[Samba] Samba AD - Issue with winbindd: Could not write result
Rafael Domiciano
r.domiciano at senff.com.br
Thu Sep 10 12:21:37 UTC 2015
It's in production already, for more than 1 month, and the problem began
after almost 20 days of deploy, no modification to config files was made
and no recent updates on system.
[administrator at wdc logs]# uname -a
Linux wdc 2.6.32-504.23.4.el6.x86_64 #1 SMP Tue Jun 9 20:57:37 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux
[administrator at wdc logs]# cat /etc/redhat-release
CentOS release 6.6 (Final)
Em 10/09/2015 05:18, L.P.H. van Belle escreveu:
> There is something really wrong in your setup, which is cant see.
>
> So many things can be wrong here..
>
>
>
> If this is not in production yet, i think your faster with a new install.
>
> And if you doing a new install, i suggest you use the sernet packages,
>
> What was the os your using?
>
>
>
> Greetz,
>
>
>
> Louis
>
>
>
>
>
>
>
>
> Van: Rafael Domiciano [mailto:r.domiciano at senff.com.br]
> Verzonden: woensdag 9 september 2015 17:57
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba AD - Issue with winbindd: Could not write result
>
>
>
>
> It's still keep happening. Now I found some more logs, following.
>
> [2015/09/09 11:53:05.745466, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[16816:GETPWUID] to client: Pipe quebrado
> [2015/09/09 11:53:07.517217, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[17005:GETPWUID] to client: Pipe quebrado
> [2015/09/09 11:53:26.885318, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[23855:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:53:28.859946, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[23530:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:53:40.676647, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[1354:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:53:41.340656, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[23901:GETPWNAM] to client: Pipe quebrado
>
> [...]
>
> [2015/09/09 11:55:09.471205, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[24131:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:55:11.320456, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[23999:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:55:13.024012, 2] ../source3/winbindd/winbindd.c:845(winbind_client_response_written)
> Could not write response[1354:GETPWNAM] to client: Pipe quebrado
> [2015/09/09 11:55:17.598809, 2] ../source3/winbindd/winbindd.c:1007(remove_client)
> final write to client failed: Pipe quebrado
> [2015/09/09 11:55:17.598908, 2] ../source3/winbindd/winbindd.c:1007(remove_client)
> final write to client failed: Pipe quebrado
> [2015/09/09 11:55:17.598945, 2] ../source3/winbindd/winbindd.c:1007(remove_client)
> final write to client failed: Pipe quebrado
>
> [2015/09/09 11:54:28.888393, 2] ../source3/winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
> name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
> [2015/09/09 11:55:17.920302, 0] ../source3/winbindd/winbindd_dual.c:105(child_write_response)
> Could not write result
> [2015/09/09 11:55:44.273903, 2] ../source3/winbindd/winbindd_rpc.c:320(rpc_name_to_sid)
> name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
> [2015/09/09 11:55:52.735902, 0] ../source3/winbindd/winbindd_dual.c:105(child_write_response)
> Could not write result
> [2015/09/09 11:56:03.060477, 0] ../source3/winbindd/winbindd_dual.c:105(child_write_response)
> Could not write result
>
> And then with a simple command like: id [user] or wbinfo -u, I get no answer. Today was worse, even the root user cant login via putty, luckily i was with a session with root opened.
>
> In named log there's this entries, could be part of the bigger picture? Of course I know named denied access to update, which is OK to me, I don't want dynamic update of A entries.
>
> 09-Sep-2015 12:45:18.525 update-security: error: client 172.16.100.33#59658: update 'senffnet.intranet/IN' denied
> 09-Sep-2015 12:48:29.661 update-security: error: client 172.16.2.86#61674: update 'senffnet.intranet/IN' denied
> 09-Sep-2015 12:53:21.164 update-security: error: client 172.16.2.142#60166: update 'senffnet.intranet/IN' denied
>
>
>
>
>
> De: "Rafael Domiciano" <r.domiciano at senff.com.br>
> Para: "L.P.H. van Belle" <belle at bazuin.nl>
> Cc: samba at lists.samba.org
> Enviadas: Quarta-feira, 2 de Setembro de 2015 10:43:09
> Assunto: Re: [Samba] Samba AD - Issue with winbindd: Could not write result
>
> Yes, sure, the permissions are 755 to these folders:
>
> [root at wdc logs]# ls -ld /opt
> drwxr-xr-x. 4 administrator root 4096 Ago 10 14:51 /opt
>
> [root at wdc logs]# ls -ld /opt/samba/
> drwxr-xr-x 13 administrator root 4096 Ago 11 09:58 /opt/samba/
>
> [root at wdc logs]# ls -ld /opt/samba/private/
> drwxr-xr-x 7 administrator root 4096 Set 2 10:40 /opt/samba/private/
>
> Rafael
>
>
> De: "L.P.H. van Belle" <belle at bazuin.nl>
> Para: samba at lists.samba.org
> Enviadas: Quarta-feira, 2 de Setembro de 2015 10:20:16
> Assunto: Re: [Samba] Samba AD - Issue with winbindd: Could not write result
>
> Can you check the full path..
>
> 755 755 755
> /opt/samba/private/
>
> Its possible that the private folder had 700
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rafael Domiciano
>> Verzonden: woensdag 2 september 2015 15:09
>> Aan: Rowland Penny
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba AD - Issue with winbindd: Could not write
>> result
>>
>> Yes, named user as read privileges on folder "dns" and in "dns.keytab"
>> file.
>>
>> [root at wdc private]# ll
>> total 12824
>> drwxrwx--- 3 root named 4096 Ago 5 15:53 dns
>> -rw-r----- 1 root named 807 Ago 5 15:53 dns.keytab
>>
>>
>>
>> ----- Mensagem original -----
>>
>> De: "Rowland Penny" <rowlandpenny241155 at gmail.com>
>> Para: samba at lists.samba.org
>> Enviadas: Quarta-feira, 2 de Setembro de 2015 10:05:26
>> Assunto: Re: [Samba] Samba AD - Issue with winbindd: Could not write
>> result
>>
>> On 02/09/15 13:59, Rafael Domiciano wrote:
>>> Thanks Rowland for response.
>>>
>>> OK, setup the "log level = 10".
>>>
>>> I noticed something today. I have to restart the samba server 2 times.
>>> In the second restart I did a named restart too. Maybe could be
>>> something related to communication to named?
>>>
>>> I did the named.conf conforming the wiki, adding these 2 lines:
>>>
>>> options {.... # DNS dynamic updates via kerberos tkey-gssapi-keytab
>>> "/opt/samba/private/dns.keytab"; };
>>>
>>> include "/opt/samba/private/named.conf";
>>>
>>>
>> Can the 'named' user read the keytab ?
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list