[Samba] Samba4 on Ubuntu server

Cj Tibbetts cjtibbetts at heritageacademyaz.com
Fri Dec 19 08:32:01 MST 2014


@Ricky
I ran the first 2 commands and here is what I have so far.
samba-tool testparm --suppress-prompt

# Global parameters
[global]
        workgroup = AD
        realm = AD.HA.NET
        netbios name = HAM1
        server role = active directory domain controller
        log level = 3
        printcap name = /dev/null
        dns forwarder = 10.1.254.2
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/ad.ha.net/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

samba-tool dbcheck --cross-ncs
root at ham1:/usr/local/samba/bin# time ./samba-tool dbcheck --cross-ncs
Checking 212546 objects

The last command of dbcheck is still running after 7 hrs. In a seperate
terminal I ran top and it showed using cpu.
Was I supposed to have samba running or not for this command?
I ran samba-tool dbcheck (without --cross-ncs) first and it came back after
a few minutes.



@L.P.H van Belle
I do want to upgrade. In fact I want to switch to binary packages to better
ease the upgrade proccess. Do you have any upgrade documentation that I can
read specifically for a samba compiled package? I am concerned that my FSMO
will not survive and take my 1100 users on 300 devices offline completely.
I have no secondary DC properly running. How can I ascertain if the upgrade
will solve the problem or make it worse? Again any insight is welcomed.


