[Samba] Lots of NMBD zombie processes

Rowland Penny rowlandpenny at googlemail.com
Sun Jul 20 09:40:46 MDT 2014 

On 20/07/14 15:43, George Itee wrote:
> Hi Rowland,
>
> This is the first time I am setting up a member server and since the 
> version with the AD backend from samba wiki does not work,

It does work, in fact it is working on the laptop I am typing this on! 
You need to add the RFC2307 attributes to AD to make it work.

> I've found other sources, thus the mistake in my smb.conf file (and a 
> lack of better understanding of the whole process!). I have chosen RID 
> because getent works, showing me the groups and users properly. The AD 
> backend only worked with wbinfo, not getent.

This is because you probably do not have any uidNumber's or gidNumber's 
in AD or they are outside the range you have set in AD.

>
> Anyway, I have made some modifications to the smb.conf, now it does 
> not list the local users anymore:
>
> *   idmap config *:backend = tdb
> * idmap config *:range = 70001-80000
> * idmap config BUH:backend = rid
> * idmap config BUH:schema_mode = rfc2307
> * idmap config BUH:range = 500-40000
>
The 'schema_mode' line is only used with the 'ad' backend.

> I have removed base_rid, not sure if it's the right thing to do at the 
> moment.

The 'base-rid' line is depreciated, see 'man smb.conf' and 'man idmap_rid'

> But still not sure what to do about nmbd, it's still "spawning" 
> zombies, like 5 processes in one hour and a half. Any other ideas? I 
> have left a log level 5 in smb.conf, perhaps I can catch something in 
> the logs
>
> George
>
>

have you tried removing the 'full_audit' lines from smb.conf ? if you 
run 'man vfs_full_audit' you will find this at the bottom:

This man page is correct for version 3.0.25 of the Samba suite

So will vfs_full_audit still work with samba4 ??

Rowland

> On Sun, Jul 20, 2014 at 11:46 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 20/07/14 09:16, George Itee wrote:
>
>         Hello,
>
>         I am running a Samba 4 DC, recently upgraded to the latest
>         version and I
>         have just installed a member server to run as a File Server
>         (Samba 4.1.9).
>
>         While it seems to be working properly, we are getting a lot of
>         zombie nmbd
>         processes on the member server, running the command *pidof
>         nmbd* results in:
>
>         *[root at BHFS01 etc]# pidof nmbd*
>         *12861 12644 12404 12236 12071 11885 11720 11553 11388 11201
>         11036 10869
>         10704 10518 10353 10186 10020 9834 9669 9502 9337 9151 8985
>         8818 8653 8467
>         8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380 6189
>         6024 5857 5692
>         5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691 3526
>         3339 3174 3006
>         2841 2655 2429 2149 1855 1505*
>
>         Restarting the nmbd service fixes the problem, but the above
>         processes are
>         what we get in a single day. I do not want to restart the
>         service each
>         night to fix this, but I am not sure where the problem is either.
>
>         My SMB.conf is the following:
>
>         *[global]*
>
>         *   netbios name = BHFS01*
>         *   workgroup = BUH*
>         *   security = ADS*
>         *   realm = SAMDOM*
>         *   encrypt passwords = yes*
>         *   vfs objects = acl_xattr full_audit*
>         *   map acl inherit = yes*
>         *   store dos attributes = yes*
>         *   #log level = 3*
>
>         *   idmap config *:backend = tdb*
>         *   idmap config *:range = 10001-20000*
>         *   idmap config BUH:backend = rid*
>         *   idmap config BUH:schema_mode = rfc2307*
>         *   idmap config BUH:range = 10000-20000*
>         *   idmap config BUH:base_rid = 0*
>
>
>     Well you could start by sorting out the idmap ranges, they are
>     both virtually the same and shouldn't be, they must not overlap.
>
>     Oh and change the base rid, as you have it, it will drag in all
>     the local users.
>
>     Rowland
>
>
>         *   winbind nss info = rfc2307*
>         *   winbind trusted domains only = no*
>         *   winbind use default domain = yes*
>         *   winbind enum users  = yes*
>         *   winbind enum groups = yes*
>         *...*
>         *   full_audit:prefix = %u|%I|%S*
>         *   full_audit:success = mkdir rename unlink rmdir pwrite*
>         *   full_audit:failure = none*
>         *   full_audit:facility = local7*
>         *   full_audit:priority = NOTICE*
>
>         *[Data]*
>         *   path = /DataStorage/Data*
>         *   read only = no*
>
>         Like previously stated, I do not know where to further look to
>         help
>         diagnose this problem. Any pointers are more than welcome :)
>
>         Thank you!
>
>         George
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list