[Samba] Samba AD - Issue with winbindd: Could not write result
Rafael Domiciano
r.domiciano at senff.com.br
Wed Sep 2 12:59:05 UTC 2015
Thanks Rowland for response.
OK, setup the "log level = 10".
I noticed something today. I have to restart the samba server 2 times. In the second restart I did a named restart too. Maybe could be something related to communication to named?
I did the named.conf conforming the wiki, adding these 2 lines:
options {
....
# DNS dynamic updates via kerberos
tkey-gssapi-keytab "/opt/samba/private/dns.keytab";
};
include "/opt/samba/private/named.conf";
----- Mensagem original -----
De: "Rowland Penny" <rowlandpenny241155 at gmail.com>
Para: samba at lists.samba.org
Enviadas: Quarta-feira, 2 de Setembro de 2015 9:49:58
Assunto: Re: [Samba] Samba AD - Issue with winbindd: Could not write result
On 02/09/15 13:34, Rafael Domiciano wrote:
> The same problem ocurred today. The same log in /var/log/messages in
> DC, and I have to stop and start the samba service. Any help is
> appreciate.
>
> Regards,
>
> Rafael
>
>
> ------------------------------------------------------------------------
> *De: *"Rafael Domiciano" <r.domiciano at senff.com.br>
> *Para: *"Rowland Penny" <rowlandpenny241155 at gmail.com>
> *Cc: *samba at lists.samba.org
> *Enviadas: *Terça-feira, 1 de Setembro de 2015 14:07:10
> *Assunto: *Re: [Samba] Samba AD - Issue with winbindd: Could not write
> result
>
>
>
> ------------------------------------------------------------------------
> *De: *"Rowland Penny" <rowlandpenny241155 at gmail.com>
> *Para: *samba at lists.samba.org
> *Enviadas: *Terça-feira, 1 de Setembro de 2015 12:05:20
> *Assunto: *Re: [Samba] Samba AD - Issue with winbindd: Could not write
> result
>
> On 01/09/15 15:33, Rafael Domiciano wrote:
> > Hi Rowland, thanks for your response.
> >
> > Both samba is self compiled.
> >
> > DC 1:
> > [root at wdc samba]# uname -a
> > Linux wdc 2.6.32-504.23.4.el6.x86_64 #1 SMP Tue Jun 9 20:57:37 UTC
> > 2015 x86_64 x86_64 x86_64 GNU/Linux
> >
> > [root at wdc samba]# cat /etc/redhat-release
> > CentOS release 6.6 (Final)
> >
> > [root at wdc samba]# cat /etc/resolv.conf
> > search DOMAIN
> > nameserver 172.16.5.22
> > nameserver 172.16.5.1
> > nameserver 8.8.8.8
> >
> > [root at wdc samba]# samba -V
> > Version 4.2.3
> >
> > [root at wdc samba]# cat /etc/krb5.conf
> > [libdefaults]
> > default_realm = DOMAIN.COM
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> > DC 2:
> > [root at bcd samba]# uname -a
> > Linux bcd.senffnet 2.6.32-504.3.3.el6.x86_64 #1 SMP Wed Dec 17
> > 01:55:02 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> >
> > [root at bcd samba]# cat /etc/redhat-release
> > CentOS release 6.6 (Final)
> >
> > [root at bcd samba]# cat /etc/resolv.conf
> > search DOMAIN
> > nameserver 172.16.5.1
> > nameserver 172.16.5.22
> > nameserver 8.8.8.8
> >
> > [root at bcd samba]# samba -V
> > Version 4.2.3
> >
> > [root at bcd samba]# cat /etc/krb5.conf
> > [libdefaults]
> > default_realm = DOMAIN.COM
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> >
> > About the winbindd I got some perfomance with the following lines, and
> > I could reproduce this in my tests, so in some manner they get
> > processed at some time:
> > > winbind use default domain = yes
> > > winbind nested groups = false
> > > winbind enum users = no
> > > winbind enum groups = no
> >
> > Rafael
> >
> > ------------------------------------------------------------------------
> >
>
> Hmm, again there doesn't seem to be anything really wrong, only
> possibility is the resolv.conf files, I take it that 'search DOMAIN' is
> really 'search domain.com' i.e. DOMAIN is the dns domain name. I also
> take it that the two '172.16.5.x' numbers are the ipaddress of the two
> DCs and each DC points to the other DC first, you do not actually don't
> need the google line, this should be set as a forwarder in named.conf.
>
> Ok, I've changed the configuration, now named is forwarding, and the
> "nameserver 8.8.8.8" isn't anymore on resolv.conf.
>
> The only thing I can think is that you missed installing a package
> before compiling Samba, is this in production ? could you change to the
> Sernet packages ?
>
> Yes, it's in production. As I said before this setup is running for 1
> month right now, and the only problem is this:
>
> Sep 1 09:04:30 wdc winbindd[18757]: [2015/09/01 09:04:30.040198, 0]
> ../source3/winbindd/winbindd_dual.c:105(child_write_response)
> Sep 1 09:04:30 wdc winbindd[18757]: Could not write result
>
> That repeat as so many times that "winbind max clients = 800"
> configured.And then changed to: Sep 1 09:08:07 wdc winbindd[3068]:
> [2015/09/01 09:08:07.980952, 0]
> ../source3/winbindd/winbindd.c:1116(winbindd_listen_fde_handler) Sep 1
> 09:08:07 wdc winbindd[3068]: winbindd: Exceeding 800 client
> connections, no idle connection found That repeats so long the samba
> is up, I needed to stop and start the samba service.
> Seems that when the first error occurs samba server mantains the
> client connection, but the client (e.g.: thunderbird, postgresql,
> Zimbra Desktop, openfire...) request a new connection to AD. Just
> making assumptions.
>
>
> Is selinux involved here? have you checked the logs, same goes for any
> firewall you might have installed.
>
> No Selinux (enforce = disabled). I think the firewall is not the
> problem, as it's working: Roaming profiles, Windows ACLs, GPO (Users
> and computers), LDAP, and so on.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
OK, I personally cannot see anything wrong with your setup, perhaps
someone else can see if I missed anything ?
In the mean time, can you set the loglevel to 10 and see if this brings
out anything in the logs.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list