[Samba] Samba AD - Issue with winbindd: Could not write result

Rafael Domiciano r.domiciano at senff.com.br
Tue Sep 1 13:49:59 UTC 2015 

I've implemented AD samba in our structure almost one month, after almost two months of tests. Everything is working, including GPO, although we are still adapting to the new way of working, after all AD domains is quite different from NT domains. 

But I have experienced strange problems with the winbindd, which has happened at least 3 times. 

Suddenly users can no longer authenticate, and services that depend on AD for account validation begin to fail. The solution is to stop the samba and start again. 

Follow the logs that could identify: 

* /var/log/messages 
Sep 1 09:07:52 ### winbindd [19488]: [01/09/2015 09: 07: 52.255050, 0] ../source3/winbindd/winbindd_dual.c:105(child_write_response) 
Sep 1 09:07:52 ### winbindd [19488]: Could not write result 

And after several such errors, logging changes to: 
Sep 1 09:07:53 winbindd ### [3068]: [01/09/2015 09: 07: 53.556980, 0] ../source3/winbindd/winbindd.c:1116(winbindd_listen_fde_handler) 
Sep 1 09:07:53 winbindd ### [3068]: winbindd: Exceeding 800 client connections, the idle connection found 

In the samba logs (/opt/samba/var) there is no log. 

The following configuration of smb.conf: 
# Global parameters 
[global] 
workgroup = DOMAIN 
realm = DOMAIN.COM 
netbios name = SERVER 
server role = active directory domain controller 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate 
idmap_ldb:use rfc2307 = yes 

# -------------------------------------------- 
# LOG 
# %U = Usuario %m = machine 
log file = /opt/samba/var/machine/%U_%m 
# 15 Mb 
max log size = 15360 
log level = 2 

# -------------------------------------------- 
deadtime = 5 

# -------------------------------------------- 
# WINBIND 
winbind use default domain = yes 
template homedir = /home/%U 
template shell=/bin/bash 

winbind max clients = 1200 
winbind nested groups = false 
winbind enum users = no 
winbind enum groups = no 

# -------------------------------------------- 
# Linguagens 
# cp850 -> Compatibilidade com Acentos (ISO8859-1 - Western European Unix) 
#display charset = ISO8859-1 
unix charset = cp850 
dos charset = cp850 

We have a PDC and a BDC configured, both with named as backend. 

Just for records, right now I have only 226 connections open to samba: 
[root@### var]# ps axf | grep "\_ /opt/samba/sbin/smbd" | wc -l 
226 

Any help is appreciate. 

Regards, 

Rafael Domiciano

More information about the samba mailing list