[Samba] Locking/Timeout Problems

Thomas Werner werner at esmt.org
Fri Oct 1 12:25:27 GMT 2004


i forget to write, that the nscd daemon is allways crashing to a not
specified time and we have added:

*/1 * * * * rcnscd status >/dev/nul 2>&1 || rcnscd start >/dev/nul 2>&1

in the crontab till we found the bug or a solution.

we using sles8 on a siemens p250 with a storage unit. i dont know if the
trouble starts with last online updates from suse. is debian a solution? why
nscd crashing? i dont know...

regards tom


On 01.10.2004 14:13 Uhr, "Thomas Werner" <werner at esmt.org> wrote:

> hi,
> 
> we using samba3.0.7 with a ldap(tls). it works fine. no problems with dns
> (reverse) lookups etc. all 20  xp clients can logon fast into the samba
> machine and access all shares.
> 
> the problem since 3 weeks is, that after a while all shares freeze for 10-20
> seconds in a user session and the user have to wait to continue. not all
> user at the time. the user get no response from explorer, the computer
> freezes. the only change is, that we installed 5-10 clients.
> 
> it looks like that sometimes users waiting for samba freeing resources or
> something like that, but it's not truth, because in the samba log there are
> no activities for that session. if the machine get the share's content, the
> samba is starting with logging and the user can continue with work. what the
> hell is xp doing in that case? or is samba wating for ldap? but the ldap
> responses queries all the time without any problems. samba is a big machine
> with 2gig ram, 0,5tg raid5 etc. and has enough reserves.
> 
> and the next problem is, that after freezing outlook looses the connection
> to the pst file on home drive. with restarting outlook the pst is locked.
> after 6 reboots or waiting 10 minutes outlook can access the file. when is
> samba releasing the read/write lock for files with lost connections?
> 
> 27757  DENY_WRITE 0x2019f     RDWR       NONE
> /media/array/home/mess/Outlook.pst
> 
> we install etheral on samba and xp client. we found out the samba is missing
> the guest account or cannot find some files etc. trying every configuration
> tweaks, we downgraded to samba 3.05... at the end we doesnt found a
> solution, frustrating. the user are irritated. my boss is pissed off.
> 
> have someone an idea. it will be great. i dont want replace samba with a
> windose machine to fix the problem :(
> 
> cheers tom
> 
> our current running smb.conf/attempt:
> 
> [global]
>      ;; debugging support
>      ;debug level = 9
>      ;debug hires timestamp = Yes
> 
>      ; basic server settings
>      netbios name = PDC2
> ;     netbios aliases = PFS2 PPS2
>      server string = ESMT Server
>      workgroup = ESMT-BERLIN
>      announce version = 5.0
>      announce as = Windows 2000 Enterprise Server
>      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
>      ; socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> 
>      ; user and machine account backends
>      passdb backend = ldapsam:"ldap://ldap1.campus.esmt.org" guest
>      ; name resolve order = host lmhosts wins bcast
> 
>      ; should act as the domain and local master browser
>      os level = 64
>      preferred master = yes
>      domain master = yes
>      local master = yes
> 
>      ; security settings
>      security = user
> 
>      ; necessary for domain controller
>      encrypt passwords = yes
> 
>      ; support domain logons
>      domain logons = yes
>      
>      ; user's home and profile directory
>      logon drive = H:
>      logon home = \\PDC2\%U
>      logon path = \\PDC2\profile$\%U
> 
>      ; ldap related stuff
>      ldap suffix = o=berlin,dc=esmt,dc=org
>      ldap admin dn = cn=manager,ou=samba,o=berlin,dc=esmt,dc=org
>      ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"
>      ldap ssl = start tls
>      #ldap ssl = yes
>      #ldap ssl = no
>      ldap delete dn = no
>      ldap user suffix = ou=users
>      ldap machine suffix = ou=samba
>      ; ldap trust ids = yes
>      
>      ; sync samba with unix password
>      ; unix password sync = yes
>      ; passwd program = /usr/local/sbin/ldapsync.pl -o %u
>      ; passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *modifying* 
>      ; passwd chat debug = yes
>      ldap passwd sync = yes
> 
>      ; idmap backend = ldap:ldap://192.168.52.31
>      ; ldap idmap suffix = ou=samba,o=munich,dc=esmt,dc=org
>      ; idmap uid = 10000-20000
>      ; idmap gid = 10000-20000
> 
>      ; wins server
>      wins support = yes
