[Samba] Debugging Samba is a total PITA and this needs to improve

Rowland penny rpenny at samba.org
Tue May 21 13:12:57 UTC 2019 

On 21/05/2019 13:29, Sven Schwedas via samba wrote:
> On 21.05.19 14:16, Rowland penny via samba wrote:> You need to
> investigate your DB problems
>
> Great, but how?
>
>> I see no reason to have different smb.conf files for different Unix
>> domain members, just don't have 'netbios name' in any smb.conf.
> There's also share definitions in the files which I omitted, which are
> the actual meat of the config files.


Fair enough for different shares on different clients, but I wouldn't 
use includes for anything else.

>
>> You will also be better better off having 'vfs objects = acl_xattr' in
>> your smb.conf and setting the permissions from Windows.
> Will that work when half the clients aren't Windows to begin with, and
> ACLs still need to work when people can SSH into the server?
Yes
>
>> What is the point of this:
>>
>>      winbind max domain connections = 32
>>
>> If you also have:
>>
>>      winbind offline logon = yes
> Will it hurt?
No, but the '32' will be ignored if offline logon is set to 'yes'
>
>> Finally and what could be contributing to your problem:
>>
>> This could be set too high:
>>      winbind expand groups = 4
> Why would that suddenly break after working for years, when the deepest
> nesting we actually see is 1?
>
> And going by smb.conf, at most it could lead to timeouts, which is not
> the problem we're seeing?

Try reading 'man smb.conf' where you will find this under 'winbind 
expand groups':

Be aware that a high value for this parameter can result in system 
slowdown as the main parent winbindd daemon must perform the group 
unrolling and will be unable to answer incoming NSS or authentication 
requests during this time.

This is possibly why you are having your problem.

>
> This is *exactly* what I meant with bike shedding. "This has nothing to
> do with your problem, but let's waste days on this anyway, it's not
> *our* prod environment that's offline in the meantime" is really not a
> great attitude.
>
We are nowhere near your computers, so can only ask questions and offer 
advice, if you do not like this, have a read here:

https://www.samba.org/samba/support/

Find someone near you and pay for support.

Rowland

More information about the samba mailing list