[Samba] Lots of NMBD zombie processes

George Itee george.itee at gmail.com
Thu Jul 24 08:56:00 MDT 2014


Thank you for the explanations Rowland. If the member server is showing
id's like 1xxx is it alright? for example:

getent passwd george
george:*:1604:1012::/home/SAMDOM/george:/bin/false

I have to mention that I installed Samba 4.1.8 on the member server and I
no longer have any nmbd zombie processes. I don't want to jump to any
conclusions that something is wrong with NMBD on 4.1.9, but that was the
case for me at least :)

Thanks,

George



On Sun, Jul 20, 2014 at 6:40 PM, Rowland Penny <rowlandpenny at googlemail.com>
wrote:

> On 20/07/14 15:43, George Itee wrote:
>
>> Hi Rowland,
>>
>> This is the first time I am setting up a member server and since the
>> version with the AD backend from samba wiki does not work,
>>
>
> It does work, in fact it is working on the laptop I am typing this on! You
> need to add the RFC2307 attributes to AD to make it work.
>
>  I've found other sources, thus the mistake in my smb.conf file (and a
>> lack of better understanding of the whole process!). I have chosen RID
>> because getent works, showing me the groups and users properly. The AD
>> backend only worked with wbinfo, not getent.
>>
>
> This is because you probably do not have any uidNumber's or gidNumber's in
> AD or they are outside the range you have set in AD.
>
>
>> Anyway, I have made some modifications to the smb.conf, now it does not
>> list the local users anymore:
>>
>> *   idmap config *:backend = tdb
>> * idmap config *:range = 70001-80000
>> * idmap config BUH:backend = rid
>> * idmap config BUH:schema_mode = rfc2307
>> * idmap config BUH:range = 500-40000
>>
>>  The 'schema_mode' line is only used with the 'ad' backend.
>
>  I have removed base_rid, not sure if it's the right thing to do at the
>> moment.
>>
>
> The 'base-rid' line is depreciated, see 'man smb.conf' and 'man idmap_rid'
>
>  But still not sure what to do about nmbd, it's still "spawning" zombies,
>> like 5 processes in one hour and a half. Any other ideas? I have left a log
>> level 5 in smb.conf, perhaps I can catch something in the logs
>>
>> George
>>
>>
>>
> have you tried removing the 'full_audit' lines from smb.conf ? if you run
> 'man vfs_full_audit' you will find this at the bottom:
>
> This man page is correct for version 3.0.25 of the Samba suite
>
> So will vfs_full_audit still work with samba4 ??
>
> Rowland
>
>  On Sun, Jul 20, 2014 at 11:46 AM, Rowland Penny <
>> rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>>     On 20/07/14 09:16, George Itee wrote:
>>
>>         Hello,
>>
>>         I am running a Samba 4 DC, recently upgraded to the latest
>>         version and I
>>         have just installed a member server to run as a File Server
>>         (Samba 4.1.9).
>>
>>         While it seems to be working properly, we are getting a lot of
>>         zombie nmbd
>>         processes on the member server, running the command *pidof
>>         nmbd* results in:
>>
>>         *[root at BHFS01 etc]# pidof nmbd*
>>         *12861 12644 12404 12236 12071 11885 11720 11553 11388 11201
>>         11036 10869
>>         10704 10518 10353 10186 10020 9834 9669 9502 9337 9151 8985
>>         8818 8653 8467
>>         8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380 6189
>>         6024 5857 5692
>>         5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691 3526
>>         3339 3174 3006
>>         2841 2655 2429 2149 1855 1505*
>>
>>         Restarting the nmbd service fixes the problem, but the above
>>         processes are
>>         what we get in a single day. I do not want to restart the
>>         service each
>>         night to fix this, but I am not sure where the problem is either.
>>
>>         My SMB.conf is the following:
>>
>>         *[global]*
>>
>>         *   netbios name = BHFS01*
>>         *   workgroup = BUH*
>>         *   security = ADS*
>>         *   realm = SAMDOM*
>>         *   encrypt passwords = yes*
>>         *   vfs objects = acl_xattr full_audit*
>>         *   map acl inherit = yes*
>>         *   store dos attributes = yes*
>>         *   #log level = 3*
>>
>>         *   idmap config *:backend = tdb*
>>         *   idmap config *:range = 10001-20000*
>>         *   idmap config BUH:backend = rid*
>>         *   idmap config BUH:schema_mode = rfc2307*
>>         *   idmap config BUH:range = 10000-20000*
>>         *   idmap config BUH:base_rid = 0*
>>
>>
>>     Well you could start by sorting out the idmap ranges, they are
>>     both virtually the same and shouldn't be, they must not overlap.
>>
>>     Oh and change the base rid, as you have it, it will drag in all
>>     the local users.
>>
>>     Rowland
>>
>>
>>         *   winbind nss info = rfc2307*
>>         *   winbind trusted domains only = no*
>>         *   winbind use default domain = yes*
>>         *   winbind enum users  = yes*
>>         *   winbind enum groups = yes*
>>         *...*
>>         *   full_audit:prefix = %u|%I|%S*
>>         *   full_audit:success = mkdir rename unlink rmdir pwrite*
>>         *   full_audit:failure = none*
>>         *   full_audit:facility = local7*
>>         *   full_audit:priority = NOTICE*
>>
>>         *[Data]*
>>         *   path = /DataStorage/Data*
>>         *   read only = no*
>>
>>         Like previously stated, I do not know where to further look to
>>         help
>>         diagnose this problem. Any pointers are more than welcome :)
>>
>>         Thank you!
>>
>>         George
>>
>>
>>     --     To unsubscribe from this list go to the following URL and read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list