[Samba] authentication problems sernet-samba
Lulzim KELMENI
lkelmeni at mairie-saint-ouen.fr
Tue Oct 6 16:32:23 UTC 2015
Hello Rowland,
We finaly found where is the problem :
1) We
first grep the output of log file
tail -f /var/log/samba/log.samba |
egrep "stream.c|single.c|imess"
[2015/10/06 16:43:23.605135, 3,
pid=13229, effective(0, 0), real(0, 0)]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'imessaging_init() failed'
[2015/10/06
16:43:23.605178, 3, pid=13229, effective(0, 0), real(0, 0)]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[imessaging_init() failed]
2) We strace the
process 13229 :
strace -p 13229 -ff &> strace.log
grep Too
strace.log
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
socket(PF_LOCAL, SOCK_DGRAM, 0) = -1 EMFILE (Too many open
files)
3) We check with lsof
lsof -p 13229
...
samba 13229 root 30u
IPv4 12649 0t0 TCP server.dctest.local:domain->192.168.108.122:59967
(ESTABLISHED)
samba 13229 root 31u unix 0xffff880135589500 0t0 12650
/var/lib/samba/private/smbd.tmp/msg/msg.13229.30
samba 13229 root 32u
IPv4 19823 0t0 TCP server.dctest.local:domain->172.16.127.55:62800
(ESTABLISHED)
samba 13229 root 33u unix 0xffff8800aa0f4000 0t0 19824
/var/lib/samba/private/smbd.tmp/msg/msg.13229.32
samba 13229 root 34u
IPv4 22149 0t0 TCP server.dctest.local:domain->172.16.127.55:59127
(ESTABLISHED)
samba 13229 root 35u unix 0xffff8800a3903800 0t0 22150
/var/lib/samba/private/smbd.tmp/msg/msg.13229.34
samba 13229 root 36u
IPv4 26005 0t0 TCP server.dctest.local:domain->192.168.108.64:52558
(ESTABLISHED)
samba 13229 root 37u unix 0xffff8800a4fc2a00 0t0 26006
/var/lib/samba/private/smbd.tmp/msg/msg.13229.36
samba 13229 root 38u
IPv4 27035 0t0 TCP server.dctest.local:domain->192.168.106.88:53496
(ESTABLISHED)
samba 13229 root 39u unix 0xffff8800a4384380 0t0 27036
/var/lib/samba/private/smbd.tmp/msg/msg.13229.38
samba 13229 root 40u
IPv4 28329 0t0 TCP server.dctest.local:domain->192.168.108.66:50622
(ESTABLISHED)
samba 13229 root 41u unix 0xffff8800a0736680 0t0 28330
/var/lib/samba/private/smbd.tmp/msg/msg.13229.40
samba 13229 root 42u
IPv4 29272 0t0 TCP server.dctest.local:domain->192.168.108.74:55290
(ESTABLISHED)
samba 13229 root 43u unix 0xffff8800a19cf480 0t0 29273
/var/lib/samba/private/smbd.tmp/msg/msg.13229.42
samba 13229 root 44u
IPv4 31032 0t0 TCP server.dctest.local:domain->192.168.108.71:64866
(ESTABLISHED)
...
4) We have check the number of files in this
directory
ls -l /var/lib/samba/private/smbd.tmp/msg/ |wc -l
1240
5) We check the ulimit :
ulimit -n
1024
6) We have allready
modified the ulimit file in /etc/security.limits.conf in the past by
adding "* - nofile 16384" but we found that wildcard is not recognized
(at least in ubuntu 14.04.3 LTS) so we modified it again to correct
that.
I have search and found nothing about that in the samba wiki. I
know that a "testparm" complain with this warning "rlimit_max:
increasing rlimit_max (1024) to minimum Windows limit (16384)" and i
know there is plenty of thread concerning ulimit in internet, but i
think it would not be a bad idee to talk about ulimit in the wiki. Maybe
here
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controlle
[1]
Have a nice day...as you used to ;-)
KELMENI Lulzim
Direction
des Systèmes d'Information
Service Systèmes, Réseaux, Bases de
données
Mairie de Saint-Ouen
Le 02/10/2015 17:00, Lulzim KELMENI a
écrit :
> Hello Rowland,
>
> I think avahi-daemon is not installed
as standard
> in ubuntu 14.04.3 LTS
>
> Here is in our server :
>
>
ROOT at SERVER:~# DPKG -L
> |GREP AVAHI
> II LIBAVAHI-CLIENT3:AMD64
>
0.6.31-4UBUNTU1 AMD64 AVAHI CLIENT LIBRARY
> II
>
LIBAVAHI-COMMON-DATA:AMD64 0.6.31-4UBUNTU1
> AMD64 AVAHI COMMON DATA
FILES
> II
> LIBAVAHI-COMMON3:AMD64 0.6.31-4UBUNTU1
> AMD64 AVAHI
COMMON LIBRARY
>
> root at server:~# ps aux |grep -i
> avah
> root 9696
0.0 0.0 11740 948 pts/0 R+ 16:40 0:00 grep --color=auto
> -i avah
>
>
avahi-deamon have been installed as a dependancy of cups in our
> print
server (which is not the same as domain controller). But we
> removed it
because of strange behaviour.
>
>> Have you looked in the
>
> event
logs of a PC when it cannot authenticate?
>
> Yes, we can see this id
>
event in multiple clients :
>
> 1)id event 40960 : System have
detected
> authentication problem for server
>
ldap/server.dctest.local/dctest.local at DCTEST.LOCALKerberos "No
>
authority could be contacted for authentication. (0x80090311)"
>
>
this
> event occurs many times
>
> 2) id event 1129 related to GPO that
are not
> applied ; as a consequances of authentication problem
>
> As
soon as i
> restart samba, computers and users cans authenticates
against the
> domain.
>
> cheers,
>
> KELMENI Lulzim
> Direction des
Systèmes
> d'Information
> Service Systèmes, Réseaux, Bases de données
>
Mairie de
> Saint-Ouen
>
> Le 02/10/2015 16:06, Rowland Penny a écrit
:
>
>> On 02/10/15
>
> 14:34, Lulzim KELMENI wrote:
> especially if
you are
>
> planning to grow the domain), if this is the case,
> Have
you looked in the event logs of a PC when
>
> it cannot authenticate?>
h:100%">Rowland
>> Links: ------ [1]
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
Links:
------
[1]
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
More information about the samba
mailing list