[Samba] winbindd crashing -- how to auto-heal?

Jamie Jackson jamiejaxon at gmail.com
Sat Sep 1 16:39:53 UTC 2018 

I'm not a sysadmin (so I don't have domain admin skills), I'm just coming
at this as a user of these (flaky) hosts, but I'll try to answer the
questions.

If autorid is an odd/problematic setting, I can pass that info on to the
sysadmins. I looked at
https://lists.samba.org/archive/samba/2015-May/191544.html (since I don't
really know the difference between these settings), but I don't know how
many back-end AD servers there are. BTW, *is* the autoid setting
potentially problematic?

I'm also not sure how to know is sssd is in use or not, so these are the
things I thought to try:

$ systemctl -a | grep '\(smb\|samba\|sssd\|winbind\)'
  winbind.service
                                       loaded    active   running   Samba
Winbind Daemon
$ sssd --help
-bash: sssd: command not found
$ sudo find / -xdev -name 'sssd.conf'
$

On Sat, Sep 1, 2018 at 11:21 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Sat, 1 Sep 2018 10:21:17 -0400
> Jamie Jackson <jamiejaxon at gmail.com> wrote:
>
> > Hi Rowland,
> >
> > Here's the info you asked for.
> >
> > $ cat /etc/redhat-release
> > Red Hat Enterprise Linux Server release 7.5 (Maipo)
> > $ smbcontrol --version
> > Version 4.7.1
> >
> > smb.conf:
> > ------------------------------
> >
> > [global]
> >         security = ADS
> >         realm = REDACTED.WAN
> >         encrypt passwords = true
> >         workgroup = REDACTED
> >
> >         winbind enum users = yes
> >         winbind enum groups = yes
> >         winbind nested groups = yes
> >         winbind use default domain = yes
> >         winbind refresh tickets = yes
> >         idmap config * : backend = autorid
> >         idmap config * : range = 1000000-2999999999
> >         template homedir = /home/%D/%U
> >         template shell = /bin/bash
> >         log level = 1
> >         debug pid = true
> >         max log size = 0
> >         nt acl support = Yes
> >         map acl inherit = Yes
> >         client use spnego = Yes
> >         preferred master = no
> >         printing = bsd
> >         printcap name = /dev/null
> >         disable spoolss = yes
> >
> > ## These came from http://www.howtoforge.com/samba_active_directory
> > #        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> > #        os level = 20
> > #        dns proxy = no
> > #        disable netbios = Yes
> > ## Required by infosec to pass scan.  Added 10-18-2011 GLS
> >         guest account = nobody
> >         restrict anonymous = 1
> >
> > #### Debugging/Accounting ####
> >
> > # This tells Samba to use a separate log file for each machine
> > # that connects
> >    log file = /var/log/samba/log.%m
> >
> > # Put a capping on the size of the log files (in Kb).
> > #   max log size = 1024
> >
> > # We want Samba to log a minimum amount of information to syslog.
> > Everything # should go to /var/log/samba/log.{smbd,nmbd} instead. If
> > you want to log # through syslog you should set the following
> > parameter to something higher. syslog = 0
> >
> > # Do something sensible when Samba crashes: mail the admin a backtrace
> >    panic action = /usr/share/samba/panic-action %d
> > ------------------------------
> >
>
> Is there some reason for using the autorid backend ?
> Most people use the 'ad' or 'rid' backend.
> Are you also using sssd ?
>
> You are running Samba as a Unix domain member, so I expect your machine
> is joined to the domain.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list