samba - Jun 2017 - Samba AD - Issue with winbindd: Could not write result

Hello,

I have the same problems outlined in this old thread...
Only difference the original poster was on RHEL6.X, I am on RHEL7, he 
compiled samba on its own, I used Sernet Samba (latest)...

Unfortunately there is no solution on this thread. Suggestions?

Thank you

On Thu, 22 Jun 2017 14:47:36 +0200
Marco Coli via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> I have the same problems outlined in this old thread...
> Only difference the original poster was on RHEL6.X, I am on RHEL7, he 
> compiled samba on its own, I used Sernet Samba (latest)...
> 
> Unfortunately there is no solution on this thread. Suggestions?
> 
> Thank you
> 
Yikes, that was from nearly two years ago.

Can you post:
/etc/resolv.conf
/etc/hostname
/etc/hosts
If using Bind9, its conf files
/etc/samba/smb.conf
/etc/krb5.conf

Rowland

Il 22/06/2017 15:30, Rowland Penny via samba ha scritto:
> On Thu, 22 Jun 2017 14:47:36 +0200
> Marco Coli via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I have the same problems outlined in this old thread...
>> Only difference the original poster was on RHEL6.X, I am on RHEL7, he
>> compiled samba on its own, I used Sernet Samba (latest)...
>>
>> Unfortunately there is no solution on this thread. Suggestions?
>>
>> Thank you
>>
> Yikes, that was from nearly two years ago.
>
> Can you post:
> /etc/resolv.conf
> /etc/hostname
> /etc/hosts
> If using Bind9, its conf files
> /etc/samba/smb.conf
> /etc/krb5.conf
>
> Rowland
>
Yes very old, but it is the only similar problem (quite identical) I did 
find.

Thank you for your interest, here we are:
cat /etc/resolv.conf
# Generated by NetworkManager
search niccolai.local
nameserver 10.0.0.253
----
[root at nic-mail ~]# cat /etc/hostname
nic-mail
----
[root at nic-mail ~]# cat /etc/hosts
10.0.0.253      nic-mail mail.niccolaitrafile.it nic-server-mail 
nic-mail.niccolai.local nic-server-mail.niccolai.local 
sogo.niccolaitrafile.it
127.0.0.1   localhost localhost.localdomain localhost4 
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 
localhost6.localdomain6
____

[root at nic-mail ~]# cat /etc/named.conf
include "/etc/rndc.key";
# include "/var/lib/samba/private/named.conf";
include "/etc/named.conf.samba";

//
// named.conf for Red Hat caching-nameserver
//

options {
         directory "/var/named";
         dump-file "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         /*
          * If there is a firewall between you and nameservers you want
          * to talk to, you might need to uncomment the query-source
          * directive below.  Previous versions of BIND always asked
          * questions using port 53, but BIND 8.1 uses an unprivileged
          * port by default.
          */
         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
          // query-source address * port 53;
//        forward first;
//        forwarders {
//              8.8.8.8;
//              8.8.4.4;
#                151.99.125.2;
#               151.99.250.2;
#                213.92.5.54;
#                194.185.88.5;
#                151.99.125.3;
  //               };

};

//
// a caching only nameserver config
//
controls {
         inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

zone "." IN {
         type hint;
         file "named.ca";
};

zone "localdomain" IN {
         type master;
         file "localdomain.zone";
         allow-update { none; };
};

zone "localhost" IN {
         type master;
         file "localhost.zone";
         allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
         type master;
         file "named.local";
         allow-update { none; };
};

zone 
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
         type master;
         file "named.ip6.local";
         allow-update { none; };
};

//zone "255.in-addr.arpa" IN {
//      type master;
//      file "named.broadcast";
//      allow-update { none; };
// };

//zone "0.in-addr.arpa" IN {
//      type master;
//      file "named.zero";
//      allow-update { none; };
//};

#zone "niccolai" IN {
#        type master;
#        file "niccolai";
#        allow-update { key "rndckey" ; };
##        allow-transfer { 10.0.0.19; };
##        notify yes;
#};
#zone "10.in-addr.arpa" IN {
#        type master;
#        file "10.in-addr.arpa";
#        allow-update { key "rndckey" ; };
##        allow-transfer { 10.0.0.19; };
##        notify yes;
#};

zone "niccolai.homelinux.org" IN {
        type master;
         file "homelinux";
         allow-update { none; };
#        allow-transfer { 10.0.0.19; };
         notify yes;
};

zone "niccolaitrafile.it" IN {
        type master;
         file "niccolaitrafile.it";
         allow-update { none; };
#        allow-transfer { 10.0.0.19; };
#        notify yes;
};
--------
[root at nic-mail ~]# cat /etc/named.conf.
named.conf.DISTRIB  named.conf.rpmnew   named.conf.samba
[root at nic-mail ~]# cat /etc/named.conf.samba
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba4/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
#dlz "niccolai.local" {
     # For BIND 9.8.0
     # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";

