On 15/02/2021 12:39, Francesc Guasch via samba wrote:> Hi. I have a samba server that suddenly gets smbd
> processes at 100% and becomes unusable.
>
> This is samba release 2:4.9.5+dfsg-5+deb10u1
> in this host:
>
> Operating System: Debian GNU/Linux 10 (buster)
> Kernel: Linux 4.19.0-14-amd64
>
> We use only LDAP backend.
>
> The process at 100% are smbd, but they won't show
> up in "samba-tool processes". Only that:
> notify-daemon 2764
Not sure that 'samba-tool' will work against an NT4-style PDC, it was
written to be used against Samba AD.
> I managed to get a
> stack trace from one of those processes:
>
> #0 __GI_raise (sig=sig at entry=6) at
../sysdeps/unix/sysv/linux/raise.c:50
> #1 0x00007fbe6baf2535 in __GI_abort () at abort.c:79
> #2 0x00007fbe6c4319e3 in dump_core () from
/lib/x86_64-linux-gnu/libsmbconf.so.0
> #3 0x00007fbe6c41e22b in smb_panic_s3 () from
/lib/x86_64-linux-gnu/libsmbconf.so.0
> #4 0x00007fbe6c7fe9df in smb_panic () from
/lib/x86_64-linux-gnu/libsamba-util.so.0
> #5 0x00007fbe6c7fec16 in ?? () from
/lib/x86_64-linux-gnu/libsamba-util.so.0
> #6 <signal handler called>
> #7 0x00007fbe6c8646fe in __GI___pthread_mutex_lock (mutex=0x55c78fd27c50)
at ../nptl/pthread_mutex_lock.c:80
> #8 0x00007fbe6aae53e9 in ?? () from /lib/x86_64-linux-gnu/libgnutls.so.30
> #9 0x00007fbe6aab962b in gnutls_record_send2 () from
/lib/x86_64-linux-gnu/libgnutls.so.30
> #10 0x00007fbe6b3d03a2 in ?? () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #11 0x00007fbe6b282108 in ?? () from /lib/x86_64-linux-gnu/liblber-2.4.so.2
> #12 0x00007fbe6b283411 in ber_int_sb_write () from
/lib/x86_64-linux-gnu/liblber-2.4.so.2
> #13 0x00007fbe6b27fb2b in ber_flush2 () from
/lib/x86_64-linux-gnu/liblber-2.4.so.2
> #14 0x00007fbe6b3bcfa1 in ldap_int_flush_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #15 0x00007fbe6b3bd27f in ldap_send_server_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #16 0x00007fbe6b3bd5f1 in ldap_send_initial_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #17 0x00007fbe6b3b21dc in ldap_sasl_bind () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #18 0x00007fbe6b3b262a in ldap_sasl_bind_s () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #19 0x00007fbe6b3b2eb0 in ldap_simple_bind_s () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
> #20 0x00007fbe6afb4d69 in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #21 0x00007fbe6afb5ade in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
> #22 0x00007fbe6afb624f in smbldap_search () from
/lib/x86_64-linux-gnu/libsmbldap.so.2
> #23 0x00007fbe6afb62a9 in smbldap_search_suffix () from
/lib/x86_64-linux-gnu/libsmbldap.so.2
> #24 0x00007fbe6af93add in smbldap_search_domain_info () from
/usr/lib/x86_64-linux-gnu/samba/libsmbldaphelper.so.0
> #25 0x00007fbe6c0b7ede in ?? () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #26 0x00007fbe6c0d4748 in make_pdb_method_name () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #27 0x00007fbe6c0d4a1e in ?? () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #28 0x00007fbe6c0d6d19 in initialize_password_db () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
> #29 0x00007fbe6c63932e in smbd_reinit_after_fork () from
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0
> #30 0x000055c78e2a7b3f in ?? ()
> #31 0x00007fbe6bc9803f in tevent_common_invoke_fd_handler () from
/lib/x86_64-linux-gnu/libtevent.so.0
> #32 0x00007fbe6bc9e05f in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
> #33 0x00007fbe6bc9c2d7 in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
> #34 0x00007fbe6bc977e4 in _tevent_loop_once () from
/lib/x86_64-linux-gnu/libtevent.so.0
>
> And here is an edited smb.conf
>
> netbios name = alu-a2
> workgroup = ALU
> realm = aluete.example.com
> interfaces = 127.0.0.1 192.168.68.7 192.168.81.8 192.168.68.11
> debug level = 4
> log file = /var/log/samba/%m.log
> max log size = 25
> #socket options = IPTOS_LOWDELAY TCP_NODELAY
> load printers = no
> keepalive = 600
> deadtime = 120
> os level = 99
> preferred master = yes
> domain master = yes
> local master = yes
> security = user
> domain logons = yes
> server max protocol = NT1
> ldap admin dn = "cn=admin,dc=example,dc=com"
> smbpasswd:/etc/samba/smbpasswd
> ldap ssl = off
> ldap passwd sync = yes
> passdb backend = ldapsam:ldaps://mero.example.com/
> ldap admin dn = cn=admin,dc=example,dc=com
> ldap suffix = ou=ALUETE,ou=EXAMPLEBCN,dc=example,dc=com
> ldap user suffix = ou=users
> ldap group suffix = ou=groups
> ldap machine suffix = ou=computers
> ldap idmap suffix = ou=Idmap
> add user script = /usr/sbin/smbldap-useradd -m "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"
> add machine script = /usr/sbin/smbldap-useradd -W -t 0 "%u"
> add group script = /usr/sbin/smbldap-groupadd -p "%g"
> add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
> delete user from group script = /usr/sbin/smbldap-groupmod -x
"%u" "%g"
> set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
> logon path = \\%L\profiles\%U
> logon drive = l:
> logon home = \\%N\%U
> logon script = logon.bat
> remote announce = 192.168.81.255 10.1.36.255
> wins support = yes
> algorithmic rid base = 1000
> dns proxy = yes
> hosts allow = 192.168.68. 192.168.36. 127.
> security = user
> max disk size = 60
> guest account = nobody
> ntlm auth = yes
> lanman auth = yes
> client ntlmv2 auth = yes
> load printers = no
>
> [IPC$]
> path = /tmp
> hosts allow= 10.0.36.0/24, 192.168.36.0/25, 192.168.36.128/25,
192.168.68.0/24, 192.168.81.0/24, 127.0.0.1/32 10.0.68.0/24 10.1.36.0/24
> hosts deny = 0.0.0.0/0
Why have you created a hidden share called 'IPC' ?
Is this a new PDC, or an existing one ?
Is apparmor running and possibly denying something ?
Is there anything in the Samba logs ?
Rowland