[Samba] Samba AD - Issue with winbindd: Could not write result

Sat Jun 24 17:30:33 UTC 2017

Il 23/06/2017 10:49, Rowland Penny via samba ha scritto:
> Please see inline comments.
>
> On Fri, 23 Jun 2017 07:09:47 +0200
> Marco Coli <marco.coli at isolettaelba.eu> wrote:
>
>> cat /etc/resolv.conf
>> # Generated by NetworkManager
>> search niccolai.local
>> nameserver 10.0.0.253
> Only thing wrong there is that you may be using the '.local' domain
> (unless it is has been changed to hide the real domain). If it is the
> real domain, remove Avahi if it is installed.

Done

>
> I would change it to this:
>
> 10.0.0.253 nic-mail.niccolai.local nic-mail
> 10.0.0.? mail.niccolaitrafile.it mail
> 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
>
> Create a virtual network interface for the '10.0.0.?' address and
> assign a 'IP'. Create a CNAME record for nic-server-mail to
> nic-mail.niccolai.local, create a CNAME record for sogo to
> 'mail.niccolaitrafile.it'

To be done

>
> Uncomment the 'forwarders' lines, I would just use the Google ones.

Done

>
> zone "niccolai.homelinux.org" IN {
>          type master;
>           file "homelinux";
>           allow-update { none; };
> #        allow-transfer { 10.0.0.19; };
>           notify yes;
> };
> Remove the above zone, you do not seem to be using it.

Done

>
>> zone "niccolaitrafile.it" IN {
>>          type master;
>>           file "niccolaitrafile.it";
>>           allow-update { none; };
>> #        allow-transfer { 10.0.0.19; };
>> #        notify yes;
>> };
>> --------
>> [root at nic-mail ~]# cat /etc/named.conf.
>> named.conf.DISTRIB  named.conf.rpmnew   named.conf.samba
>> [root at nic-mail ~]# cat /etc/named.conf.samba
>> # This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
>> support. #
>> # This file should be included in your main BIND configuration file
>> #
>> # For example with
>> # include "/var/lib/samba4/private/named.conf";
>>
>> #
>> # This configures dynamically loadable zones (DLZ) from AD schema
>> # Uncomment only single database line, depending on your BIND version
>> #
>> dlz "AD DNS Zone" {
>> #dlz "niccolai.local" {
>>       # For BIND 9.8.0
>>       # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
>>
>>       # For BIND 9.9.0
>>        database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
>> };
>>
>> ----
>>
>> [root at nic-mail ~]# cat /etc/samba/smb.conf
>> # Global parameters
>> [global]
>>           workgroup = NICCOLAI
>>           realm = niccolai.local
>>           netbios name = NIC-MAIL
>>           server role = active directory domain controller
>>           server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbind, ntp_signd, kcc, dnsupdate
>> #       idmap_ldb:use rfc2307 = yes
> Uncomment the above line, you need it.

Done
>
>           socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120
> TCP_KEEPINTVL=10 TCP_KEEPCNT=5
> You should let Samba set the above line for you.

Done (commented line)
>
> I no longer use the Sernet packages, but can you check if there are any
> other Sernet Samba packages available (Debian has one called
> samba-dsdb-modules) and install them.
>
> I am not saying that the changes I suggest will cure your problem, but
> the should not make anything worse either.
>
> Rowland
>
>

So far, with all cleaning you suggested except file hosts (I will do it 
in the next days, and thank you!) the problem remains.

I did a simple script which runs every 5 minutes in crontab, and check 
if wbinfo -u returns no lines, in this case it restart samba. Is the 
only temporary solution I did find by now...
I see it restart samba 4/5 a day, in different hours, also by night 
without operational users.

Here is the script:
[root at nic-mail niccolai]# cat script_riavvio_samba.sh
if [ $(wbinfo -u | wc -l) -eq 0 ];
then
echo "Riavviato il servizio";
/usr/bin/systemctl restart sernet-samba-ad;
fi

Doing this, I have no more complaints from users about share not 
reacheable, or AD login not performed, and so on...

I have no resource problem:
[root at nic-mail niccolai]# free
               total        used        free      shared buff/cache   
available
Mem:       12139548     2649440      573128      202884 8916980     8830260
Swap:       5177340        1796     5175544

The server is doing a lot of other things without a problem, it started 
to have problems only with samba and only recently, I have no more clues...

Thank you for your indications!