[Samba] smbd processes 99% cpu and end-user locks up
Nathan Vidican
nvidican at wmptl.com
Tue Oct 18 20:28:44 GMT 2005
Still having a situation, in particular with Microsoft Office products
(Excel, MS Word, etc), wherein a user locks up while saving a file.
The scenario goes as follows:
user opens up a file (excel document, word document, etc), user changes
file, user hits save, user hangs...
`top` reports an smbd belonging to user locked in some sort of loop
causing 99% cpu utilization.
net status sessions | grep 'usermachinename' reports two smbd processes
belonging to the end user, the first (99% cpu), and the second.
kill <looped process> does nothing, kill -9 takes it out and the
user's machine returns to normal, they save their file and we save the
day until ten minutes later when someone else calls us with the same
problem. This is happening a few time per hour, usually with a handfull
of the same users (about 6-7 users have issues).
We've updated/re-installed the O/S (FreeBSD 6.0-RC1, after same problem
persisted with 5.3-RELEASE and 5.4-RELEASE on amd64 hardware),
re-compiled/installed nss_ldap, pam_ldap, and openldap_2.2.27 from their
respective source-code using the FreeBSD ports collection. Re-poplated
the ldap tree using our slap-cat'd export/backup, and re-compiled a
fresh copy of samba-3.0.20b into prefix of /usr/samba (to isolate it
from the O/S lib/etc/share directories).
After spending the weekend updating the smbd.conf file to match our
shares and previous configuration, smbpasswd -w 'ing, and a 'net set
localsid' all seemed well. Then monday came by, and the end-users
started calling again... frustrated and at a loss, I'm not sure what to
do or try next?
For clarity and in the hope that it may help, I'm attaching a copy of
our smb.conf file, and I've also got log files (gzip'd/attached one)
from the user's machine which have been having/reporting this problem as
well as a copy of our smb.conf file attached. In addition, here's an
excerpt from ldapsearch containing a user and a machine account:
(Machine account)
# wmpest01$, Machines, wmptl.net
dn: uid=wmpest01$,ou=Machines,dc=wmptl,dc=net
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
cn: wmpest01$
sn: wmpest01$
uid: wmpest01$
uidNumber: 3054
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
sambaSID: S-1-5-21-2818898263-1345796712-1011627658-7108
sambaPrimaryGroupSID: S-1-5-21-2818898263-1345796712-1011627658-553
displayName: wmpest01$
sambaPwdCanChange: 1128448805
sambaPwdMustChange: 9223372036854775807
sambaNTPassword: F1EF8A35766B9AC4B3FCEB608FD22106
sambaPwdLastSet: 1128448805
sambaAcctFlags: [W ]
(user account)
# dristovs, People, wmptl.net
dn: uid=dristovs,ou=People,dc=wmptl,dc=net
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: sambaSamAccount
cn: dristovs
uid: dristovs
uidNumber: 1039
gidNumber: 570
homeDirectory: /server/users/dristovs
givenName: Drage
sn: Ristovski
shadowExpire: 22279
loginShell: /usr/local/bin/usershell
gecos: Drage Ristovski
description: Drage Ristovski
shadowLastChange: 12755
userPassword:: e0NSWVBUfXprdXVuSmZLMEtYS3c=
sambaNTPassword: D4B0C8B97E5EE236B8B15720A0EDE30E
sambaLMPassword: B74D2C919D0D1441AAD3B435B51404EE
sambaPwdLastSet: 1102110964
sambaSID: S-1-5-21-2818898263-1345796712-1011627658-3078
sambaPrimaryGroupSID: S-1-5-21-2818898263-1345796712-1011627658-2141
sambaAcctFlags: [UX ]
displayName: drage
sambaHomeDrive: U:
sambaDomainName: WMP
mail: dristovski at wmptl.com
sambaPwdCanChange: 1072846819
sambaPwdMustChange: 1924923619
sambaHomePath: \\WMPTWO\dristovs
sambaProfilePath: \\WMPTWO\PROFILES\dristovs
Not sure what else to try, is it a FreeBSD, an OpenLDAP, or just a samba
issue? I know it's not the hardware, we can sustain constant transfers
via ftp without any packet loss or data degredation from the same
machines having the problem. The problem apparently lies only in
transfers made via smbd that are locking up and I can't understand nor
figure out why. I've tried just about anything I could think of inside
the smb.conf file, some of which you'll see in the attached config file.
