Solved

Samba on inux

Posted on 2010-08-20
10
1,035 Views
Last Modified: 2013-12-16
Hi,

Im using samba on ubuntu, here are the version details

 OS

Distributor ID: Ubuntu
Description:    Ubuntu 9.04
Release:        9.04
Codename:       jaunty

SAMBA

Version 3.3.2

I have Kerberos authentication.The problem is that samba shares accessed by the users hang periodically and everything is after say like 10 minutes

following are the entries from the log (log.winbindd)

[2010/08/19 10:40:55,  1] libads/ldap_utils.c:ads_do_search_retry_internal(83)
  ads_search_retry: failed to reconnect (Can't contact LDAP server)
[2010/08/19 10:40:55,  1] libads/ldap_utils.c:ads_ranged_search_internal(307)
  ads_search: Can't contact LDAP server
[2010/08/19 10:40:55,  0] winbindd/winbindd_ads.c:lookup_groupmem(1038)
  ads_ranged_search failed with: Can't contact LDAP server
[2010/08/19 10:41:19,  1] winbindd/winbindd_util.c:trustdom_recv(303)
  Could not receive trustdoms


AND log (log.winbindd-dc-connect)

[2010/08/19 10:42:52,  1] rpc_client/cli_pipe.c:rpc_pipe_destructor(2362)
  rpc_pipe_destructor: cli_close failed on pipe host KTNAPWDC104.kt.group.local, pipe \NETLOGON, fnum 0x4005. Error was SUCCESS - 0
[2010/08/19 10:42:52,  1] rpc_client/cli_pipe.c:rpc_pipe_destructor(2362)
  rpc_pipe_destructor: cli_close failed on pipe host KTNAPWDC104.kt.group.local, pipe \lsarpc, fnum 0x4017. Error was SUCCESS - 0
[2010/08/19 10:42:52,  1] rpc_client/cli_pipe.c:rpc_pipe_destructor(2362)
  rpc_pipe_destructor: cli_close failed on pipe host KTNAPWDC104.kt.group.local, pipe \NETLOGON, fnum 0x4016. Error was SUCCESS - 0

Any help would be greatly appreciated ad this is a production system and is heavily used.

Thanks
Bhanu
0
Comment
Question by:Peddu_bhanu
10 Comments
 
LVL 11

Expert Comment

by:Pieter Jordaan
ID: 33483806

Make sure the Linux server has the PDC as it's primary DNS server.
Check /etc/resolv.conf

Then check /etc/krb5.conf

[libdefaults]
    default_realm = MYDOMAIN.COM

[realms]
    MYDOMAIN.COM =  {
        kdc = PDC.MYDOMAIN.COM
        admin_server = PDC.MYDOMAIN.COM
    }

[domain_realm]
    .PDC.MYDOMAIN.COM = MYDOMAIN.COM
    PDC.MYDOMAIN.COM =  MYDOMAIN.COM

in /etc/samba/smb.conf
make sure your idmap uid and gid is set higher than any local user uid.
I am using:
   idmap uid = 15000-25000
   idmap gid = 15000-25000

I had to upgrade my samba to version 3.4 to get rid of the intermittent connection problems on the Ubuntu 9 standard version of samba, and currently run it on Ubuntu 10.04 with samba 3.4.7 with no problems.
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 33485991
Thank you bit freeze

for the sake of clarity i will post my smb.conf and krb5.conf files ,I request you all experts to please have a look at them and suggest,please find the attached files

This is a production box,I would highly appreciate any timely response.

Thanks in advance
krb5.conf.txt
smb.conf.txt
0
 
LVL 57

Expert Comment

by:giltjr
ID: 33499768
The 1st four error messages indicate that you are not able to connect to the LDAP server.

I would check it to make sure that there are no problems, check for network issues: ports going down and back up, traffic flooding, and things like that.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 33

Expert Comment

by:Dave Howe
ID: 33500278
I would suggest that, during outages, you test the ldap connection directly using a suitable ldap browser on the linux host (it will have command line tools already, but apache directory studio is an excellent, and free, gui tool you can run on the xwindows desktop)

I would suspect that something is overloaded - either the network link, the host's cpu/ram, the available sockets on the host, or the AD host with ldap on it - and discovering which it is would be the first diagnostic step.
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 33608034
OK... I'm going to add my 2-cents worth on this one:

1) Consider updating your Samba to 3.5 -- you are clearly using newer versions of Windows -- ESPECIALLY if your AD server is Windows Server 2008!

For a complete explanation of why I recommend this (even if you have to force install from someplace like SerNet or from source), read my article located here:
http://www.experts-exchange.com/Software/Server_Software/File_Servers/Samba/A_3545-Samba-for-Windows-Vista-and-later.html

2) Your config makes it clear that you're using Samba in an Active Directory environment. EVEN IF your Ubuntu system is has a DNS server installed locally, set your preferred DNS server to be the AD server. That is, make your /etc/resolv.conf file look like:
  search ADS.DOMAIN.NAME.local
  nameserver ADS.SERVER.IP
  nameserver 127.0.0.1 (assuming you ARE a DNS server for the domain)

3) Since you're clearly not having problems initially, there isn't likely any reason to test your ADS permissions -- any testjoin or similar debugging commands aren't likely to show any light.... so let's move on to more important topics.

Also included in the article referenced above is a suggestion to FORCE Samba to use port 445, INSTEAD of ports 137-139. Again, I won't repeat the contents of that article here, just suffice it to say that your /etc/samba/smb.conf file should have a line in it that says:
  smb ports = 445

In reality, if you're using Samba 3.5 or later, that's really a redundancy... but it won't hurt!

Please reply quickly after you try these suggestions -- I'll try to stay on top of this as well.

Dan
IT4SOHO
0
 
LVL 1

Author Comment

by:Peddu_bhanu
ID: 33680727
Hi it4soho;

So far so good, I have zeroed in on DNS. I will update once i monitor for 2 to 3 days.Thank you for your inputs.

Bhanu
0
 
LVL 87

Expert Comment

by:rindi
ID: 34977947
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now