[Samba] flood of (auth in progress) connections from unresponsive windows client crashing samba

David Walling walling at tacc.utexas.edu
Tue Sep 3 13:52:57 UTC 2019

Unfortunately I do not have the ability to add the user/group information to AD directly at this time.

Does anyone know exactly what the following error message "means"?  It shows up every time these symptoms occur, and if I could understand why the lookup fails, I might be able to prevent the issue.

"lookup_name_smbconf for CLIENTHOSTNAME$ failed"

From: samba <samba-bounces at lists.samba.org> on behalf of Rowland penny via samba <samba at lists.samba.org>
Sent: Friday, August 30, 2019 12:52 PM
To: sambalist <samba at lists.samba.org>
Subject: Re: [Samba] flood of (auth in progress) connections from unresponsive windows client crashing samba

On 30/08/2019 18:15, David Walling wrote:
> /etc/samba/user_and_group_map.txt contains Windows username/group to
> linux username/group mappings.  In our setup, all users exist in ldap,
> as do the directory groups, but the linux user and group information
> (namely uid/gid) do not.  This has been setup such that the users
> connect to samba as the windows username (ex. PRODUCTION+user1) for an
> authroized group (PRODUCTION+group1), but the files and permissions on
> the linux samba server are created and managed with the appropriate
> uid/gids.
> Example:
> linuxuser=PRODUCTION+windowsuser
> G-234=PRODUCTION+directorygroup
> I do not believe we are using sssd, but are using winbind.  Its quite
> possible we don't have this setup optimally, but this setup does work
> as needed, outside of these occasional crash/unresponsive states.
> Thanks!
> David W.

Why are you doing this ?

Why not just have everything in AD ?

Using AD would allow Windows users & groups  to become Unix users and groups

e.g. 'getent passwd rowland' gives me:

rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

'rowland' is only in AD and nowhere else

Try using this smb.conf:

         workgroup = PRODUCTION
         security = ADS
         netbios name = service-samba4

         idmap config *:backend = tdb
         idmap config *:range = 3000-7999
         idmap config PRODUCTION : backend = rid
         idmap config PRODUCTION : range = 100000-200000

         bind interfaces only = yes
         interfaces = eth0 ~ change to your network device
         preferred master = no
         winbind separator = +
         max log size = 20000
         log level = 1 smbd:10
         log file = /var/log/samba/log.%m
         dns proxy = no

         username map = /etc/samba/user.map

         # ACL Settings
         vfs objects = acl_xattr
         map acl inherit = yes
         store dos attributes = yes

         # Multichannel
         aio read size = 0
         aio write size = 0

         # Prevent zombie processes
         deadtime = 15
         csc policy = disable

         path = /samba/share1
         read only = no
         inherit acls = yes
         inherit permissions = yes
         create mask = 700
         directory mask = 700
         valid users = @"G-817803"
         hosts allow =  redacted

and create /etc/samba/user.map with just this content:

!root = PRODUCTION\Administrator

Restart nmbd.smbd and winbind and run:



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
>> This message is from an external sender. Learn more about why this <<
>> matters at https://links.utexas.edu/rtyclf.                        <<

More information about the samba mailing list