[Samba] TDB Corruption.
linuxaddict7 at gmail.com
Thu Jan 8 15:18:33 GMT 2009
Michael Adam wrote:
> Linux Addict wrote:
>> Hello, I have relatively a large setup where RHEL 4 authenticating MS
>> W2K3 R2. Every often a host may not be able to authenticate due tdb
>> corruption and we had to rm the *.tdb and files and restart the winbind
>> which would create fresh tdb files. I guess Redhat acknowledged the
>> issue here. http://kbase.redhat.com/faq/docs/DOC-4842 My question is,
>> is this something caused by samba itself or the underlying OS. If samba,
>> are we tracking this? I know I can use LDAP backend, but I am using RID
>> to eliminate layer of admin work by not entering UIDs for each user.
>> Any hint is appreciated.
> How do you tell it is tdb corruption?
> Are all tdbs corrputed or just some?
> (Or why do you erase all of the tdb files?...)
The user may not be able to login or get a message like "No Such UID".
Once tdb(all) files are cleared, then it will start working.
> TDB corruption has been seen on various versions of the reiser
> file system due to broken implementations of memory mapping.
> If your tdb files do reside on a reiser partition you might
> 1. move them to some other partition (ext3, xfs, ...) or
We use ext3
> 2. set "use mmap = no" in the [global] section of smb.conf,
> trading speed for reliability.
I am going to try this.
> Generally, it is a good idea to run "tdbbackup" regularly on the
> important tdb files (secrets.tdb, passdb.tdb, winbindd_idmap.tdb, ...)
> Then you can simply restore your backup with "tdbbackup -v" if
> corruption occurs. Also for doing file system backups, these
> tdbbackup files are useful.
Currently we delete the tdb files and restart the winbind to create new
ones. Is it not the same as restoring from backup?
My smb.conf file below. Let me know if its not optimal.
workgroup = DOMAIN-A
realm = DOMAIN-A.COM
server string = RHEL 4 x86_64
security = ADS
obey pam restrictions = Yes
client NTLMv2 auth = Yes
log level = 5
log file = /var/log/winbind
local master = No
dns proxy = No
panic action = /usr/share/samba/panic-action %d
idmap domains = default, DOMAIN-A, DOMAIN-B
idmap alloc backend = tdb
idmap uid = 10000 - 99999
idmap gid = 10000 - 99999
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 10
winbind refresh tickets = Yes
winbind offline logon = Yes
idmap config DOMAIN-B:range = 10000 - 99999
idmap config DOMAIN-B:backend = rid
idmap config DOMAIN-A:range = 100000 - 199999
idmap config DOMAIN-A:backend = rid
idmap config default:default = Yes
invalid users = root
> Cheers - Michael
More information about the samba