[Samba] Urgent: problem with SAMBA+LDAP
Luiz Alfredo Baggiotto
luiz at pucrs.br
Sat Apr 23 04:50:35 GMT 2005
Greetings Experts!
Sorry for my poor english, but I´m inside of a terrible nightmare!!!
I´m using Samba+LDAP has about 2 months ago without problems, but in the last 4 hours, the system is absolutelly unstable. I couldn´t upgrade or patched anything. The problem simply has appeared.
Principally system characteristics:
- Sun Fire V880 running Solaris 9
- openldap-2.2.23
- nss_ldap-232
- pam_ldap-176
- samba-3.0.11 ==> samba-3.0.14a
Symptoms: the users couldn´t make login in Samba domain and the network for those that already connected were was very slow. SSH, NFS and Apache services were ok. The syslog said "nss_ldap: could not get LDAP result - Can't contact LDAP server".
I tried to reinitialize the daemons (samba and ldap) but the problem has persisted. After that, I rebooted the server, but it doesn´t solve the problem too. Then I was upgraded my samba (from 3.0.11 to 3.0.14a) and now is possible to make login and work normally, but as at the moment it has only one few users, I fear that in the Monday the problem can be happened again.
Please, PLEASE: somebody has some idea about as it can happen and as I could solve the problem, in case that it happens again? I´m really despaired. Any help is very appreciated!
My smb.conf is thus:
# Global parameters
[global]
workgroup = MY_DOMAIN
netbios name = ARRAKIS
server string = Server
security = USER
passdb backend = ldapsam:ldap://ldap.domain/
passwd program = /usr/local/sbin/smbldap-passwd -u %u
passwd chat = *password* %n\n *new*password* %n\n
passwd chat debug = Yes
encrypt passwords = Yes
log level = 3
max log size = 50000
load printers = No
kernel oplocks = No
utmp = yes
domain logons = Yes
domain master = Yes
use sendfile = no
keep alive = 60
smb ports = 445 139
wins server = 10.40.48.25
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
add group script = /usr/local/sbin/smbldap-groupadd "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
logon drive = h:
logon script = %U.bat
logon path = \\%N\profiles\%U
ldap server = ldap.domain
ldap port = 389
ldap suffix = dc=domain,dc=mine
ldap machine suffix = ou=Computers
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap admin dn = cn=Administrator,dc=domain,dc=min
ldap passwd sync = Yes
ldap delete dn = Yes
I was compiled the softs with these options:
OpenLDAP: ./configure --with-tls \
--disable-wrappers \
--enable-crypt \
--enable-bdb \
--enable-ldbm \
--enable-spasswd \
--with-cyrus-sasl \
--enable-slapd \
--enable-syslog \
--enable-ipv6=no \
--without-kerberos \
--enable-shared
Samba: ./configure --with-readline \
--with-smbwrapper \
--with-ldap \
--with-ldapsam \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-quotas \
--with-utmp \
--with-vfs
Apparently, the most significative system error log says this:
===============================================
Apr 23 00:09:46 arrakis smbd[22907]: [ID 510469 daemon.error] nss_ldap: could not get LDAP result - Can't contact LDAP server
Apr 23 00:09:46 arrakis last message repeated 1 time
Apr 23 00:09:46 arrakis smbd[22907]: [ID 982204 daemon.info] nss_ldap: reconnecting to LDAP server...
Apr 23 00:09:46 arrakis slapd[159]: [ID 848112 local4.debug] conn=1364 fd=19 ACCEPT from IP=200.132.10.12:34100 (IP=0.0.0.0:389)
Apr 23 00:09:46 arrakis slapd[159]: [ID 347666 local4.debug] conn=1364 op=0 BIND dn="" method=128
Apr 23 00:09:46 arrakis slapd[159]: [ID 217296 local4.debug] conn=1364 op=0 RESULT tag=97 err=0 text=
Apr 23 00:09:46 arrakis smbd[22907]: [ID 569656 daemon.info] nss_ldap: reconnected to LDAP server after 1 attempt(s)
Apr 23 00:09:46 arrakis slapd[159]: [ID 870088 local4.debug] get_filter: unknown filter type=130
Apr 23 00:09:46 arrakis last message repeated 3 times
Apr 23 00:09:46 arrakis slapd[159]: [ID 998954 local4.debug] conn=1364 op=1 SRCH base="dc=domain,dc=mine" scope=2 deref=0 filter="(&(
objectClass=nisNetgroup)(|(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)(?=undefined)
(?=undefined)(?=undefined)(?=undefined)(?=undefined)))"
......
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Failed to set socket option TCP_NODELAY (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/access.c:check_access(328)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Denied connection from (0.0.0.0)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Connection denied from 0.0.0.0
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket_data(430)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] write_socket_data: write failure. Error = Broken pipe
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket(455)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] write_socket: Error writing 5 bytes to socket 5: ERRNO = Broken pipe
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:send_smb(647)
Apr 23 00:10:59 arrakis smbd[22828]: [ID 702911 daemon.error] Error writing 5 bytes to client. -1. (Broken pipe)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:set_socket_options(202)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Failed to set socket option TCP_NODELAY (Error Invalid argument)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/access.c:check_access(328)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Denied connection from (0.0.0.0)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:get_peer_addr(1150)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] getpeername failed. Error was Transport endpoint is not connected
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Connection denied from 0.0.0.0
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket_data(430)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] write_socket_data: write failure. Error = Broken pipe
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:write_socket(455)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] write_socket: Error writing 5 bytes to socket 5: ERRNO = Broken pipe
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] lib/util_sock.c:send_smb(647)
Apr 23 00:10:59 arrakis smbd[22830]: [ID 702911 daemon.error] Error writing 5 bytes to client. -1. (Broken pipe)
Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error] [2005/04/23 00:10:59, 0] smbd/server.c:open_sockets_smbd(388)
Apr 23 00:10:59 arrakis smbd[22723]: [ID 702911 daemon.error] open_sockets_smbd: accept: Software caused connection abort
===============================================
I was read about these errors in the samba-list archives and tried to use some options in my smb.conf (more especifically "keep alive = 60", "smb ports = 445 139" e "use sendfile = no"), but this didn´t result. These errors appears to each 1-5 minutes.
THANKS in advance for ANY help.
More information about the samba
mailing list