[Samba] Locking/Timeout Problems
Thomas Werner
werner at esmt.org
Fri Oct 1 12:13:10 GMT 2004
hi,
we using samba3.0.7 with a ldap(tls). it works fine. no problems with dns
(reverse) lookups etc. all 20 xp clients can logon fast into the samba
machine and access all shares.
the problem since 3 weeks is, that after a while all shares freeze for 10-20
seconds in a user session and the user have to wait to continue. not all
user at the time. the user get no response from explorer, the computer
freezes. the only change is, that we installed 5-10 clients.
it looks like that sometimes users waiting for samba freeing resources or
something like that, but it's not truth, because in the samba log there are
no activities for that session. if the machine get the share's content, the
samba is starting with logging and the user can continue with work. what the
hell is xp doing in that case? or is samba wating for ldap? but the ldap
responses queries all the time without any problems. samba is a big machine
with 2gig ram, 0,5tg raid5 etc. and has enough reserves.
and the next problem is, that after freezing outlook looses the connection
to the pst file on home drive. with restarting outlook the pst is locked.
after 6 reboots or waiting 10 minutes outlook can access the file. when is
samba releasing the read/write lock for files with lost connections?
27757 DENY_WRITE 0x2019f RDWR NONE
/media/array/home/mess/Outlook.pst
we install etheral on samba and xp client. we found out the samba is missing
the guest account or cannot find some files etc. trying every configuration
tweaks, we downgraded to samba 3.05... at the end we doesnt found a
solution, frustrating. the user are irritated. my boss is pissed off.
have someone an idea. it will be great. i dont want replace samba with a
windose machine to fix the problem :(
cheers tom
our current running smb.conf/attempt:
[global]
;; debugging support
;debug level = 9
;debug hires timestamp = Yes
; basic server settings
netbios name = PDC2
; netbios aliases = PFS2 PPS2
server string = ESMT Server
workgroup = ESMT-BERLIN
announce version = 5.0
announce as = Windows 2000 Enterprise Server
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
; socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
; user and machine account backends
passdb backend = ldapsam:"ldap://ldap1.campus.esmt.org" guest
; name resolve order = host lmhosts wins bcast
; should act as the domain and local master browser
os level = 64
preferred master = yes
domain master = yes
local master = yes
; security settings
security = user
; necessary for domain controller
encrypt passwords = yes
; support domain logons
domain logons = yes
; user's home and profile directory
logon drive = H:
logon home = \\PDC2\%U
logon path = \\PDC2\profile$\%U
; ldap related stuff
ldap suffix = o=berlin,dc=esmt,dc=org
ldap admin dn = cn=manager,ou=samba,o=berlin,dc=esmt,dc=org
ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"
ldap ssl = start tls
#ldap ssl = yes
#ldap ssl = no
ldap delete dn = no
ldap user suffix = ou=users
ldap machine suffix = ou=samba
; ldap trust ids = yes
; sync samba with unix password
; unix password sync = yes
; passwd program = /usr/local/sbin/ldapsync.pl -o %u
; passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
; passwd chat debug = yes
ldap passwd sync = yes
; idmap backend = ldap:ldap://192.168.52.31
; ldap idmap suffix = ou=samba,o=munich,dc=esmt,dc=org
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; wins server
wins support = yes
remote announce = 192.168.52.23/ESMT-MUNICH
remote browse sync = 192.168.52.23
; wins support = yes
; wins server = 192.168.90.33 192.168.52.23
; dns proxy = no
; using interface protection
interfaces = eth0 lo
bind interfaces only = yes
; fs related stuff
hide dot files = yes
; auto-disconnection
root postexec = echo -e "[%T] auto-disconnection\n %u disconnected
from %S from %m (%I)" >> /usr/local/samba/var/log.smbd
deadtime = 0
; limitations
max log size = 200000
max connections = 0
max smbd processes = 0
; time server
time server = yes
; Listen for SMB traffic only on port 139. This may help avoid
; lost connection issues under Windows XP.
smb ports = 139
; using a ipc share deny
[ipc$]
hosts allow = 0.0.0.0/0
; hosts allow = 192.168.80.0/24 192.168.52.0/24 192.168.16.0/24
127.0.0.1
; hosts allow = 192.168.80. EXCEPT 192.168.80.10
; hosts deny = 0.0.0.0/0
; hosts deny = localhost 0.0.0.0/0
path = /var/tmp
; necessary share for domain controller
[netlogon]
path = /media/array/netlogon
guest ok = yes
read only = yes
write list = ntadmin
browseable = no
; share for storing user profises
[profile$]
comment = Profile Data
path = /media/array/profile
read only = no
create mask = 0660
directory mask = 0770
profile acls = yes
; oplocks = no
; level2 oplocks = no
; this stops w2k fucking up it's logon
veto oplock files = /prf*.tmp/
; veto files = /prf*.tmp/
; delete veto files = yes
csc policy = disable
; next line allows administrator to access all profiles
force group = admins
valid users = %U @"Domain Admins"
; share for global system data
[system$]
comment = Global System Data
path = /media/array/system
browseable = no
read only = no
create mode = 0700
directory mask = 0700
; oplocks = no
; level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
; valid users = %U @"Domain Admins"
; share for netboot
[netmc$]
comment = NetMC Administrative Share
path = /media/array/netmc
browseable = no
read only = no
create mode = 0760
directory mask = 0770
; oplocks = no
; level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
; valid users = %U @"Domain Admins"
[it$]
comment = IT Department Administrative Share
path = /media/array/admin
browseable = no
read only = no
create mode = 0760
directory mask = 0770
; oplocks = no
; level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
; home directories
[homes]
comment = Home Directory
path = /media/array/home/%U
browseable = no
read only = no
create mode = 0770
directory mask = 0770
; oplocks = no
; level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
veto files = /test.tmp/
delete veto files = yes
; next line allows administrator to access all homes
force group = admins
valid users = %U @"Domain Admins"
; share all printers
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
; Set public = yes to allow user 'guest account' to print
guest ok = no
writable = yes
printable = yes
create mode = 0700
write list = root, @"Domain Admins"
; share printer driver
[print$]
comment = Printer Driver Download Area
path = /media/array/drivers
browseable = yes
guest ok = yes
read only = yes
write list = root, @"Domain Admins"
; public share
[public]
path = /media/array/public
browseable = yes
guest ok = yes
read only = no
create mask = 0760
directory mask = 0770
; oplocks = no
; level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
; valid users = %U @"Domain Admins"
; sysvol share
[SYSVOL]
path = /media/array/sysvol
browseable = yes
guest ok = yes
read only = yes
create mask = 0760
directory mask = 0770
oplocks = no
level2 oplocks = no
map system = yes
map hidden = yes
map archive = yes
More information about the samba
mailing list