[Samba] Problems with "nobody" processes in Samba 3.0.4

Matt Wright matt at consultmatt.co.uk
Wed Jun 23 00:57:31 GMT 2004 

Hi,

Hopefully someone can help me with this because its driving me up the 
wall. I admin a Samba PDC which authenticates through an LDAP backend. 
Both the samba server and pam authenticate through the entries in the 
LDAP database.

I recently upgraded to 3.0.4 to combat the M$ hotfix that destroyed 
password changing. Since then things have been squiffy. All runs fine 
(apart from a grouping problem that I shall describe later) until a 
rogue samba thread appears which is owned by "nobody".

   PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
  2639 root      20   0 13844 3832   804 S    40.8  1.5  4317m   0 slapd
  7889 nobody    15   0  1528  492   372 S     4.9  0.1  76:19   0 smbd

This particular top output is probably a bad example because the nightly 
backups are running at the same time. However the exhaustion of slapd as 
shown above occurs at the same time as this "nobody" thread appears. 
When the backup is not running the smbd thread usually hits about 40% 
CPU as well leading to a very congested fileserver. At this point the 
network slows to a crawl, killing these processes stops the slapd cpu 
usage but seems then to corrupt peoples smb sessions which seems to 
suggest the process is actually associated with a user.

In trying to track down this bug I've rearranged the entire ldap tree; 
we used to have an "ou=smb" tree for all samba classes and "ou=People" 
and "ou=Group" trees for all the posix classes. These have ow been 
rearranged so that ou=People,ou=Computers and ou=Group exist with both 
their posix and samba attributes in each respective tree.

I would really, really appriciate any help that you people can give. 
I've had success tracking down samba problems in the past but this one 
has me.

----------

One other problem which has confused me also exists. Now I don't know if 
this is related to the above or not (hence the line). We map the unix 
group "users" to "Domain Users" in windows. The correct entry in 
"ou=Group" exists

dn: cn=users,ou=Group,dc=kwltd,dc=com
sambaSID: S-1-5-21-661346169-342852810-2564848181-513
gidNumber: 100
displayName: Domain Users
description: Domain Users
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: users
sambaGroupType: 2
memberUid: root,test1645,test2
memberUid: test2711
memberUid: mwright
memberUid: solitaire$
    .
    .

Such that if you run:

[root at austin root]# id mwright
uid=1016(mwright) gid=1000(smbadmin) groups=1000(smbadmin),100(users)
[root at austin root]#

I am clearly a member of the users group, however I do not show up in 
the Domain Users group in USRMGR. Further if I attempt to add myself I'm 
told I'm already in the group. Any ideas on this one??

Regards,

Matt Wright
Matt Wright Consulting
matt at consultmatt.co.uk

(Bcc: Phil Cooper)

More information about the samba mailing list