Web lists-archives.com

Re: [Samba] Samba 4.6.2 member server errors




On Sun, 15 Oct 2017, Rowland Penny via samba wrote:

On Sun, 15 Oct 2017 13:38:13 -0400 (EDT)
me@xxxxxxxxxx wrote:

Yes I understand, however, there are 2 things I am concerned about.

When the errors are spewing, winbind never goes to sleep and the load
on the server runs somewhere between 6-8 constantly (as shown by
top.). Even when there is no one in the office and hence no files
being served I still see the high load.

When the errors stop (This happens intermittently) winbind will sleep
and the load settles down to < 1.

The other thing that concerns me is that I am wondering if this is an
indication that something more serious is about to break. It is one
thing for me to see things in the background and entirely something
else for it to impact the users. :-)

Suggestions?

Regards,


If nothing is connecting, then winbind shouldn't be doing much, so if
it is, you need to find out why.

Try running 'samba-tool dbcheck' on the DCs

dbcheck has the following output:

(vdc2 pts2) # samba-tool dbcheck
Checking 490 objects
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=User\0ADEL:5f387be0-63de-4486-b22a-bfff6bc2cbcb,CN=Deleted Objects,DC=samdom,DC=mydomain,DC=com - <GUID=bf3dbdad-516d-4ebc-beb9-2b9e3a1fa02b>;CN={A492ADAB-B0BE-4038-B6C7-B831D0C77359},CN=Policies,CN=System,DC=samdom,DC=mydomain,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=Machine\0ADEL:bc407cd8-3035-4a40-8171-f91616bd798f,CN=Deleted Objects,DC=samdom,DC=mydomain,DC=com - <GUID=bf3dbdad-516d-4ebc-beb9-2b9e3a1fa02b>;CN={A492ADAB-B0BE-4038-B6C7-B831D0C77359},CN=Policies,CN=System,DC=samdom,DC=mydomain,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=User\0ADEL:49f21be1-fe11-44fc-b483-28e06112084e,CN=Deleted Objects,DC=samdom,DC=mydomain,DC=com - <GUID=ab72e6be-b24a-4945-808c-1e1a366a1332>;CN={C8B52BEA-44ED-4A17-9B2D-0DAD8858286B},CN=Policies,CN=System,DC=samdom,DC=mydomain,DC=com
Not fixing old string component
NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=Machine\0ADEL:772380e7-e1e5-4614-81c2-ba7a40efa27e,CN=Deleted Objects,DC=samdom,DC=mydomain,DC=com - <GUID=ab72e6be-b24a-4945-808c-1e1a366a1332>;CN={C8B52BEA-44ED-4A17-9B2D-0DAD8858286B},CN=Policies,CN=System,DC=samdom,DC=mydomain,DC=com
Not fixing old string component
Checked 490 objects (0 errors)

Both dc's have the same output. The above says 0 errors but I am not sure if the
above is relevant to this discussion or not.


Check replication between the DCs

sysvol replication seems to be working. Is there something else I need to check?

Check the Samba logs on the DCs, is there anything relevant showing at
the time that winbind is overloading on the domain member

No, but I have not looked with logging turned up.

Raise the log levels on the DCs and domain members and see if anything
pops out.

At the moment winbind is quiet. I will turn logging up on the dc's and the
file servers and see what pops up.

What is a good log level for troubleshooting something like this?


One thing I noticed when I looked it your smb.conf again was this:

realm = SAMDOM.MYDOMAIN.com.COM

I take it this was just a typo when you sanitized it.

Yep!! You made me look to be sure though. :-)

If this is only happening on one domain member, try comparing the
various files on one with the other (/etc/hosts, /etc/krb5.conf and so
on).

They are identical modulo things like host names, etc.. I use ansible to manage
them and set variables where appropriate.

Regards,

--
Tom			me@xxxxxxxxxx

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba