[Samba] Network Meltdown after Samba 4.9.0 Upgrade

Reuben Farrelly reuben-samba at reub.net
Sat Sep 15 11:28:43 UTC 2018 


On 15/09/2018 6:40 pm, Rowland Penny via samba wrote:
> On Sat, 15 Sep 2018 12:52:52 +1000
> Reuben Farrelly via samba <samba at lists.samba.org> wrote:
>> thunderstorm ~ # testparm
>> Load smb config files from /etc/samba/smb.conf
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>> (16384) Processing section "[homes]"
>> Processing section "[root]"
>> Processing section "[photos]"
>> Processing section "[store]"
>> Loaded services file OK.
>> Server role: ROLE_STANDALONE
>>
>> Press enter to see a dump of your service definitions
>>
>> # Global parameters
>> [global]
>>           domain master = Yes
>>           security = USER
>>           server role = standalone server
> 
> NOTE: I have shrunk your smb.conf for clarity.
> 
> It is undoubtedly for a 'standalone server', so why does it also have
> the line 'domain master = Yes' ??
> It cannot be both, I would suggest removing this line.

Sure - valid point.  I've removed that statement now as you're right, 
it's not needed, and things are much better.  Fingers crossed!

What I have observed now was:

- Upon startup of Samba 4.9.0 again I saw again a repeated burst of 
broadcast packets
- Switches once again went into storm-control mode and shut ports down
- The environment recovered, but this time things stabilised and has 
been OK for the last hour since.  Things seem to be working fine now.

Regardless of if the config was right or not (I agree that the setting 
in my case was wrong and unnecessary), this is a regression, because it 
causes an unexpected and undocumented change in behaviour compared to 
previous versions of the code.

I also wonder why network broadcasts don't seem to be rate limited by 
Samba.  I can't imagine any valid use case where any application would 
blast thousands of broadcasts per second out onto the wire, regardless 
of the configuration or misconfiguration of the application.

At the very least this needs a mention in the release notes, especially 
given the potential this has to cause an outage.  Things may have 
changed (and change is usually good), but the least that can be done is 
people are given a one line heads up.

Thanks,
Reuben

More information about the samba mailing list