[Samba] samba shares fail after active directory reboot

Hong K Phooey hkp at insightbb.com
Mon Jan 17 08:37:19 MST 2011 

We have a samba server that uses active directory security.  We have three active directory servers and use a dfs namespace (test.local) to encompass those three servers.  We currently are using password server = TEST.local, but have had all three AD servers listed, but it has not helped.

Whenever ANY of those servers go down for maintenance, the samba shares do not come up and restarting the winbind and smb services does not seem to help.  We have to reboot the linux box for the shares to show up again.

Should samba not try to query one of the other two servers when one is down?  It does not appear to do so, or we have failed to modify a setting that will allow that.

Any assistance with this issue would be appreciated.

Here are the log entries for the failure:

[2011/01/15 11:19:28,  1] smbd/sesssetup.c:464(reply_spnego_kerberos)
  Username TEST\sql-svc-agent-prod is invalid on this system
[2011/01/15 11:19:28,  0] lib/util_sock.c:738(write_data)
[2011/01/15 11:19:28,  0] lib/util_sock.c:1491(get_peer_addr_internal)
  getpeername failed. Error was Transport endpoint is not connected
  write_data: write failure in writing to client 0.0.0.0. Error Broken pipe
[2011/01/15 11:19:28,  0] smbd/process.c:62(srv_send_smb)
  Error writing 39 bytes to client. -1. (Transport endpoint is not connected)

PDC: windows 2008 R2
Samba: 3.4.7 on ubuntu 10.4

Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = TEST
        realm = TEST.LOCAL
        server string = %h server (Samba, Ubuntu)
        security = ADS
        map to guest = Bad User
        obey pam restrictions = Yes
        password server = TEST.local
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        machine password timeout = 0
        domain master = No
        dns proxy = No
        usershare allow guests = Yes
        panic action = /usr/share/samba/panic-action %d
        idmap uid = 500-10000000
        idmap gid = 500-10000000
        template shell = /bin/bash
        winbind refresh tickets = Yes
        create mask = 0664
        hosts deny = 172.17.4.0/255.255.255.0, 172.19.4.0/255.255.255.0

[printers]
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No
        browsable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

More information about the samba mailing list