[Samba] CPU 100% smbd 4.9.5 debian buster

Rowland penny rpenny at samba.org
Mon Feb 15 14:06:52 UTC 2021 

On 15/02/2021 12:39, Francesc Guasch via samba wrote:
> Hi. I have a samba server that suddenly gets smbd
> processes at 100% and becomes unusable.
>
> This is samba release 2:4.9.5+dfsg-5+deb10u1
> in this host:
>
> Operating System: Debian GNU/Linux 10 (buster)
> Kernel: Linux 4.19.0-14-amd64
>
> We use only LDAP backend.
>
> The process at 100% are smbd, but they won't show
> up in "samba-tool processes". Only that:
> notify-daemon           2764


Not sure that 'samba-tool' will work against an NT4-style PDC, it was 
written to be used against Samba AD.

> I managed to get a
> stack trace from one of those processes:
>
> #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
> #1  0x00007fbe6baf2535 in __GI_abort () at abort.c:79
> #2  0x00007fbe6c4319e3 in dump_core () from /lib/x86_64-linux-gnu/libsmbconf.so.0
> #3  0x00007fbe6c41e22b in smb_panic_s3 () from /lib/x86_64-linux-gnu/libsmbconf.so.0
> #4  0x00007fbe6c7fe9df in smb_panic () from /lib/x86_64-linux-gnu/libsamba-util.so.0
> #5  0x00007fbe6c7fec16 in ?? () from /lib/x86_64-linux-gnu/libsamba-util.so.0
> #6  <signal handler called>
> #7  0x00007fbe6c8646fe in __GI___pthread_mutex_lock (mutex=0x55c78fd27c50) at ../nptl/pthread_mutex_lock.c:80
> #8  0x00007fbe6aae53e9 in ?? () from /lib/x86_64-linux-gnu/libgnutls.so.30
> #9  0x00007fbe6aab962b in gnutls_record_send2 () from /lib/x86_64-linux-gnu/libgnutls.so.30
> #10 0x00007fbe6b3d03a2 in ?? () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #11 0x00007fbe6b282108 in ?? () from /lib/x86_64-linux-gnu/liblber-2.4.so.2
> #12 0x00007fbe6b283411 in ber_int_sb_write () from /lib/x86_64-linux-gnu/liblber-2.4.so.2
> #13 0x00007fbe6b27fb2b in ber_flush2 () from /lib/x86_64-linux-gnu/liblber-2.4.so.2
> #14 0x00007fbe6b3bcfa1 in ldap_int_flush_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #15 0x00007fbe6b3bd27f in ldap_send_server_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #16 0x00007fbe6b3bd5f1 in ldap_send_initial_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #17 0x00007fbe6b3b21dc in ldap_sasl_bind () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #18 0x00007fbe6b3b262a in ldap_sasl_bind_s () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #19 0x00007fbe6b3b2eb0 in ldap_simple_bind_s () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #20 0x00007fbe6afb4d69 in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #21 0x00007fbe6afb5ade in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #22 0x00007fbe6afb624f in smbldap_search () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #23 0x00007fbe6afb62a9 in smbldap_search_suffix () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #24 0x00007fbe6af93add in smbldap_search_domain_info () from /usr/lib/x86_64-linux-gnu/samba/libsmbldaphelper.so.0
> #25 0x00007fbe6c0b7ede in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #26 0x00007fbe6c0d4748 in make_pdb_method_name () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #27 0x00007fbe6c0d4a1e in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #28 0x00007fbe6c0d6d19 in initialize_password_db () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #29 0x00007fbe6c63932e in smbd_reinit_after_fork () from /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0
> #30 0x000055c78e2a7b3f in ?? ()
> #31 0x00007fbe6bc9803f in tevent_common_invoke_fd_handler () from /lib/x86_64-linux-gnu/libtevent.so.0
> #32 0x00007fbe6bc9e05f in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
> #33 0x00007fbe6bc9c2d7 in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
> #34 0x00007fbe6bc977e4 in _tevent_loop_once () from /lib/x86_64-linux-gnu/libtevent.so.0
>
> And here is an edited smb.conf
>
> netbios name =  alu-a2
> workgroup = ALU
> realm = aluete.example.com
> interfaces = 127.0.0.1 192.168.68.7 192.168.81.8 192.168.68.11
> debug level = 4
> log file = /var/log/samba/%m.log
> max log size = 25
> #socket options = IPTOS_LOWDELAY TCP_NODELAY
> load printers = no
> keepalive = 600
> deadtime = 120
> os level = 99
> preferred master = yes
> domain master = yes
> local master = yes
> security = user
> domain logons = yes
> server max protocol = NT1
> ldap admin dn = "cn=admin,dc=example,dc=com"
> smbpasswd:/etc/samba/smbpasswd
> ldap ssl = off
> ldap passwd sync = yes
> passdb backend = ldapsam:ldaps://mero.example.com/
> ldap admin dn = cn=admin,dc=example,dc=com
> ldap suffix = ou=ALUETE,ou=EXAMPLEBCN,dc=example,dc=com
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=Idmap
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -W -t 0 "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
> logon path = \\%L\profiles\%U
> logon drive = l:
> logon home = \\%N\%U
> logon script = logon.bat
> remote announce = 192.168.81.255 10.1.36.255
> wins support = yes
> algorithmic rid base = 1000
> dns proxy = yes
> hosts allow = 192.168.68.  192.168.36. 127.
> security = user
> max disk size = 60
> guest account = nobody
> ntlm auth = yes
> lanman auth = yes
> client ntlmv2 auth = yes
> load printers = no
>
> [IPC$]
>      path = /tmp
>      hosts allow= 10.0.36.0/24, 192.168.36.0/25, 192.168.36.128/25, 192.168.68.0/24, 192.168.81.0/24, 127.0.0.1/32 10.0.68.0/24 10.1.36.0/24
>      hosts deny = 0.0.0.0/0


Why have you created a hidden share called 'IPC' ?

Is this a new PDC, or an existing one ?

Is apparmor running and possibly denying something ?

Is there anything in the Samba logs ?

Rowland

More information about the samba mailing list