Any ideas, suggestions, comments, concerns, or requests for more info
are most welcomed.
--
Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
-------------- next part --------------
# /usr/samba/lib/<an end user>.conf
[global]
log level = 10
-------------- next part --------------
# /usr/samba/lib/shares.conf
[netlogon]
comment = Network Logon Service
path = /server/netlogon
guest ok = yes
read only = yes
share modes = no
write list = @wheel @"Domain Admins"
[Profiles]
path = /server/profiles
read only = no
create mask = 0600
directory mask = 0700
browseable = no
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
valid users = %U @"Domain Admins"
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = yes
printable = yes
valid users = @wheel @"Domain Admins" @everyone
write list = @everyone
create mask = 0770
[public]
comment = Publically accessable share for every user
path = /server/public
browseable = yes
guest ok = no
printable = no
read only = no
create mask = 0666
directory mask = 0777
[cdroms]
comment = Global CD-ROM Archive
path = /server/cdroms
browseable = yes
guest ok = yes
read only = yes
write list = @"Domain Admins" @wheel
[engineering]
comment = Engineering Department Share
path = /server/engineering
browseable = yes
guest ok = no
valid users = @engineering @engineers @wheel @"Domain Admins" @estimating
create mask = 0660
directory mask = 0770
force group = engineers
read only = no
[apps]
comment = Executable files only, installed programs belong here.
path = /server/apps
browseable = yes
read only = no
write list = @wheel @"Domain Admins" @everyone
valid users = @everyone
create mask = 0664
directory mask = 0775
[spc]
comment = SPC Chart Data Share
path = /server/database/main/plant2/spcdata
browseable = yes
read only = yes
write list = dristovs @wheel @"Domain Admins" @qsiso
valid users = @everyone
force group = qsiso
[suppliers]
comment = Supplier Incoming/Outgoing Data Share
path = /server/suppliers
browseable = yes
read only = yes
write list = @wheel @"Domain Admins"
valid users = @wheel @"Domain Admins" @engineering @cmm @estimating
;create mask = 0644
;directory mask = 0755
[cmm]
comment = CMM Users
path = /server/engineering/cmm
browseable = yes
read only = no
write list = @wheel @"Domain Admins" @engineering @engineers @cmm
valid users = @wheel @"Domain Admins" @engineering @engineers @cmm
create mask = 0660
directory mask = 0770
force group = engineers
oplocks = no
[pressline]
comment = Pressline Share
path = /server/engineering/pressline
browseable = yes
read only = no
write list = @engineering @engineers @"Domain Admins" @wheel
valid users = @engineering @engineers @"Domain Admins" @wheel
create mask = 0660
directory mask = 0770
force group = engineers
[qsweb]
comment = QS9000 ISO Group QSWEB Service
path = /server/database/qsweb
browseable = yes
read only = no
guest ok = no
valid users = @qsiso @wheel @"Domain Admins"
write list = @qsiso @wheel @"Domain Admins"
[address]
comment = Prviously Common/Address
path = /server/common/address
browseable = yes
read only = no
guest ok = no
valid users = @everyone
write list = @everyone
;create mask = 0664
;directory mask = 0775
force group = everyone
[common]
comment = Common Drive
path = /server/common
browseable = yes
read only = no
guest ok = no
valid users = @everyone
write list = @everyone
force group = everyone
[qs9000]
comment = QS9000 Directory
path = /server/qs9000
browseable = yes
read only = no
guest ok = no
valid users = @everyone
write list = @qsiso
force group = qsiso
[tlgnotes]
