Web lists-archives.com

Re: [Samba] Winbindd crashed on DC




Hello Rowland,
the file is attached. However, without the call to "wbinfo -u" there is no problem. I thought
it might be the number of times the script ist run. ~2000 times a day. Not much I would think.

regards




Am Freitag, den 14.07.2017, 14:39 +0100 schrieb Rowland Penny via samba:
> On Fri, 14 Jul 2017 14:52:35 +0200
> Christian Naumer via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > Hello all,
> > I configured DHCPD on two of my DCs to update the DNS records
> > according to the wiki (https://w
> > iki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9).
> > This works now as expected (see my other post). The script used in
> > the wiki (dhcp-dyndns.sh) uses "wbinfo -u | grep dhcpduser" to check
> > if the user exists. This worked ok until I reduced the lease time
> > from several days to 3h for testing. Then after 1-2 days the winbindd
> > component of the DC crashed or something (didn't check what happened,
> > nothing in the logs at normal loglevel). This could be seen in that
> > no DNS updates were made as the script fails because wbinfo produces
> > no output. A restart of the samba-ad restored functionality. This
> > happend of both the DCs running the DHCP server but not on the other
> > two. Now I have removed the check for the user (no more wbinfo is
> > called) as I know it is there. And no crashes of winbindd since then.
> > Reducing the lease time to 3 hours is causing dns updates every 1-2
> > minutes and in this case also wbinfo -u calls. Should this be
> > investigated? Or is this a rare use case?
> > 
> > Just thought it might help somebody else.
> > 
> > 
> > Regards
> > 
> > 
> > Christian
> > 
> 
> If you followed the wiki, you should have this in /etc/dhcp/dhcpd.conf:
> 
> max-lease-time 1800; # 30 minutes
> 
> I don't get the crashes.
> 
> I think you should post your dhcpd conf files.
> 
> Rowland
> 

-- 
Dr. Christian Naumer
Research Scientist
Plattform-Koordinator Bioprozesstechnik

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn@xxxxxxxxxxxxxxxx, homepage www.brain-biotech.de
fon +49-6251-9331-30  /   fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Dr. Juergen Eck (Vorsitzender), Frank Goebel
Aufsichtsratsvorsitzender: Dr. Ludger Mueller
#FAILOVER
failover peer "dhcp-failover" {
        primary; # declare this to be the primary server
        address 192.168.0.x;
        port 647;
        peer address 192.168.0.x;
        peer port 647;
        max-response-delay 60;
        max-unacked-updates 10;
        load balance max seconds 3;
        mclt 3600;
        split 128;
}

omapi-port 7911;
omapi-key omapi_key;
key omapi_key {
        algorithm hmac-md5;
        secret xxx;
}
# BRAIN
subnet 192.168.0.0 netmask 255.255.x.x {
        option ntp-servers 192.168.0.x, 192.168.0.x, 192.168.0.x, 192.168.0.x;
        max-lease-time 10800;
        default-lease-time 10800;
        min-lease-time 3600;
        option netbios-node-type 8;
        option time-servers 192.168.0.x, 192.168.0.x, 192.168.0.x, 192.168.0.x;
        option domain-search "hq.samdom.de", "samdom.de", "samdom.com";
        option domain-name-servers 192.168.0.x,192.168.0.x,192.168.0.x,192.168.0.x;
        option domain-name "hq.samdom.de";
        option subnet-mask 255.255.x.x;
        option routers 192.168.0.x;
        ignore unknown-clients;
        update-static-leases true;
        update-optimization true;
        update-conflict-detection true;
        authoritative;
        }
on commit {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
#client-name also ok?
set ClientName = pick-first-value(option host-name, host-decl-name, config-option host-name, noname);
log(concat("Commit: IP: ", ClientIP, " DHCID: ", ClientDHCID, " Name: ", ClientName));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "add", ClientIP, ClientDHCID, ClientName);
}

on release {
set noname = concat("dhcp-", binary-to-ascii(10, 8, "-", leased-address));
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
set ClientDHCID = binary-to-ascii(16, 8, ":", hardware);
set ClientName = pick-first-value(option host-name, host-decl-name, config-option host-name, noname);
log(concat("Release: IP: ", ClientIP));
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP, ClientDHCID, ClientName);
}

on expiry {
set ClientIP = binary-to-ascii(10, 8, ".", leased-address);
# cannot get a ClientMac here, apparently this only works when actually receiving a packet
log(concat("Expired: IP: ", ClientIP));
# cannot get a ClientName here, for some reason that always fails
execute("/etc/dhcp/bin/dhcp-dyndns.sh", "delete", ClientIP,"0");
}
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba