[Samba] flood of (auth in progress) connections from unresponsive windows client crashing samba
walling at tacc.utexas.edu
Tue Sep 3 13:52:57 UTC 2019
Unfortunately I do not have the ability to add the user/group information to AD directly at this time.
Does anyone know exactly what the following error message "means"? It shows up every time these symptoms occur, and if I could understand why the lookup fails, I might be able to prevent the issue.
"lookup_name_smbconf for CLIENTHOSTNAME$ failed"
From: samba <samba-bounces at lists.samba.org> on behalf of Rowland penny via samba <samba at lists.samba.org>
Sent: Friday, August 30, 2019 12:52 PM
To: sambalist <samba at lists.samba.org>
Subject: Re: [Samba] flood of (auth in progress) connections from unresponsive windows client crashing samba
On 30/08/2019 18:15, David Walling wrote:
> /etc/samba/user_and_group_map.txt contains Windows username/group to
> linux username/group mappings. In our setup, all users exist in ldap,
> as do the directory groups, but the linux user and group information
> (namely uid/gid) do not. This has been setup such that the users
> connect to samba as the windows username (ex. PRODUCTION+user1) for an
> authroized group (PRODUCTION+group1), but the files and permissions on
> the linux samba server are created and managed with the appropriate
> I do not believe we are using sssd, but are using winbind. Its quite
> possible we don't have this setup optimally, but this setup does work
> as needed, outside of these occasional crash/unresponsive states.
> David W.
Why are you doing this ?
Why not just have everything in AD ?
Using AD would allow Windows users & groups to become Unix users and groups
e.g. 'getent passwd rowland' gives me:
'rowland' is only in AD and nowhere else
Try using this smb.conf:
workgroup = PRODUCTION
security = ADS
realm = PRODUCTION.REDACTED.ORG
netbios name = service-samba4
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config PRODUCTION : backend = rid
idmap config PRODUCTION : range = 100000-200000
bind interfaces only = yes
interfaces = eth0 ~ change to your network device
preferred master = no
winbind separator = +
max log size = 20000
log level = 1 smbd:10
log file = /var/log/samba/log.%m
dns proxy = no
username map = /etc/samba/user.map
# ACL Settings
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
aio read size = 0
aio write size = 0
# Prevent zombie processes
deadtime = 15
csc policy = disable
path = /samba/share1
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = @"G-817803"
hosts allow = redacted
and create /etc/samba/user.map with just this content:
!root = PRODUCTION\Administrator
Restart nmbd.smbd and winbind and run:
getent passwd PRODUCTION\'A_VALID_USERNAME'
To unsubscribe from this list go to the following URL and read the
>> This message is from an external sender. Learn more about why this <<
>> matters at https://links.utexas.edu/rtyclf. <<
More information about the samba