comment = Tooling Notes
path = /server/msword/tlgnotes
browseable = yes
read only = no
guest ok = no
valid users = @tlgnotes @wheel @"Domain Admins"
write list = @tlgnotes @wheel @"Domain Admins"
force group = tlgnotes
browseable = yes
[exe-recptn]
comment = Old exe/recptn Folder
path = /server/exe/recptn
browseable = yes
read only = no
valid users = @recptn @wheel @"Domain Admins"
write list = @recptn @wheel @"Domain Admins"
force group = recptn
[exe-cnash]
comment = Old exe Folder
path = /server/exe/cnash
browseable = yes
read only = no
valid users = @exe-cnash @wheel @"Domain Admins"
write list = @exe-cnash @wheel @"Domain Admins"
force group = exe-cnash
[exe-forman]
comment = Old exe Folder
path = /server/exe/forman
browseable = yes
read only = no
valid users = @exe-forman @wheel @"Domain Admins"
write list = @exe-forman @wheel @"Domain Admins"
force group = exe-forman
[exe-ccope]
comment = Old exe Folder
path = /server/exe/ccope
browseable = yes
read only = no
valid users = @exe-ccope @wheel @"Domain Admins"
write list = @exe-ccope @wheel @"Domain Admins"
force group = exe-ccope
[exe-recptn-quattro-data]
comment = Sub-dir quattro/data of wmptwo/recptn/
path = /server/exe/recptn/quattro/data
browseable = yes
read only = no
valid users = @recptn @wheel @"Domain Admins"
write list = @recptn @wheel @"Domain Admins"
force group = recptn
[exe-jruthven]
comment = Sub-Dir server/exe/jruthven
path = /server/exe/jruthven
browseable = yes
read only = no
valid users = @exe-jruthven @wheel @"Domain Admins"
write list = @exe-jruthven @wheel @"Domain Admins"
force group = exe-jruthven
[qpwdata]
comment = server/quattro/data dir
path = /server/quattro/data
browseable = yes
read only = no
valid users = @qpwdata @wheel @"Domain Admins"
write list = @qpwdata @wheel @"Domain Admins"
force group = qpwdata
[attend]
comment = server/quattro/attend dir
path = /server/quattro/attend
browseable = yes
read only = no
valid users = @attend @wheel @"Domain Admins"
write list = @attend @wheel @"Domain Admins"
force group = attend
[big-guys]
comment = server/quattro/big-guys
path = /server/quattro/big-guys
browseable = yes
read only = no
valid users = @big-guys @wheel @"Domain Admins"
write list = @big-guys @wheel @"Domain Admins"
force group = big-guys
[hrm]
comment = server/quattro/hrm
path = /server/quattro/hrm
browseable = yes
read only = no
valid users = @hrm @wheel @"Domain Admins"
write list = @hrm @wheel @"Domain Admins"
force group = hrm
[bookies]
comment = server/quattro/bookies
path = /server/quattro/bookies
browseable = yes
read only = no
valid users = @bookies @wheel @"Domain Admins"
write list = @bookies @wheel @"Domain Admins"
force group = bookies
[logistics]
comment = Logistics Share
path = /server/logistics
browseable = yes
read only = no
valid users = @logistics @wheel @"Domain Admins"
write list = @logistics @wheel @"Domain Admins"
force group = logistics
[bookies-km]
comment = bookies/mcneil
path = /server/quattro/bookies/mcneil
browseable = yes
read only = no
valid users = @bookies @wheel @"Domain Admins"
write list = @bookies @wheel @"Domain Admins"
force group = bookies
[bookies-cb]
comment = bookies/boakes
path = /server/quattro/bookies/boakes
browseable = yes
read only = no
valid users = @bookies @wheel @"Domain Admins"
write list = @bookies @wheel @"Domain Admins"
level2 oplocks = no
oplocks = no
force group = bookies
[bookies-rc]
comment = bookies/reception
path = /server/quattro/bookies/reception
browseable = yes
read only = no
valid users = @bookies @wheel @"Domain Admins"
