[Samba] Samba4 on Ubuntu server
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 19 00:44:10 MST 2014
>>> I am running samba 4.1.9 compiled with internal dns.
Please upgrade first to the latest samba version before be can investigate whats going on.
The lastest is 4.1.14 now and lots have happend in betweeen.
Greetz,
Louis
>-----Oorspronkelijk bericht-----
>Van: ricky.nance at gmail.com
>[mailto:samba-bounces at lists.samba.org] Namens Ricky Nance
>Verzonden: donderdag 18 december 2014 23:48
>Aan: Rowland Penny
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba4 on Ubuntu server
>
>On Thu, Dec 18, 2014 at 10:39 AM, Rowland Penny
><rowlandpenny at googlemail.com
>> wrote:
>>
>> On 18/12/14 16:19, Germ van Eck wrote:
>>
>>> Not sure about the high CPU load, but you have the [netlogon] share
>>> twice in your smb.conf. Your first matches mine, have you added the
>>> second yourself?
>>> The second one looks weird with 2 path definitions.
>>> Cj Tibbetts schreef op do 18-12-2014 om 08:59 [-0700]:
>>>
>>>> New to linux and new to Samba so any direction in
>troubleshooting would
>>>> be
>>>> helpful. Here is what I have so far.
>>>>
>>>> Within a half an hour of a reboot of the server my cpu reaches high
>>>> numbers
>>>> and becomes slow to respond on all actions. With my limited
>>>> understanding I
>>>> have used vmstat to observe the system. I noticed is that
>the numbers of
>>>> forks grows from 1-2k to 43k within 30 minutes after
>reboot. I saw a dns
>>>> error in a log file at one point but now I don’t remember
>where. I am
>>>> running samba 4.1.9 compiled with internal dns. I have 2
>other DC’s that
>>>> are not properly replicating and a third that is
>completely silent even
>>>> when the FSMO is crashing. Here are some logs and smb.conf to get
>>>> started.
>>>>
>>>> [2014/12/16 07:47:59.925907, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'cdn.beanstock.com', forwarding
>>>>
>>>> [2014/12/16 07:47:59.929961, 2]
>>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
>>>>
>>>> Got a dns update request.
>>>>
>>>> [2014/12/16 07:47:59.931044, 2]
>>>> ../source4/dns_server/dns_update.c:721(dns_update_allowed)
>>>>
>>>> Update not allowed for unsigned packet.
>>>>
>>>> [2014/12/16 07:48:00.197341, 1]
>>>> ../source4/dns_server/dns_query.c:526(handle_tkey)
>>>>
>>>> Tkey handshake completed
>>>>
>>>> [2014/12/16 07:48:00.198457, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'helix.beanstock.co', forwarding
>>>>
>>>> [2014/12/16 07:48:00.199562, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'loadm.exelator.com', forwarding
>>>>
>>>> [2014/12/16 07:48:00.199884, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'mpp.vindicosuite.com', forwarding
>>>>
>>>> [2014/12/16 07:48:02.128537, 3]
>>>> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
>>>>
>>>> ldb_wrap open of secrets.ldb
>>>>
>>>> [2014/12/16 07:48:02.284734, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'p.raasnet.com', forwarding
>>>>
>>>> [2014/12/16 07:48:02.285459, 3]
>>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>>>>
>>>> Terminating connection - 'dns_tcp_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED'
>>>>
>>>> [2014/12/16 07:48:02.285767, 3]
>>>> ../source4/smbd/process_single.c:114(single_terminate)
>>>>
>>>> single_terminate: reason[dns_tcp_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED]
>>>>
>>>> [2014/12/16 07:48:02.286168, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'adadvisor.net', forwarding
>>>>
>>>> [2014/12/16 07:48:02.286615, 2]
>>>>
>../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
>>>>
>>>> Not authoritative for 'sync.teads.tv', forwarding
>>>>
>>>> [2014/12/16 07:48:03.535189, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
>>>>
>>>> Failed to connect host 10.2.10.10 on port 135 -
>>>> NT_STATUS_CONNECTION_REFUSED
>>>>
>>>> [2014/12/16 07:48:03.599416, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
>>>>
>>>> Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
>>>> b63fd5a29b11._
>>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
>>>>
>>>> [2014/12/16 07:48:03.862288, 2]
>>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
>>>>
>>>> Got a dns update request.
>>>>
>>>> [2014/12/16 07:48:03.863345, 2]
>>>> ../source4/dns_server/dns_update.c:721(dns_update_allowed)
>>>>
>>>> Update not allowed for unsigned packet.