     # For BIND 9.9.0
      database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
};

----

[root at nic-mail ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
         workgroup = NICCOLAI
         realm = niccolai.local
         netbios name = NIC-MAIL
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
#       idmap_ldb:use rfc2307 = yes
         interfaces = 127.0.0.1 10.0.0.253
         bind interfaces only = yes
         unix extensions = yes
         allow insecure wide links = Yes
         # Inseriti per evitare blocco per troppi files aperti
#       deadtime = 20
#       max open files = 490000
         socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 
TCP_KEEPINTVL=10 TCP_KEEPCNT=5
         ldap server require strong auth = no
# Aggiunto da TT 13/6
##        client use spnego = no
##       client ntlmv2 auth = no
##        client ipc max protocol = NT1
# Aggiunto da TT 19/6
##      client ldap sasl wrapping = plain

[netlogon]
         path = /var/lib/samba/sysvol/niccolai.local/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[profiles]
         path = /archivi/samba/profiles
         read only = no

[dati]
         comment = Directory di lavoro
         path = /archivi/samba/dati
         read only = no
         wide links = yes

[Com]
         comment= Commesse
         path = /archivi/samba/dbcommesse
         read only = No
         public = yes
         wide links = yes

[Scambio]
         comment= Scambio
         path = /archivi/samba/scambio
         read only = No
         writeable = yes

[Acquisti]
         path = /archivi/samba/acquisti
         read only = No
         wide links = yes

[Commerciale]
         path = /archivi/samba/commerciale
         read only = no
         wide links = yes

[Contabilita]
         path = /archivi/samba/contabilita
         read only = no

[Tecnico]
         path = /archivi/samba/tecnico
         read only = no

[Amministrazione]
         path = /archivi/samba/amministrazione
         read only = no

[Info$]
         path = /archivi/samba/informatica
         read only = no
         wide links = yes

[manuali]
         path = /archivi/samba/manuali
         read only = no
         wide links = yes

[officina]
         path = /archivi/samba/officina
         read only = no

[magazzino_inserti]
         path = /archivi/samba/MAGAZZINO_INSERTI
         read only = no

[Foto]
         path = /archivi/samba/foto
         read only = no
         wide links = yes

[Contenit]
         path = /archivi/samba/contenitori
         read only = no
         wide links = yes

#[Backup]
#        path = /BACKUP
#        browseable = yes
#       read only = no
#        read only = yes
#       vfs objects = acl_xattr

[Collaudo]
         path = /archivi/samba/collaudo
         read only = no
#       vfs objects = acl_xattr

[Certificati_conformita]
         path = /archivi/samba/certificati_conformita
         read only = no

[Manuali_Macchine]
         path = /archivi/samba/MANUALI_MACCHINE
         read only = no
         wide links = yes

[Deployment]
         path = /archivi/samba/DEPLOYMENT
         read only = no
         guest ok = yes

-----
[root at nic-mail ~]# cat /etc/krb5.conf
[libdefaults]
         default_realm = NICCOLAI.LOCAL
         dns_lookup_realm = false
         dns_lookup_kdc = true


After some hours the services are down,  the output of wbinfo -u becomes 
empty, and some weird login/share problems begin.
If I restart the services (systemctl restart sernet-samba-ad ) all is ok.

It worked flawlessy for years, until 15 days ago... The server is 
updated with latest kernel and latest samba:
[root at nic-mail ~]# uname -a
Linux nic-mail 3.10.0-514.21.2.el7.x86_64 #1 SMP Sun May 28 17:08:21 EDT 
2017 x86_64 x86_64 x86_64 GNU/Linux
[root at nic-mail ~]# rpm -qa |grep samba
sernet-samba-libsmbclient0-4.6.5-8.el7.x86_64
sernet-samba-4.6.5-8.el7.x86_64
sernet-samba-libs-4.6.5-8.el7.x86_64
sernet-samba-common-4.6.5-8.el7.x86_64
sernet-samba-client-4.6.5-8.el7.x86_64
sernet-samba-ad-4.6.5-8.el7.x86_64
sernet-samba-winbind-4.6.5-8.el7.x86_64

Thank you!