write list = @bookies @wheel @"Domain Admins"
force group = bookies
[bookies-pr-build]
comment = server/quattro/bookies/payroll/build
path = /server/quattro/bookies/payroll/build
browseable = yes
read only = no
valid users = @bookies @wheel @"Domain Admins"
write list = @bookies @wheel @"Domain Admins"
force group = bookies
[qpwdata-user]
comment = Individual User dir of QPWDATA
path = /server/quattro/data/%U
browseable = yes
read only = no
valid users = @qpwdata @"Domain Admins" @wheel
write list = @qpwdata @"Domain Admins" @wheel
force group = qpwdata
[qpwdata-purch]
comment = data-purch
path = /server/quattro/data/purch
browseable = yes
read only = no
valid users = @qpwdata @"Domain Admins" @wheel
write list = @qpwdata @"Domain Admins" @wheel
force group = qpwdata
[qpwdata-envelope]
comment = data-cbaker-envelope
path = /server/quattro/data/cbaker/envelope
browseable = yes
read only = no
valid users = @qpwdata @"Domain Admins" @wheel
write list = @qpwdata @"Domain Admins" @wheel
[cprdata]
comment = Mike's Hydrotel
path = /server/users/cpr
browseable = yes
read only = no
valid users = @engineers @engineering
write list = @engineers @engineering
force group = engineers
-------------- next part --------------
# /usr/samba/lib/smb.conf
[global]
workgroup = WMP
server string = WMPTL Backup Domain Controller
security = user
netbios name = WMPTWO
hosts allow = 10.0.0. 127.
load printers = yes
printing = cups
printcap name = cups
printer admin = @"Print Operators"
show add printer wizard = yes
case sensitive = no
preserve case = no
guest account = wmpguest
log file = /var/log/samba/%m.log
max log size = 5000
log level = 2 user : 1
passdb backend = ldapsam:ldap://10.0.0.77:389 ldapsam:ldap://10.0.0.80:389
ldap suffix = dc=wmptl,dc=net
ldap machine suffix = ou=Machines
ldap user suffix = ou=People
ldap idmap suffix = ou=People
ldap group suffix = ou=Groups
ldap admin dn = "cn=Manager,dc=wmptl,dc=net"
ldap passwd sync = yes
ldapsam:trusted = yes
time server = yes
cups options = "raw"
admin users = @"Domain Admins" @wheel Administrator
add machine script = /server/bin/smbldap-tools/smbldap-useradd.pl -m "%u"
ldap delete dn = yes
# delete user script = /server/bin/smbldap-tools/smbldap-userdel.pl "%u"
add group script = /server/bin/smbldap-tools/smbldap-groupadd.pl -p "%g"
add user to group script = /server/bin/smbldap-tools/smbldap-groupmod.pl -m "%u" "%g"
delete user from group script = /server/bin/smbldap-tools/smbldap-groupmod.pl -x "%u" "%g"
set primary group script = /server/bin/smbldap-tools/smbldap-groupmod.pl -g "%g" "%u"
socket options = TCP_NODELAY
interfaces = 10.0.0.77/24 127.0.0.1/8
bind interfaces only = yes
local master = no
os level = 32
domain master = no
preferred master = no
domain logons = yes
encrypt passwords = yes
passwd program = /server/bin/smbldap-tools/smbldap-passwd.pl -u %u
passwd chat = "Changing password for*\nNew Password*" %n\n "*Retype new password*" %n\n
logon script = everyone.bat
logon path = \\WMPTWO\Profiles\%U
wins support = no
wins server = 10.0.0.80
wins proxy = no
dns proxy = no
map to guest = Bad User
create mask = 0664
directory mask = 0775
level2 oplocks = no
oplocks = no
veto oplock files = /*.mdb/
dos filetimes = yes
getwd cache = no
read raw = yes
write raw = yes
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
valid users = %U
read only = no
create mask = 0660
directory mask = 0770
browseable = no
oplocks = no
include = /usr/samba/lib/%u.conf
include = /usr/samba/lib/shares.conf
More information about the samba
mailing list