[Samba] tons of "auth in progress" in samba file server
L.P.H. van Belle
belle at bazuin.nl
Mon Oct 25 09:36:52 UTC 2021
Hai,
1) make sure the ESXi its NTP time is correct and synced.
Make sure the guest VM, or follow the correct time from host.
Or make sure it fully and only uses the ad-dc's there time servers.
2) upgrade samba to latest 4.14.x
3) check again.
4) if it didnt work for you, remove MS update that is causing this and for now block it.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Adam
> Xu via samba
> Verzonden: maandag 25 oktober 2021 10:55
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] tons of "auth in progress" in samba file server
>
> Hi All,
>
> I have found the root cause of massive "auth in progress" and I'm
> replying to this list in case someone finds this place
> through a search
> engine.
>
> one of our ESXi hosts did not enable ntp service after reboot
> and it has
> a wrong time. So some vms in that host behave strangely, one
> moment the
> time was correct(after sync time with DC), the next moment
> the time was
> wrong(after sync time with host).
>
> Because of the incorrect timing, a large number of
> authentication could
> not be completed, so there were a large number of "auth in progress"
> errors when excute "smbstatus -b".
>
> ??? 2021/10/18 15:05, Adam Xu via samba ??????:
> > Hi All,
> >
> > I have found some info:
> >
> > [2021/10/18 14:53:15.946884, 2]
> > ../../source3/modules/vfs_acl_xattr.c:233(connect_acl_xattr)
> > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
> > true' and 'force unknown acl user = true' for service IPC$
> > [2021/10/18 14:53:15.947166, 3]
> > ../../source3/smbd/service.c:851(make_connection_snum)
> > 192.168.61.103 (ipv4:192.168.61.103:51966) connect to
> service IPC$
> > initially as user NTBAOBEI\yinning_wang (uid=10295, gid=10001) (pid
> > 29417)
> > [2021/10/18 14:53:15.947813, 3]
> > ../../source3/smbd/msdfs.c:1060(get_referred_path)
> > get_referred_path: |users| in dfs path \centos\users is
> not a dfs root.
> > [2021/10/18 14:53:15.947876, 3]
> > ../../source3/smbd/smb2_server.c:3213(smbd_smb2_request_error_ex)
> > smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> > status[NT_STATUS_NOT_FOUND] || at
> ../../source3/smbd/smb2_ioctl.c:312
> >
> > and I ran:
> >
> > # smbstatus -b | grep 29417
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > 29417 (auth in progress) 192.168.61.103
> > (ipv4:192.168.61.103:51966) SMB3_11 - -
> > ...........................
> >
> > Is it because some windows 10 client try to connect to service IPC$
> > and the process just frozen in the background?
> >
> > ??? 2021/9/30 16:16, Adam Xu via samba ??????:
> >> Hi everyone,
> >>
> >> My samba file server has been running for more than 1 year, but
> >> recently, there are a lot of errors coming up.
> >>
> >> when I run "smbstatus -b", tons of "auth in progress"
> appears. like:
> >>
> >> 27424 (auth in progress) 192.168.60.212
> >> (ipv4:192.168.60.212:50579) SMB3_11 - -
> >> 11513 (auth in progress) 192.168.60.25
> >> (ipv4:192.168.60.25:60700) SMB3_11 - -
> >> 19988 (auth in progress) 192.168.60.180
> >> (ipv4:192.168.60.180:50989) SMB3_11 - -
> >> 19173 (auth in progress) 192.168.61.122
> >> (ipv4:192.168.61.122:57649) SMB3_11 - -
> >> 14340 (auth in progress) 192.168.60.228
> >> (ipv4:192.168.60.228:58389) SMB3_11 - -
> >> 12586 (auth in progress) 192.168.61.133
> >> (ipv4:192.168.61.133:53553) SMB3_11 - -
> >> 15450 (auth in progress) 192.168.60.16
> >> (ipv4:192.168.60.16:56589) SMB3_11 - -
> >> 11340 (auth in progress) 192.168.60.236
> >> (ipv4:192.168.60.236:63931) SMB3_11 - -
> >> 11408 (auth in progress) 192.168.60.176
> >> (ipv4:192.168.60.176:58473) SMB3_11 - -
> >> 11408 (auth in progress) 192.168.60.176
> >> (ipv4:192.168.60.176:58473) SMB3_11 - -
> >> 19988 (auth in progress) 192.168.60.180
> >> (ipv4:192.168.60.180:50989) SMB3_11 - -
> >> 19988 (auth in progress) 192.168.60.180
> >> (ipv4:192.168.60.180:50989) SMB3_11 - -
> >> 11672 (auth in progress) 192.168.60.63
> >> (ipv4:192.168.60.63:63335) SMB3_11 - -
> >>
> >> and
> >>
> >> [root at centos ~]# smbstatus -b | wc -l
> >> 3971
> >>
> >> My OS is CenOS 7.9 and samba version is 4.10.16.
> >>
> >> My smb.conf is:
> >>
> >> [global]
> >> security = ADS
> >> workgroup = NTBAOBEI
> >> realm = NTBAOBEI.COM
> >>
> >> log file = /var/log/samba/%m.log
> >> log level = 3 passdb:5 auth:5 winbind:5
> >>
> >> idmap config * : backend = tdb
> >> idmap config * : range = 3000-7999
> >> idmap config NTBAOBEI:backend = ad
> >> idmap config NTBAOBEI:schema_mode = rfc2307
> >> idmap config NTBAOBEI:range = 10000-999999
> >> idmap config NTBAOBEI:unix_nss_info = yes
> >>
> >> winbind use default domain = Yes
> >> winbind offline logon = yes
> >> winbind refresh tickets = yes
> >> access based share enum = yes
> >> hide unreadable = yes
> >>
> >> winbind max clients = 600
> >>
> >> load printers = no
> >> vfs objects = acl_xattr full_audit recycle
> >> map acl inherit = yes
> >> store dos attributes = yes
> >>
> >> [shareA]
> >> path = /srv/samba/A/
> >> read only = no
> >>
> >> [shareB]
> >> path = /srv/samba/B/
> >> read only = no
> >>
> >> ......
> >>
> >> This situation has only recently appeared. Have you
> encountered this
> >> problem and how to solve it?
> >>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list