>>>>
>>>> [2014/12/16 07:48:04.324020, 1]
>>>> ../source4/dns_server/dns_query.c:526(handle_tkey)
>>>>
>>>> Tkey handshake completed
>>>>
>>>> [2014/12/16 07:48:04.770196, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
>>>>
>>>> Failed to connect host 10.2.10.10 on port 135 -
>>>> NT_STATUS_CONNECTION_REFUSED
>>>>
>>>> [2014/12/16 07:48:04.770671, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
>>>>
>>>> Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
>>>> b63fd5a29b11._
>>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
>>>>
>>>> [2014/12/16 07:48:05.781269, 2]
>>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
>>>>
>>>> Got a dns update request.
>>>>
>>>> [2014/12/16 07:48:08.091355, 3]
>>>>
>../libcli/auth/schannel_state_tdb.c:181(schannel_fetch_session_key_tdb)
>>>>
>>>> schannel_fetch_session_key_tdb: restored schannel info key
>>>> SECRETS/SCHANNEL/HASERVER1
>>>>
>>>> [2014/12/16 07:48:08.091672, 3]
>>>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>>>>
>>>> auth_check_password_send: Checking password for unmapped user
>>>> [A0218]\[Teacher]@[A0218]
>>>>
>>>> auth_check_password_send: mapped user is: [AD]\[Teacher]@[A0218]
>>>>
>>>> [2014/12/16 07:48:08.094254, 3]
>>>> ../source4/auth/ntlm/auth_sam.c:61(authsam_search_account)
>>>>
>>>> sam_search_user: Couldn't find user [Teacher] in samdb, under
>>>> DC=ad,DC=ha,DC=net
>>>>
>>>> [2014/12/16 07:48:08.094435, 2]
>>>> ../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
>>>>
>>>> auth_check_password_recv: sam_ignoredomain
>authentication for user
>>>> [AD\Teacher] FAILED with error NT_STATUS_NO_SUCH_USER
>>>>
>>>> [2014/12/16 07:48:08.095864, 3]
>>>> ../source4/rpc_server/dcerpc_server.c:963(dcesrv_request)
>>>>
>>>> [2014/12/16 07:48:08.376870, 2]
>>>> ../source4/dns_server/dns_update.c:398(handle_one_update)
>>>>
>>>> Looking at record:
>>>>
>>>> [2014/12/16 07:48:08.377765, 2]
>>>> ../source4/dns_server/dns_update.c:399(handle_one_update)
>>>>
>>>> [2014/12/16 07:48:08.377821, 1] ../librpc/ndr/ndr.c:296(ndr_
>>>> print_debug)
>>>>
>>>> discard_const(update): struct dns_res_rec
>>>>
>>>> name : 'A3003.ad.ha.net'
>>>>
>>>> rr_type : DNS_QTYPE_A (0x1)
>>>>
>>>> rr_class : DNS_QCLASS_ANY (0xFF)
>>>>
>>>> ttl : 0x00000000 (0)
>>>>
>>>> length : 0x0000 (0)
>>>>
>>>> rdata : union dns_rdata(case 0x1)
>>>>
>>>> ipv4_record : (null)
>>>>
>>>> unexpected : DATA_BLOB length=0
>>>>
>>>> [2014/12/16 07:48:08.384693, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
>>>>
>>>> Failed to connect host 10.2.10.10 on port 135 -
>>>> NT_STATUS_CONNECTION_REFUSED
>>>>
>>>> [2014/12/16 07:48:08.385357, 0]
>>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
>>>>
>>>> Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
>>>> b63fd5a29b11._
>>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
>>>>
>>>> [2014/12/16 07:48:08.704073, 3]
>>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>>>>
>>>> Terminating connection - 'ldapsrv_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED'
>>>>
>>>> [2014/12/16 07:48:08.704509, 3]
>>>> ../source4/smbd/process_single.c:114(single_terminate)
>>>>
>>>> single_terminate: reason[ldapsrv_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED]
>>>>
>>>> [2014/12/16 07:48:09.211098, 3]
>>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>>>>
>>>> Terminating connection - 'ldapsrv_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED'
>>>>
>>>> [2014/12/16 07:48:09.211753, 3]
>>>> ../source4/smbd/process_single.c:114(single_terminate)
>>>>
>>>> single_terminate: reason[ldapsrv_call_loop:
>>>> tstream_read_pdu_blob_recv()
>>>> - NT_STATUS_CONNECTION_DISCONNECTED]
>>>>
>>>> [2014/12/16 07:48:09.654492, 3]
>>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>>>>
>>>> Terminating connection - 'dcesrv:
>NT_STATUS_CONNECTION_DISCONNECTED'
>>>>
>>>> [2014/12/16 07:48:09.655160, 3]
>>>> ../source4/smbd/process_single.c:114(single_terminate)
>>>>
>>>> single_terminate: reason[dcesrv:
>NT_STATUS_CONNECTION_DISCONNECTED]
>>>>
>>>> [2014/12/16 07:48:09.655573, 3]
>>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
>>>>
>>>> Terminating connection - 'dcesrv:
>NT_STATUS_CONNECTION_DISCONNECTED'
>>>>
>>>> [2014/12/16 07:48:09.655906, 3]
>>>> ../source4/smbd/process_single.c:114(single_terminate)
>>>>
>>>> single_terminate: reason[dcesrv:
>NT_STATUS_CONNECTION_DISCONNECTED]
>>>>
>>>> [2014/12/16 07:48:10.979974, 0]
>>>> ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
>>>>
>>>> ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
>>>> NT_STATUS_IO_TIMEOUT
>>>>
>>>> [2014/12/16 07:48:12.915321, 2]
>>>> ../source4/dns_server/dns_update.c:398(handle_one_update)
>>>>
>>>> Looking at record:
>>>>
>>>> [2014/12/16 07:48:12.915515, 2]
>>>> ../source4/dns_server/dns_update.c:399(handle_one_update)
>>>>
>>>> [2014/12/16 07:48:12.915557, 1] ../librpc/ndr/ndr.c:296(ndr_
>>>> print_debug)
>>>>
>>>> discard_const(update): struct dns_res_rec
>>>>
>>>> name : 'A3003.ad.ha.net'
>>>>
>>>> rr_type : DNS_QTYPE_A (0x1)
>>>>
>>>> rr_class : DNS_QCLASS_IN (0x1)
>>>>
>>>> ttl : 0x000004b0 (1200)
>>>>
>>>> length : 0x0004 (4)
>>>>
>>>> rdata : union dns_rdata(case 0x1)
>>>>
>>>> ipv4_record : 10.3.12.100
>>>>
>>>> unexpected : DATA_BLOB length=0
>>>>
>>>>
>>>>
>>>> smb.conf
>>>>
>>>> # Global parameters
>>>>
>>>> [global]
>>>>
>>>> workgroup = AD
>>>>
>>>> realm = AD.HA.NET
>>>>
>>>> netbios name = HAM1
>>>>
>>>> server role = active directory domain controller
>>>>
>>>> dns forwarder = 8.8.8.8
>>>>
>>>> # dns forwarder = 10.1.254.2
>>>>
>>>> idmap_ldb:use rfc2307 = yes
>>>>
>>>> # added 20141215 to quash printer status errors
>>>>
>>>> printing = bsd
>>>>
>>>> printcap name = /dev/null
>>>>
>>>> log level = 3
>>>>
>>>>
>>>>
>>>> [netlogon]
>>>>
>>>> path = /usr/local/samba/var/locks/sysvol/ad.ha.net/scripts
>>>>
>>>> read only = No
>>>>
>>>>
>>>>
>>>> [sysvol]
>>>>
>>>> path = /usr/local/samba/var/locks/sysvol el = 3
>read only = No
>>>> [netlogon]
>>>>
>>>> path = /usr/local/samba/var/locks/sysvol/ad.ha.net/scripts
>>>>
>>>> read only = No [sysvol]
>>>>
>>>> path = /usr/local/samba/var/locks/sysvol
>>>>
>>>> read only = No
>>>>
>>>
>>>
>> He has also got [sysvol] twice and just what is 'el =3' ?
>>
>> either it is a very bad 'cut & paste' error or he needs to remove the
>> extra shares.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
>CJ, can you give us the exact output from "samba-tool testparm
>--suppress-prompt"? You mentioned you were having dns issues, does
>"samba-tool dbcheck --cross-ncs" show any errors?
>
>I'd also be interested in seeing the output from ps_mem.py ran every 5
>mins. You can do this by downloading the script, doing crontab -e, and
>putting in a line like
>
>*/5 * * * * date >> /root/memusage.txt && /path/to/ps_mem.py | grep
>"samba\|mbd" >> /root/memusage.txt && echo -e "\n\n\n" >>
>/root/memusage.txt
>
>You can download ps_mem at
>https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
>This will give you a file named /root/memusage.txt and it will
>add lines
>every 5 mins with the total memory usage of samba.
>
>Ricky
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list