Web lists-archives.com

Re: [Samba] Samba AD - Issue with winbindd: Could not write result




Il 23/06/2017 10:49, Rowland Penny via samba ha scritto:
Please see inline comments.

On Fri, 23 Jun 2017 07:09:47 +0200
Marco Coli <marco.coli@xxxxxxxxxxxxxxx> wrote:

cat /etc/resolv.conf
# Generated by NetworkManager
search niccolai.local
nameserver 10.0.0.253
Only thing wrong there is that you may be using the '.local' domain
(unless it is has been changed to hide the real domain). If it is the
real domain, remove Avahi if it is installed.

Done


I would change it to this:

10.0.0.253 nic-mail.niccolai.local nic-mail
10.0.0.? mail.niccolaitrafile.it mail
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Create a virtual network interface for the '10.0.0.?' address and
assign a 'IP'. Create a CNAME record for nic-server-mail to
nic-mail.niccolai.local, create a CNAME record for sogo to
'mail.niccolaitrafile.it'

To be done


Uncomment the 'forwarders' lines, I would just use the Google ones.

Done


zone "niccolai.homelinux.org" IN {
         type master;
          file "homelinux";
          allow-update { none; };
#        allow-transfer { 10.0.0.19; };
          notify yes;
};
Remove the above zone, you do not seem to be using it.

Done


zone "niccolaitrafile.it" IN {
         type master;
          file "niccolaitrafile.it";
          allow-update { none; };
#        allow-transfer { 10.0.0.19; };
#        notify yes;
};
--------
[root@nic-mail ~]# cat /etc/named.conf.
named.conf.DISTRIB  named.conf.rpmnew   named.conf.samba
[root@nic-mail ~]# cat /etc/named.conf.samba
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen
support. #
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba4/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
#dlz "niccolai.local" {
      # For BIND 9.8.0
      # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";

      # For BIND 9.9.0
       database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
};

----

[root@nic-mail ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
          workgroup = NICCOLAI
          realm = niccolai.local
          netbios name = NIC-MAIL
          server role = active directory domain controller
          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
#       idmap_ldb:use rfc2307 = yes
Uncomment the above line, you need it.

Done

          socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120
TCP_KEEPINTVL=10 TCP_KEEPCNT=5
You should let Samba set the above line for you.

Done (commented line)

I no longer use the Sernet packages, but can you check if there are any
other Sernet Samba packages available (Debian has one called
samba-dsdb-modules) and install them.

I am not saying that the changes I suggest will cure your problem, but
the should not make anything worse either.

Rowland



So far, with all cleaning you suggested except file hosts (I will do it in the next days, and thank you!) the problem remains.

I did a simple script which runs every 5 minutes in crontab, and check if wbinfo -u returns no lines, in this case it restart samba. Is the only temporary solution I did find by now... I see it restart samba 4/5 a day, in different hours, also by night without operational users.

Here is the script:
[root@nic-mail niccolai]# cat script_riavvio_samba.sh
if [ $(wbinfo -u | wc -l) -eq 0 ];
then
echo "Riavviato il servizio";
/usr/bin/systemctl restart sernet-samba-ad;
fi

Doing this, I have no more complaints from users about share not reacheable, or AD login not performed, and so on...

I have no resource problem:
[root@nic-mail niccolai]# free
total used free shared buff/cache available
Mem:       12139548     2649440      573128      202884 8916980     8830260
Swap:       5177340        1796     5175544

The server is doing a lot of other things without a problem, it started to have problems only with samba and only recently, I have no more clues...

Thank you for your indications!


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba