[Samba] member server 3.0.23c drives me nuts

Robert Gehr robert.gehr at baumann-gmbh.de
Mon Oct 9 14:06:00 GMT 2006

Hello everybody

First of all thanks to the developer team in providing the samba suite.
I have been running samba servers for serveral years now but 3.0.23c 
just drives me nuts.

I have a PDC and BDC running samba 3.0.23c with openldap as backend and 
also a samba member server trying to run 2.0.23c.
The member server is the primary file server so I can't play with it all 
that much.
The member server was running 3.0.22 before without any problems. Last 
night I upgraded to 3.0.23c and the fun began.

Things I observed:

1) Random people just could not mount any shares on the member server 
anymore or the mount process took very very long. All of a sudden, they 
could connect to the shares again at normal speed without me changing 

2) I could not log in to the member server anymore via ssh and also not 
on the console. The server just didn't give me a shell. This led me to 
resetting the server who had an uptime of almost 600 days. This is 
actually what grieves me most ;-)

After poking around a bit I found in log.winbindd

[2006/10/09 14:41:41, 0] nsswitch/winbindd.c:process_loop(832)
   winbindd: Exceeding 200 client connections, no idle connection found
[2006/10/09 14:41:41, 0] nsswitch/winbindd.c:request_main_recv(556)
   malloc failed

googling I found someone describing the same problem and also not being 
able to log into his box anymore.
If I kill winbindd and fire it up again it works for about an hour or 
two before the message appears again.
wbinfo -u then produces an error like "Cannot connect to DOMAIN" or 
something like that.

3) When trying to assign acls in windows to files joe suddenly appears 
as "joe (Unix User\joe)" instead of "joe (MYDOMAIN\joe)"

Here goes the global part of smb.conf on the member server.

    unix charset = ISO8859-1
    display charset = ISO8859-1
    workgroup = MYDOM
    server string = %h (Samba %v)
    interfaces =
    security = DOMAIN
    password server = pdc, bdc
    deadtime = 10
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    wins server = pdc
    kernel oplocks = No
    ldap admin dn = cn=admin,dc=mydom,dc=de
    ldap group suffix = ou=groups
    ldap idmap suffix = ou=idmap
    ldap machine suffix = ou=computers
    ldap suffix = dc=mydom,dc=de
    ldap ssl = start tls
    ldap user suffix = ou=people
    idmap backend = ldap:ldap://pdc.mydom.de
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    winbind trusted domains only = Yes
    acl group control = Yes
    create mask = 00
    force create mode = 0775
    directory mask = 00
    force directory mode = 0775
    map acl inherit = Yes
    veto oplock files = /*.xls/*.doc/*.mdb
    level2 oplocks = No
    strict locking = No
    log level = 1

What am I missing or am I getting too old for the job??

Help is greatly appreciated.

Best Regards
Robert Gehr

"Technological progress has merely provided us
  with more efficient means for going backwards"

~ Aldous Huxley

   /\ /_          o__
o*  ~(_)         ,>/'_      o__
Robert Gehr     (_)\(_)     ,>/'_   o__       o__
Baumann GmbH, 92224 Amberg (_)\(_)  ,>/'_     ,>/'_
visit: http://www.baumann-gmbh.de  (_)\(_)   (_)\(_)

More information about the samba mailing list