On Fri, Dec 19, 2014 at 12:44 AM, L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> >>>  I am running samba 4.1.9 compiled with internal dns.
>
> Please upgrade first to the latest samba version before be can investigate
> whats going on.
>
> The lastest is 4.1.14 now and lots have happend in betweeen.
>
> Greetz,
>
> Louis
>
>
> >-----Oorspronkelijk bericht-----
> >Van: ricky.nance at gmail.com
> >[mailto:samba-bounces at lists.samba.org] Namens Ricky Nance
> >Verzonden: donderdag 18 december 2014 23:48
> >Aan: Rowland Penny
> >CC: samba at lists.samba.org
> >Onderwerp: Re: [Samba] Samba4 on Ubuntu server
> >
> >On Thu, Dec 18, 2014 at 10:39 AM, Rowland Penny
> ><rowlandpenny at googlemail.com
> >> wrote:
> >>
> >> On 18/12/14 16:19, Germ van Eck wrote:
> >>
> >>> Not sure about the high CPU load, but you have the [netlogon] share
> >>> twice in your smb.conf. Your first matches mine, have you added the
> >>> second yourself?
> >>> The second one looks weird with 2 path definitions.
> >>> Cj Tibbetts schreef op do 18-12-2014 om 08:59 [-0700]:
> >>>
> >>>> New to linux and new to Samba so any direction in
> >troubleshooting would
> >>>> be
> >>>> helpful. Here is what I have so far.
> >>>>
> >>>> Within a half an hour of a reboot of the server my cpu reaches high
> >>>> numbers
> >>>> and becomes slow to respond on all actions. With my limited
> >>>> understanding I
> >>>> have used vmstat to observe the system. I noticed is that
> >the numbers of
> >>>> forks grows from 1-2k to 43k within 30 minutes after
> >reboot. I saw a dns
> >>>> error in a log file at one point but now I don’t remember
> >where.  I am
> >>>> running samba 4.1.9 compiled with internal dns.  I have 2
> >other DC’s that
> >>>> are not properly replicating and a third that is
> >completely silent even
> >>>> when the FSMO is crashing.  Here are some logs and smb.conf to get
> >>>> started.
> >>>>
> >>>> [2014/12/16 07:47:59.925907,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>   Not authoritative for 'cdn.beanstock.com', forwarding
> >>>>
> >>>> [2014/12/16 07:47:59.929961,  2]
> >>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
> >>>>
> >>>>    Got a dns update request.
> >>>>
> >>>> [2014/12/16 07:47:59.931044,  2]
> >>>> ../source4/dns_server/dns_update.c:721(dns_update_allowed)
> >>>>
> >>>>    Update not allowed for unsigned packet.
> >>>>
> >>>> [2014/12/16 07:48:00.197341,  1]
> >>>> ../source4/dns_server/dns_query.c:526(handle_tkey)
> >>>>
> >>>>    Tkey handshake completed
> >>>>
> >>>> [2014/12/16 07:48:00.198457,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'helix.beanstock.co', forwarding
> >>>>
> >>>> [2014/12/16 07:48:00.199562,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'loadm.exelator.com', forwarding
> >>>>
> >>>> [2014/12/16 07:48:00.199884,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'mpp.vindicosuite.com', forwarding
> >>>>
> >>>> [2014/12/16 07:48:02.128537,  3]
> >>>> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> >>>>
> >>>>    ldb_wrap open of secrets.ldb
> >>>>
> >>>> [2014/12/16 07:48:02.284734,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'p.raasnet.com', forwarding
> >>>>
> >>>> [2014/12/16 07:48:02.285459,  3]
> >>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >>>>
> >>>>    Terminating connection - 'dns_tcp_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED'
> >>>>
> >>>> [2014/12/16 07:48:02.285767,  3]
> >>>> ../source4/smbd/process_single.c:114(single_terminate)
> >>>>
> >>>>    single_terminate: reason[dns_tcp_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED]
> >>>>
> >>>> [2014/12/16 07:48:02.286168,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'adadvisor.net', forwarding
> >>>>
> >>>> [2014/12/16 07:48:02.286615,  2]
> >>>>
> >../source4/dns_server/dns_query.c:629(dns_server_process_query_send)
> >>>>
> >>>>    Not authoritative for 'sync.teads.tv', forwarding
> >>>>
> >>>> [2014/12/16 07:48:03.535189,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 on port 135 -
> >>>> NT_STATUS_CONNECTION_REFUSED
> >>>>
> >>>> [2014/12/16 07:48:03.599416,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
> >>>> b63fd5a29b11._
> >>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
> >>>>
> >>>> [2014/12/16 07:48:03.862288,  2]
> >>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
