to stop recognising names from the
domain. Restarting winbind fixes the problem, but then it occurs
randomly again, usually once or twice a day. At least once it has fixed
itself after being broken overnight without any intervention on our
part. During the failure the logs fill up with errors claiming that
users from the domain (who are trying to access the server) don't exist.

I am getting some unusual entries in the logs (this one from smbd):

[2003/07/22 09:20:44, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2003/07/22 09:20:44, 3] smbd/connection.c:yield_connection(76)
  yield_connection: tdb_delete for name  failed with error Record does
not exist .

A few more (from winbind) - these are repeated many times:

[2003/07/24 03:56:00, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(243)
  [31986]: request location of privileged pipe
[2003/07/24 03:56:00, 3]
nsswitch/winbindd_group.c:winbindd_getgrgid(338)
  [31986]: getgrgid 10007
[2003/07/24 03:56:00, 3]
nsswitch/winbindd_group.c:winbindd_getgrgid(338)
  [31986]: getgrgid 10045
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name Clubmate Hosting group - Fozzy isn't a domain user
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name DB Solutions isn't a domain user
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name AIM User Group isn't a domain user
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name Clubmate Hosting group isn't a domain user
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name RAMM User group isn't a domain user
[2003/07/24 03:56:00, 3] nsswitch/winbindd_group.c:fill_grent_mem(155)
  name RAMM User group gonzo isn't a domain user
[2003/07/24 03:56:00, 3]
nsswitch/winbindd_group.c:winbindd_getgrgid(338)
  [31986]: getgrgid 10007
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:sid_to_name(341)
  ads: sid_to_name
[2003/07/24 03:56:00, 3] libads/ads_ldap.c:ads_sid_to_name(144)
  ads sid_to_name mapped Domain Users
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
[2003/07/24 03:56:00, 3] nsswitch/winbindd_ads.c:dn_lookup(370)
  ads: dn_lookup
(continues with "dn_lookup" about another hundred times)

All of the groups mentioned ("AIM User Group" etc.) are valid groups in
our domain.

Some more winbind errors from the other day when the server failed:

[2003/07/21 11:06:00, 1]
nsswitch/winbindd_util.c:rescan_trusted_domains(167)
  scanning trusted domain list
[2003/07/21 11:10:00, 1] libads/ldap_utils.c:ads_do_search_retry(76)
  ads reopen failed after error Success
[2003/07/21 11:10:00, 1] libads/ads_ldap.c:ads_name_to_sid(64)
  name_to_sid: root not found
[2003/07/21 11:10:00, 1]
nsswitch/winbindd_group.c:winbindd_getgroups(947)
  user 'root' does not exist
[2003/07/21 11:10:59, 1] libads/ldap_utils.c:ads_do_search_retry(76)
  ads reopen failed after error Success
[2003/07/21 11:10:59, 1] libads/ads_ldap.c:ads_name_to_sid(64)
  name_to_sid: indra not found
[2003/07/21 11:10:59, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(147)
  user 'indra' does not exist
[2003/07/21 11:10:59, 1] libads/ldap_utils.c:ads_do_search_retry(76)
  ads reopen failed after error Success
[2003/07/21 11:10:59, 1] libads/ads_ldap.c:ads_name_to_sid(64)
  name_to_sid: indra not found

"indra" is a valid user on our system. The errors continue after this
point complaining that other valid domain users who are trying to access
the server don't exist.

Next time it fails I will get a level 3 log of the incident (the last
few times, the log of the time immediately before the error got lost as
the logs filled up too quickly - I have since increased the log size).
In the mean time, if anyone knows what is going wrong here, please let
me know!

Cheers,
Paul


---------------------------------------------------------
Paul Eggleton                  Ph:    +64-9-4154790
Software Developer             Fax:   +64-9-4154791
CJN Technologies Ltd.          DDI:   +64-9-4154795
http://www.cjntech.co.nz       Email: paule at cjntech.co.nz
--------------------------------------------------------- 



More information about the samba mailing list