[Samba] Lots of NMBD zombie processes
Rowland Penny
rowlandpenny at googlemail.com
Thu Jul 24 09:04:58 MDT 2014
On 24/07/14 15:56, George Itee wrote:
> Thank you for the explanations Rowland. If the member server is
> showing id's like 1xxx is it alright? for example:
>
> getent passwd george
> george:*:1604:1012::/home/SAMDOM/george:/bin/false
If your RFC2307 uidNumber's & gidNumber's start at 1000 and you are
using the ad backend then yes, but without seeing the smb.conf you are
now using on the member server, I cannot be certain.
Rowland
>
> I have to mention that I installed Samba 4.1.8 on the member server
> and I no longer have any nmbd zombie processes. I don't want to jump
> to any conclusions that something is wrong with NMBD on 4.1.9, but
> that was the case for me at least :)
>
> Thanks,
>
> George
>
>
>
> On Sun, Jul 20, 2014 at 6:40 PM, Rowland Penny
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
> On 20/07/14 15:43, George Itee wrote:
>
> Hi Rowland,
>
> This is the first time I am setting up a member server and
> since the version with the AD backend from samba wiki does not
> work,
>
>
> It does work, in fact it is working on the laptop I am typing this
> on! You need to add the RFC2307 attributes to AD to make it work.
>
> I've found other sources, thus the mistake in my smb.conf file
> (and a lack of better understanding of the whole process!). I
> have chosen RID because getent works, showing me the groups
> and users properly. The AD backend only worked with wbinfo,
> not getent.
>
>
> This is because you probably do not have any uidNumber's or
> gidNumber's in AD or they are outside the range you have set in AD.
>
>
> Anyway, I have made some modifications to the smb.conf, now it
> does not list the local users anymore:
>
> * idmap config *:backend = tdb
> * idmap config *:range = 70001-80000
> * idmap config BUH:backend = rid
> * idmap config BUH:schema_mode = rfc2307
> * idmap config BUH:range = 500-40000
>
> The 'schema_mode' line is only used with the 'ad' backend.
>
> I have removed base_rid, not sure if it's the right thing to
> do at the moment.
>
>
> The 'base-rid' line is depreciated, see 'man smb.conf' and 'man
> idmap_rid'
>
> But still not sure what to do about nmbd, it's still
> "spawning" zombies, like 5 processes in one hour and a half.
> Any other ideas? I have left a log level 5 in smb.conf,
> perhaps I can catch something in the logs
>
> George
>
>
>
> have you tried removing the 'full_audit' lines from smb.conf ? if
> you run 'man vfs_full_audit' you will find this at the bottom:
>
> This man page is correct for version 3.0.25 of the Samba suite
>
> So will vfs_full_audit still work with samba4 ??
>
> Rowland
>
> On Sun, Jul 20, 2014 at 11:46 AM, Rowland Penny
> <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>
> <mailto:rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>>> wrote:
>
> On 20/07/14 09:16, George Itee wrote:
>
> Hello,
>
> I am running a Samba 4 DC, recently upgraded to the latest
> version and I
> have just installed a member server to run as a File
> Server
> (Samba 4.1.9).
>
> While it seems to be working properly, we are getting
> a lot of
> zombie nmbd
> processes on the member server, running the command *pidof
> nmbd* results in:
>
> *[root at BHFS01 etc]# pidof nmbd*
> *12861 12644 12404 12236 12071 11885 11720 11553 11388
> 11201
> 11036 10869
> 10704 10518 10353 10186 10020 9834 9669 9502 9337 9151
> 8985
> 8818 8653 8467
> 8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380
> 6189
> 6024 5857 5692
> 5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691
> 3526
> 3339 3174 3006
> 2841 2655 2429 2149 1855 1505*
>
> Restarting the nmbd service fixes the problem, but the
> above
> processes are
> what we get in a single day. I do not want to restart the
> service each
> night to fix this, but I am not sure where the problem
> is either.
>
> My SMB.conf is the following:
>
> *[global]*
>
> * netbios name = BHFS01*
> * workgroup = BUH*
> * security = ADS*
> * realm = SAMDOM*
> * encrypt passwords = yes*
> * vfs objects = acl_xattr full_audit*
> * map acl inherit = yes*
> * store dos attributes = yes*
> * #log level = 3*
>
> * idmap config *:backend = tdb*
> * idmap config *:range = 10001-20000*
> * idmap config BUH:backend = rid*
> * idmap config BUH:schema_mode = rfc2307*
> * idmap config BUH:range = 10000-20000*
> * idmap config BUH:base_rid = 0*
>
>
> Well you could start by sorting out the idmap ranges, they are
> both virtually the same and shouldn't be, they must not
> overlap.
>
> Oh and change the base rid, as you have it, it will drag
> in all
> the local users.
>
> Rowland
>
>
> * winbind nss info = rfc2307*
> * winbind trusted domains only = no*
> * winbind use default domain = yes*
> * winbind enum users = yes*
> * winbind enum groups = yes*
> *...*
> * full_audit:prefix = %u|%I|%S*
> * full_audit:success = mkdir rename unlink rmdir pwrite*
> * full_audit:failure = none*
> * full_audit:facility = local7*
> * full_audit:priority = NOTICE*
>
> *[Data]*
> * path = /DataStorage/Data*
> * read only = no*
>
> Like previously stated, I do not know where to further
> look to
> help
> diagnose this problem. Any pointers are more than
> welcome :)
>
> Thank you!
>
> George
>
>
> -- To unsubscribe from this list go to the following
> URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list