[Samba] Lots of NMBD zombie processes
George Itee
george.itee at gmail.com
Thu Jul 24 08:56:00 MDT 2014
Thank you for the explanations Rowland. If the member server is showing
id's like 1xxx is it alright? for example:
getent passwd george
george:*:1604:1012::/home/SAMDOM/george:/bin/false
I have to mention that I installed Samba 4.1.8 on the member server and I
no longer have any nmbd zombie processes. I don't want to jump to any
conclusions that something is wrong with NMBD on 4.1.9, but that was the
case for me at least :)
Thanks,
George
On Sun, Jul 20, 2014 at 6:40 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:
> On 20/07/14 15:43, George Itee wrote:
>
>> Hi Rowland,
>>
>> This is the first time I am setting up a member server and since the
>> version with the AD backend from samba wiki does not work,
>>
>
> It does work, in fact it is working on the laptop I am typing this on! You
> need to add the RFC2307 attributes to AD to make it work.
>
> I've found other sources, thus the mistake in my smb.conf file (and a
>> lack of better understanding of the whole process!). I have chosen RID
>> because getent works, showing me the groups and users properly. The AD
>> backend only worked with wbinfo, not getent.
>>
>
> This is because you probably do not have any uidNumber's or gidNumber's in
> AD or they are outside the range you have set in AD.
>
>
>> Anyway, I have made some modifications to the smb.conf, now it does not
>> list the local users anymore:
>>
>> * idmap config *:backend = tdb
>> * idmap config *:range = 70001-80000
>> * idmap config BUH:backend = rid
>> * idmap config BUH:schema_mode = rfc2307
>> * idmap config BUH:range = 500-40000
>>
>> The 'schema_mode' line is only used with the 'ad' backend.
>
> I have removed base_rid, not sure if it's the right thing to do at the
>> moment.
>>
>
> The 'base-rid' line is depreciated, see 'man smb.conf' and 'man idmap_rid'
>
> But still not sure what to do about nmbd, it's still "spawning" zombies,
>> like 5 processes in one hour and a half. Any other ideas? I have left a log
>> level 5 in smb.conf, perhaps I can catch something in the logs
>>
>> George
>>
>>
>>
> have you tried removing the 'full_audit' lines from smb.conf ? if you run
> 'man vfs_full_audit' you will find this at the bottom:
>
> This man page is correct for version 3.0.25 of the Samba suite
>
> So will vfs_full_audit still work with samba4 ??
>
> Rowland
>
> On Sun, Jul 20, 2014 at 11:46 AM, Rowland Penny <
>> rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>> On 20/07/14 09:16, George Itee wrote:
>>
>> Hello,
>>
>> I am running a Samba 4 DC, recently upgraded to the latest
>> version and I
>> have just installed a member server to run as a File Server
>> (Samba 4.1.9).
>>
>> While it seems to be working properly, we are getting a lot of
>> zombie nmbd
>> processes on the member server, running the command *pidof
>> nmbd* results in:
>>
>> *[root at BHFS01 etc]# pidof nmbd*
>> *12861 12644 12404 12236 12071 11885 11720 11553 11388 11201
>> 11036 10869
>> 10704 10518 10353 10186 10020 9834 9669 9502 9337 9151 8985
>> 8818 8653 8467
>> 8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380 6189
>> 6024 5857 5692
>> 5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691 3526
>> 3339 3174 3006
>> 2841 2655 2429 2149 1855 1505*
>>
>> Restarting the nmbd service fixes the problem, but the above
>> processes are
>> what we get in a single day. I do not want to restart the
>> service each
>> night to fix this, but I am not sure where the problem is either.
>>
>> My SMB.conf is the following:
>>
>> *[global]*
>>
>> * netbios name = BHFS01*
>> * workgroup = BUH*
>> * security = ADS*
>> * realm = SAMDOM*
>> * encrypt passwords = yes*
>> * vfs objects = acl_xattr full_audit*
>> * map acl inherit = yes*
>> * store dos attributes = yes*
>> * #log level = 3*
>>
>> * idmap config *:backend = tdb*
>> * idmap config *:range = 10001-20000*
>> * idmap config BUH:backend = rid*
>> * idmap config BUH:schema_mode = rfc2307*
>> * idmap config BUH:range = 10000-20000*
>> * idmap config BUH:base_rid = 0*
>>
>>
>> Well you could start by sorting out the idmap ranges, they are
>> both virtually the same and shouldn't be, they must not overlap.
>>
>> Oh and change the base rid, as you have it, it will drag in all
>> the local users.
>>
>> Rowland
>>
>>
>> * winbind nss info = rfc2307*
>> * winbind trusted domains only = no*
>> * winbind use default domain = yes*
>> * winbind enum users = yes*
>> * winbind enum groups = yes*
>> *...*
>> * full_audit:prefix = %u|%I|%S*
>> * full_audit:success = mkdir rename unlink rmdir pwrite*
>> * full_audit:failure = none*
>> * full_audit:facility = local7*
>> * full_audit:priority = NOTICE*
>>
>> *[Data]*
>> * path = /DataStorage/Data*
>> * read only = no*
>>
>> Like previously stated, I do not know where to further look to
>> help
>> diagnose this problem. Any pointers are more than welcome :)
>>
>> Thank you!
>>
>> George
>>
>>
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list