[Samba] Samba AD - Issue with winbindd: Could not write result

Tue Sep 1 14:20:33 UTC 2015

On 01/09/15 14:49, Rafael Domiciano wrote:
> I've implemented AD samba in our structure almost one month, after almost two months of tests. Everything is working, including GPO, although we are still adapting to the new way of working, after all AD domains is quite different from NT domains.
>
> But I have experienced strange problems with the winbindd, which has happened at least 3 times.
>
> Suddenly users can no longer authenticate, and services that depend on AD for account validation begin to fail. The solution is to stop the samba and start again.
>
> Follow the logs that could identify:
>
> * /var/log/messages
> Sep 1 09:07:52 ### winbindd [19488]: [01/09/2015 09: 07: 52.255050, 0] ../source3/winbindd/winbindd_dual.c:105(child_write_response)
> Sep 1 09:07:52 ### winbindd [19488]: Could not write result
>
> And after several such errors, logging changes to:
> Sep 1 09:07:53 winbindd ### [3068]: [01/09/2015 09: 07: 53.556980, 0] ../source3/winbindd/winbindd.c:1116(winbindd_listen_fde_handler)
> Sep 1 09:07:53 winbindd ### [3068]: winbindd: Exceeding 800 client connections, the idle connection found
>
> In the samba logs (/opt/samba/var) there is no log.
>
> The following configuration of smb.conf:
> # Global parameters
> [global]
> workgroup = DOMAIN
> realm = DOMAIN.COM
> netbios name = SERVER
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
>
> # --------------------------------------------
> # LOG
> # %U = Usuario %m = machine
> log file = /opt/samba/var/machine/%U_%m
> # 15 Mb
> max log size = 15360
> log level = 2
>
> # --------------------------------------------
> deadtime = 5
>
> # --------------------------------------------
> # WINBIND
> winbind use default domain = yes
> template homedir = /home/%U
> template shell=/bin/bash
>
> winbind max clients = 1200
> winbind nested groups = false
> winbind enum users = no
> winbind enum groups = no
>
> # --------------------------------------------
> # Linguagens
> # cp850 -> Compatibilidade com Acentos (ISO8859-1 - Western European Unix)
> #display charset = ISO8859-1
> unix charset = cp850
> dos charset = cp850

Hi, if you use samba4 as an AD DC all the lines you added that start 
with 'winbind' will be ignored.
>
> We have a PDC and a BDC configured, both with named as backend.

No you don't, you have two DCs, all DCs are equal apart from the FSMO roles.

>
> Just for records, right now I have only 226 connections open to samba:
> [root@### var]# ps axf | grep "\_ /opt/samba/sbin/smbd" | wc -l
> 226
>
> Any help is appreciate.

There doesn't seem to be anything really wrong, so can you post a bit 
more info, what OS, what version of samba, where did it come from, self 
compiled, OS packages or Sernet packages. Can you also post krb5.conf 
and resolv.conf from both DCs

Rowland
> Regards,
>
> Rafael Domiciano