[Samba] Need help troubleshooting TCP thrashing, possible kernel bug?

Paul Klapperich paul.klapperich at packetdigital.com
Thu Feb 9 01:56:49 UTC 2017 

I think it should be neither. Ugh... FreeNAS UI doesn't let me disable the
Domain Logons setting for some reason, so I'll have to talk to them on that
one and it seems they have no option for me to modify the server role.
Thankfully I can edit smb.conf directly on the archlinux box where I was
able to duplicate the issue.

Setting sever role = auto, domain logons = yes doesn't fix the TCP
thrashing and works with the SIDs already populated in LDAP.

It looks like removing "deadtime = 15" from the smb.conf prevents the TCP
thrashing. If I set "deadtime  = 1" then the thrashing happens after 3
minutes or so.

I'll see if I can put together a conf file that isn't a disaster but still
expresses the error.

--
Paul Klapperich

On Wed, Feb 8, 2017 at 5:05 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 8 Feb 2017 16:43:53 -0600
> Paul Klapperich via samba <samba at lists.samba.org> wrote:
>
> > Very well. Here is the affected smb.conf.
> > ------
> > [global]
> >     server min protocol = NT1
> >     server max protocol = SMB3
> >     interfaces = 127.0.0.1 10.0.0.8
> >     bind interfaces only = yes
> >     encrypt passwords = yes
> >     dns proxy = no
> >     strict locking = no
> >     oplocks = yes
> >     deadtime = 15
> >     max log size = 51200
> >     max open files = 2830016
> >     logging = file
> >     load printers = no
> >     printing = bsd
> >     printcap name = /dev/null
> >     disable spoolss = yes
> >     getwd cache = yes
> >     guest account = nobody
> >     map to guest = Bad User
> >     obey pam restrictions = yes
> >     directory name cache size = 0
> >     kernel change notify = no
> >     panic action = /usr/local/libexec/samba/samba-backtrace
> >     nsupdate command = /usr/local/bin/samba-nsupdate -g
> >     server string = backup of files
> >     ea support = yes
> >     store dos attributes = yes
> >     lm announce = yes
> >     hostname lookups = yes
> >     unix extensions = no
> >     acl allow execute always = true
> >     dos filemode = yes
> >     multicast dns register = no
> >     local master = no
> >     idmap config *: backend = tdb
> >     idmap config *: range = 10000-90000
> >     server role = member server
> >     security = user
> >     passdb backend = ldapsam:ldap://ldap0.packetdigital.com
> >     ldap admin dn = cn=admin,dc=packetdigital,dc=com
> >     ldap suffix = dc=packetdigital,dc=com
> >     ldap user suffix = ou=Users
> >     ldap group suffix = ou=Groups
> >     ldap ssl = off
> >     ldap replication sleep = 1000
> >     ldap passwd sync = yes
> >     ldapsam:trusted = yes
> >     netbios name = HAMMER
> >     workgroup = PACKETDIGITAL
> >     domain logons = yes
> >     idmap config PACKETDIGITAL: backend = ldap
> >     idmap config PACKETDIGITAL: range = 10000-90000
> >     idmap config PACKETDIGITAL: ldap url = ldap0.packetdigital.com
> >     pid directory = /var/run/samba
> >     create mask = 0666
> >     directory mask = 0777
> >     client ntlmv2 auth = yes
> >     dos charset = CP437
> >     unix charset = UTF-8
> >     log level = 1
> >     #map unix users to 1 or more names
> >     ## can map an @group to a username
> >     #username map = /mnt/storage/configs/samba_users.map
> >     follow symlinks = yes
> >     wide links = yes
> >     unix extensions = no
> >     create mask = 0660
> >     idmap uid = 10000-90000
> >     idmap gid = 10000-90000
> >
> >
> > [Software]
> >     path = /mnt/storage/cifs-share/Software
> >     printable = no
> >     veto files = /.snapshot/.windows/.mac/.zfs/
> >     writeable = yes
> >     browseable = yes
> >     vfs objects = zfs_space zfsacl
> >     hide dot files = yes
> >     guest ok = no
> >     nfs4:mode = special
> >     nfs4:acedup = merge
> >     nfs4:chown = true
> >     zfsacl:acesort = dontcare
> >     create mask = 0775
> >     force create mode = 0775
> >     directory mask = 0775
> >     force directory mode = 0775
> >     force group = Software
> >     valid users = @Software, @Software-RO
> >     read only = yes
> >     write list = @Software
> >
>
> I think you need to go and read 'man smb.conf'
>
> 'server role = member server' means it should be joined to a windows
> domain, but 'domain logons = yes' makes it a PDC, so which is it ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list