Re: [Samba] Debugging Samba is a total PITA and this needs to improve

On 21/05/2019 13:29, Sven Schwedas via samba wrote:
On 21.05.19 14:16, Rowland penny via samba wrote:> You need to
investigate your DB problems

Great, but how?

I see no reason to have different smb.conf files for different Unix
domain members, just don't have 'netbios name' in any smb.conf.
There's also share definitions in the files which I omitted, which are
the actual meat of the config files.

Fair enough for different shares on different clients, but I wouldn't use includes for anything else.

You will also be better better off having 'vfs objects = acl_xattr' in
your smb.conf and setting the permissions from Windows.
Will that work when half the clients aren't Windows to begin with, and
ACLs still need to work when people can SSH into the server?

What is the point of this:

     winbind max domain connections = 32

If you also have:

     winbind offline logon = yes
Will it hurt?
No, but the '32' will be ignored if offline logon is set to 'yes'

Finally and what could be contributing to your problem:

This could be set too high:
     winbind expand groups = 4
Why would that suddenly break after working for years, when the deepest
nesting we actually see is 1?

And going by smb.conf, at most it could lead to timeouts, which is not
the problem we're seeing?

Try reading 'man smb.conf' where you will find this under 'winbind expand groups':

Be aware that a high value for this parameter can result in system slowdown as the main parent winbindd daemon must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time.

This is possibly why you are having your problem.

This is *exactly* what I meant with bike shedding. "This has nothing to
do with your problem, but let's waste days on this anyway, it's not
*our* prod environment that's offline in the meantime" is really not a
great attitude.

We are nowhere near your computers, so can only ask questions and offer advice, if you do not like this, have a read here:


Find someone near you and pay for support.