> >>>>
> >>>>    Got a dns update request.
> >>>>
> >>>> [2014/12/16 07:48:03.863345,  2]
> >>>> ../source4/dns_server/dns_update.c:721(dns_update_allowed)
> >>>>
> >>>>    Update not allowed for unsigned packet.
> >>>>
> >>>> [2014/12/16 07:48:04.324020,  1]
> >>>> ../source4/dns_server/dns_query.c:526(handle_tkey)
> >>>>
> >>>>    Tkey handshake completed
> >>>>
> >>>> [2014/12/16 07:48:04.770196,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 on port 135 -
> >>>> NT_STATUS_CONNECTION_REFUSED
> >>>>
> >>>> [2014/12/16 07:48:04.770671,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
> >>>> b63fd5a29b11._
> >>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
> >>>>
> >>>> [2014/12/16 07:48:05.781269,  2]
> >>>> ../source4/dns_server/dns_update.c:764(dns_server_process_update)
> >>>>
> >>>>    Got a dns update request.
> >>>>
> >>>> [2014/12/16 07:48:08.091355,  3]
> >>>>
> >../libcli/auth/schannel_state_tdb.c:181(schannel_fetch_session_key_tdb)
> >>>>
> >>>>    schannel_fetch_session_key_tdb: restored schannel info key
> >>>> SECRETS/SCHANNEL/HASERVER1
> >>>>
> >>>> [2014/12/16 07:48:08.091672,  3]
> >>>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
> >>>>
> >>>>    auth_check_password_send: Checking password for unmapped user
> >>>> [A0218]\[Teacher]@[A0218]
> >>>>
> >>>>    auth_check_password_send: mapped user is: [AD]\[Teacher]@[A0218]
> >>>>
> >>>> [2014/12/16 07:48:08.094254,  3]
> >>>> ../source4/auth/ntlm/auth_sam.c:61(authsam_search_account)
> >>>>
> >>>>    sam_search_user: Couldn't find user [Teacher] in samdb, under
> >>>> DC=ad,DC=ha,DC=net
> >>>>
> >>>> [2014/12/16 07:48:08.094435,  2]
> >>>> ../source4/auth/ntlm/auth.c:420(auth_check_password_recv)
> >>>>
> >>>>    auth_check_password_recv: sam_ignoredomain
> >authentication for user
> >>>> [AD\Teacher] FAILED with error NT_STATUS_NO_SUCH_USER
> >>>>
> >>>> [2014/12/16 07:48:08.095864,  3]
> >>>> ../source4/rpc_server/dcerpc_server.c:963(dcesrv_request)
> >>>>
> >>>> [2014/12/16 07:48:08.376870,  2]
> >>>> ../source4/dns_server/dns_update.c:398(handle_one_update)
> >>>>
> >>>>    Looking at record:
> >>>>
> >>>> [2014/12/16 07:48:08.377765,  2]
> >>>> ../source4/dns_server/dns_update.c:399(handle_one_update)
> >>>>
> >>>> [2014/12/16 07:48:08.377821,  1] ../librpc/ndr/ndr.c:296(ndr_
> >>>> print_debug)
> >>>>
> >>>>         discard_const(update): struct dns_res_rec
> >>>>
> >>>>            name                     : 'A3003.ad.ha.net'
> >>>>
> >>>>            rr_type                  : DNS_QTYPE_A (0x1)
> >>>>
> >>>>            rr_class                 : DNS_QCLASS_ANY (0xFF)
> >>>>
> >>>>            ttl                      : 0x00000000 (0)
> >>>>
> >>>>            length                   : 0x0000 (0)
> >>>>
> >>>>            rdata                    : union dns_rdata(case 0x1)
> >>>>
> >>>>            ipv4_record              : (null)
> >>>>
> >>>>            unexpected               : DATA_BLOB length=0
> >>>>
> >>>> [2014/12/16 07:48:08.384693,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:262(continue_socket_connect)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 on port 135 -
> >>>> NT_STATUS_CONNECTION_REFUSED
> >>>>
> >>>> [2014/12/16 07:48:08.385357,  0]
> >>>> ../source4/librpc/rpc/dcerpc_sock.c:425(continue_ip_open_socket)
> >>>>
> >>>>    Failed to connect host 10.2.10.10 (75566c2f-274e-485c-809a-
> >>>> b63fd5a29b11._
> >>>> msdcs.ad.ha.net) on port 135 - NT_STATUS_CONNECTION_REFUSED.
> >>>>
> >>>> [2014/12/16 07:48:08.704073,  3]
> >>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >>>>
> >>>>    Terminating connection - 'ldapsrv_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED'
> >>>>
> >>>> [2014/12/16 07:48:08.704509,  3]
> >>>> ../source4/smbd/process_single.c:114(single_terminate)
> >>>>
> >>>>    single_terminate: reason[ldapsrv_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED]
> >>>>
> >>>> [2014/12/16 07:48:09.211098,  3]
> >>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >>>>
> >>>>    Terminating connection - 'ldapsrv_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED'
> >>>>
> >>>> [2014/12/16 07:48:09.211753,  3]
> >>>> ../source4/smbd/process_single.c:114(single_terminate)
> >>>>
> >>>>    single_terminate: reason[ldapsrv_call_loop:
> >>>> tstream_read_pdu_blob_recv()
> >>>> - NT_STATUS_CONNECTION_DISCONNECTED]
> >>>>
> >>>> [2014/12/16 07:48:09.654492,  3]
> >>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >>>>
> >>>>    Terminating connection - 'dcesrv:
> >NT_STATUS_CONNECTION_DISCONNECTED'
> >>>>
> >>>> [2014/12/16 07:48:09.655160,  3]
> >>>> ../source4/smbd/process_single.c:114(single_terminate)
> >>>>
> >>>>    single_terminate: reason[dcesrv:
> >NT_STATUS_CONNECTION_DISCONNECTED]
> >>>>
> >>>> [2014/12/16 07:48:09.655573,  3]
> >>>> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> >>>>
> >>>>    Terminating connection - 'dcesrv:
> >NT_STATUS_CONNECTION_DISCONNECTED'
> >>>>
> >>>> [2014/12/16 07:48:09.655906,  3]
> >>>> ../source4/smbd/process_single.c:114(single_terminate)
> >>>>
> >>>>    single_terminate: reason[dcesrv:
> >NT_STATUS_CONNECTION_DISCONNECTED]
> >>>>
> >>>> [2014/12/16 07:48:10.979974,  0]
> >>>> ../source4/dsdb/dns/dns_update.c:294(dnsupdate_nameupdate_done)
> >>>>
> >>>>    ../source4/dsdb/dns/dns_update.c:294: Failed DNS update -
> >>>> NT_STATUS_IO_TIMEOUT
> >>>>
> >>>> [2014/12/16 07:48:12.915321,  2]
> >>>> ../source4/dns_server/dns_update.c:398(handle_one_update)
> >>>>
> >>>>    Looking at record:
> >>>>
> >>>> [2014/12/16 07:48:12.915515,  2]
> >>>> ../source4/dns_server/dns_update.c:399(handle_one_update)
> >>>>
> >>>> [2014/12/16 07:48:12.915557,  1] ../librpc/ndr/ndr.c:296(ndr_
> >>>> print_debug)
> >>>>
> >>>>         discard_const(update): struct dns_res_rec
> >>>>
> >>>>            name                     : 'A3003.ad.ha.net'
> >>>>
> >>>>            rr_type                  : DNS_QTYPE_A (0x1)
> >>>>
> >>>>            rr_class                 : DNS_QCLASS_IN (0x1)
> >>>>
> >>>>            ttl                      : 0x000004b0 (1200)
> >>>>
> >>>>            length                   : 0x0004 (4)
> >>>>
> >>>>            rdata                    : union dns_rdata(case 0x1)
> >>>>
> >>>>            ipv4_record              : 10.3.12.100
> >>>>
> >>>>            unexpected               : DATA_BLOB length=0
> >>>>
> >>>>
> >>>>
> >>>> smb.conf
> >>>>
> >>>> # Global parameters
> >>>>
> >>>> [global]
> >>>>
> >>>>          workgroup = AD
> >>>>
> >>>>          realm = AD.HA.NET
> >>>>
> >>>>          netbios name = HAM1
> >>>>
> >>>>          server role = active directory domain controller
> >>>>
> >>>>          dns forwarder = 8.8.8.8
> >>>>
> >>>>          # dns forwarder = 10.1.254.2
> >>>>
> >>>>          idmap_ldb:use rfc2307 = yes
> >>>>
> >>>>          # added 20141215 to quash printer status errors
> >>>>
> >>>>          printing = bsd
> >>>>
> >>>>          printcap name = /dev/null
> >>>>
> >>>>          log level = 3
> >>>>
> >>>>
> >>>>
> >>>> [netlogon]
> >>>>
> >>>>          path = /usr/local/samba/var/locks/sysvol/ad.ha.net/scripts
> >>>>
> >>>>          read only = No
> >>>>
> >>>>
> >>>>
> >>>> [sysvol]
> >>>>
> >>>>          path = /usr/local/samba/var/locks/sysvol el = 3
> >read only = No
> >>>> [netlogon]
> >>>>
> >>>>          path = /usr/local/samba/var/locks/sysvol/ad.ha.net/scripts
> >>>>
> >>>>          read only = No [sysvol]
> >>>>
> >>>>          path = /usr/local/samba/var/locks/sysvol
> >>>>
> >>>>          read only = No
> >>>>
> >>>
> >>>
> >> He has also got [sysvol] twice and just what is 'el =3' ?
> >>
> >> either it is a very bad 'cut & paste' error or he needs to remove the
> >> extra shares.
> >>
> >> Rowland
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> >
> >CJ, can you give us the exact output from "samba-tool testparm
> >--suppress-prompt"? You mentioned you were having dns issues, does
> >"samba-tool dbcheck --cross-ncs" show any errors?
> >
> >I'd also be interested in seeing the output from ps_mem.py ran every 5
> >mins. You can do this by downloading the script, doing crontab -e, and
> >putting in a line like
> >
> >*/5 * * * * date >> /root/memusage.txt && /path/to/ps_mem.py | grep
> >"samba\|mbd" >> /root/memusage.txt && echo -e "\n\n\n" >>
> >/root/memusage.txt
> >
> >You can download ps_mem at
> >https://raw.githubusercontent.com/pixelb/ps_mem/master/ps_mem.py
> >This will give you a file named /root/memusage.txt and it will
> >add lines
> >every 5 mins with the total memory usage of samba.
> >
> >Ricky
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/options/samba
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list