>      remote announce = 192.168.52.23/ESMT-MUNICH
>         remote browse sync = 192.168.52.23
>      ; wins support = yes
>      ; wins server = 192.168.90.33 192.168.52.23
>      ; dns proxy = no
> 
>      ; using interface protection
>      interfaces = eth0 lo
>      bind interfaces only = yes
> 
>      ; fs related stuff
>      hide dot files = yes
> 
>      ; auto-disconnection
>      root postexec = echo -e "[%T] auto-disconnection\n  %u disconnected
> from %S from %m (%I)" >> /usr/local/samba/var/log.smbd
>      deadtime = 0
> 
>      ; limitations
>      max log size = 200000
>      max connections = 0
>      max smbd processes = 0
> 
>      ; time server
>      time server = yes
> 
>      ; Listen for SMB traffic only on port 139. This may help avoid
>          ; lost connection issues under Windows XP.
>          smb ports = 139
> 
> ; using a ipc share deny
> [ipc$]
>      hosts allow = 0.0.0.0/0
> ;     hosts allow = 192.168.80.0/24 192.168.52.0/24 192.168.16.0/24
> 127.0.0.1
>      
>      ; hosts allow = 192.168.80. EXCEPT 192.168.80.10
> ;     hosts deny = 0.0.0.0/0
>      
>      ; hosts deny = localhost 0.0.0.0/0
>      path = /var/tmp
> 
> ; necessary share for domain controller
> [netlogon]
> 
>      path = /media/array/netlogon
>      guest ok = yes
>      read only = yes
>      write list = ntadmin
>      browseable = no
> 
> ; share for storing user profises
> [profile$]
> 
>        comment = Profile Data
>      path = /media/array/profile
>         read only = no
>        create mask = 0660
>         directory mask = 0770
>      profile acls = yes
>       ; oplocks = no
>      ; level2 oplocks = no
>      ; this stops w2k fucking up it's logon
>         veto oplock files = /prf*.tmp/
>        ; veto files = /prf*.tmp/
>      ; delete veto files = yes
>      csc policy = disable
>      ; next line allows administrator to access all profiles
>      force group = admins
>      valid users = %U @"Domain Admins"
> 
> ; share for global system data
> [system$]
> 
>        comment = Global System Data
>         path = /media/array/system
>         browseable = no
>        read only = no
>         create mode = 0700
>      directory mask = 0700
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> 
> ; share for netboot
> [netmc$]
> 
>        comment = NetMC Administrative Share
>         path = /media/array/netmc
>         browseable = no
>        read only = no
>         create mode = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> [it$]
>        comment = IT Department Administrative Share
>        path = /media/array/admin
>         browseable = no
>        read only = no
>         create mode = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
> 
> ; home directories
> [homes]
> 
>        comment = Home Directory
>         path = /media/array/home/%U
>         browseable = no
>        read only = no
>         create mode = 0770
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>         veto files = /test.tmp/
>      delete veto files = yes
>      ; next line allows administrator to access all homes
>      force group = admins
>      valid users = %U @"Domain Admins"
> 
> ; share all printers
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      browseable = no
>      ; Set public = yes to allow user 'guest account' to print
>      guest ok = no
>      writable = yes
>      printable = yes
>      create mode = 0700
>      write list = root, @"Domain Admins"
> 
> ; share printer driver
> [print$]
>      comment = Printer Driver Download Area
>      path = /media/array/drivers
>      browseable = yes
>      guest ok = yes
>      read only = yes
>      write list = root, @"Domain Admins"
> 
> ; public share
> [public]
> 
>      path = /media/array/public
>      browseable = yes
>      guest ok = yes
>      read only = no
>      create mask = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> ; sysvol share
> [SYSVOL]
> 
>      path = /media/array/sysvol
>      browseable = yes
>      guest ok = yes
>      read only = yes
>      create mask = 0760
>      directory mask = 0770
>       oplocks = no
>      level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>  
> 
> 
> 
> 

Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
Webmaster / Network Administrator
ESMT European School of Management and Technology GmbH
Schlossplatz 1
D-10178 Berlin 
Germany 

Tel: +49 (0)30 21231 - 1085
Fax: +49 (0)30 21231 - 9
E-mail: werner at esmt.org
Web: http://www.esmt.org





More information about the samba mailing list