[Samba] NT_STATUS_TOO_MANY_OPENED_FILES on AD DCs

L.P.H. van Belle belle at bazuin.nl
Mon Apr 23 12:58:39 UTC 2018 

Hai, 

I dont run centos, but ... 
No, i've not seen this with samba-ad-dc, did notice something like this on my kopano mail server. 
And your lucky, i was just working on that. 

Run : ulimit -n
See the amount of openfile you may have. 

If you running a system with systemd: 
systemctl edit samba-ad-dc 

Add: 

[Service]
LimitNOFILE=65536

ps. Starting lower then the 65536 might be wize.

And Some good info here:
https://unix.stackexchange.com/questions/345595/how-to-set-ulimits-on-service-with-systemd?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Ji??í ??erný via samba
> Verzonden: maandag 23 april 2018 14:19
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] NT_STATUS_TOO_MANY_OPENED_FILES on AD DCs
> 
> Hello guys
> 
> Yesterday afternoon kerberos stopped working on both of our 
> domain controllers.
> Unfortunately, I did not have time to examine it thoroughly, 
> I needed to have it up asap.
> 
> I know that RDP authentication took a few minutes, but it 
> ended up being logged.
> LDAP was normally working.
> 
> There were a lot of these messages in the logs:
> [2018/04/22 14:46:43.315705,  1] 
> ../source4/auth/kerberos/krb5_init_context.c:484(smb_krb5_init
> _context_basic)
>   krb5_init_context failed (Too many open files)
> [2018/04/22 14:46:43.315770,  1] 
> ../source4/auth/kerberos/krb5_init_context.c:555(smb_krb5_init
> _context)
>   smb_krb5_context_init_basic failed (Too many open files)
> [2018/04/22 14:46:43.350667,  1] 
> ../source4/auth/kerberos/krb5_init_context.c:484(smb_krb5_init
> _context_basic)
>   krb5_init_context failed (Too many open files)
> [2018/04/22 14:46:43.350711,  1] 
> ../source4/auth/kerberos/krb5_init_context.c:555(smb_krb5_init
> _context)
>   smb_krb5_context_init_basic failed (Too many open files)
> [2018/04/22 14:46:55.229733,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:46:56.239262,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:46:57.239552,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:46:58.239843,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:46:59.240112,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:47:00.240399,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> [2018/04/22 14:47:01.240682,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
>   single_accept_connection: accept: NT_STATUS_TOO_MANY_OPENED_FILES
> 
> [2018/04/22 22:21:57.770716,  2] 
> ../auth/auth_log.c:760(log_authentication_event_human_readable)
>   Auth: [Kerberos KDC,ENC-TS Pre-authentication] user 
> [(null)]\[DC01$@SAMDOM.SVMETAL.CZ] at [Sun, 22 Apr 2018 
> 22:21:57.770692 CEST] with [(null)] status 
> [NT_STATUS_NO_SUCH_USER] workstation [(null)] remote host 
> [ipv4:192.168.1.1:43281] mapped to [(null)]\[(null)]. local 
> host [NULL] 
> [2018/04/22 22:21:57.770872,  0] 
> ../source4/smbd/process_single.c:57(single_accept_connection)
> 
> 
> System: Sernet Samba 4.7.6 on CentOS 6
> Both servers are ADC only, the file service resolves only 
> netlogon and sysvol.
> 
> Finally, I resolved this by restarting the samba service on 
> both servers. And for sure, I upgrade to 4.7.7.
> It's working now, but I'm little bit nervous, because don't 
> know what happened.
> 
> Did any of you experience this behavior?
> 
> Thanks
> Jiri
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list