samba - Oct 2004 - Locking/Timeout Problems

hi,

we using samba3.0.7 with a ldap(tls). it works fine. no problems with dns
(reverse) lookups etc. all 20  xp clients can logon fast into the samba
machine and access all shares.

the problem since 3 weeks is, that after a while all shares freeze for 10-20
seconds in a user session and the user have to wait to continue. not all
user at the time. the user get no response from explorer, the computer
freezes. the only change is, that we installed 5-10 clients.

it looks like that sometimes users waiting for samba freeing resources or
something like that, but it's not truth, because in the samba log there are
no activities for that session. if the machine get the share's content, the
samba is starting with logging and the user can continue with work. what the
hell is xp doing in that case? or is samba wating for ldap? but the ldap
responses queries all the time without any problems. samba is a big machine
with 2gig ram, 0,5tg raid5 etc. and has enough reserves.

and the next problem is, that after freezing outlook looses the connection
to the pst file on home drive. with restarting outlook the pst is locked.
after 6 reboots or waiting 10 minutes outlook can access the file. when is
samba releasing the read/write lock for files with lost connections?

27757  DENY_WRITE 0x2019f     RDWR       NONE
/media/array/home/mess/Outlook.pst

we install etheral on samba and xp client. we found out the samba is missing
the guest account or cannot find some files etc. trying every configuration
tweaks, we downgraded to samba 3.05... at the end we doesnt found a
solution, frustrating. the user are irritated. my boss is pissed off.

have someone an idea. it will be great. i dont want replace samba with a
windose machine to fix the problem :(

cheers tom

our current running smb.conf/attempt:

[global]
     ;; debugging support
     ;debug level = 9
     ;debug hires timestamp = Yes

     ; basic server settings
     netbios name = PDC2
;     netbios aliases = PFS2 PPS2
     server string = ESMT Server
     workgroup = ESMT-BERLIN
     announce version = 5.0
     announce as = Windows 2000 Enterprise Server
     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
     ; socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192

     ; user and machine account backends
     passdb backend = ldapsam:"ldap://ldap1.campus.esmt.org" guest
     ; name resolve order = host lmhosts wins bcast

     ; should act as the domain and local master browser
     os level = 64
     preferred master = yes
     domain master = yes
     local master = yes

     ; security settings
     security = user

     ; necessary for domain controller
     encrypt passwords = yes

     ; support domain logons
     domain logons = yes
     
     ; user's home and profile directory
     logon drive = H:
     logon home = \\PDC2\%U
     logon path = \\PDC2\profile$\%U

     ; ldap related stuff
     ldap suffix = o=berlin,dc=esmt,dc=org
     ldap admin dn = cn=manager,ou=samba,o=berlin,dc=esmt,dc=org
     ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"
     ldap ssl = start tls
     #ldap ssl = yes
     #ldap ssl = no
     ldap delete dn = no
     ldap user suffix = ou=users
     ldap machine suffix = ou=samba
     ; ldap trust ids = yes
     
     ; sync samba with unix password
     ; unix password sync = yes
     ; passwd program = /usr/local/sbin/ldapsync.pl -o %u
     ; passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying* 
     ; passwd chat debug = yes
     ldap passwd sync = yes

     ; idmap backend = ldap:ldap://192.168.52.31
     ; ldap idmap suffix = ou=samba,o=munich,dc=esmt,dc=org
     ; idmap uid = 10000-20000
     ; idmap gid = 10000-20000

     ; wins server
     wins support = yes
     remote announce = 192.168.52.23/ESMT-MUNICH
        remote browse sync = 192.168.52.23
     ; wins support = yes
     ; wins server = 192.168.90.33 192.168.52.23
     ; dns proxy = no

     ; using interface protection
     interfaces = eth0 lo
     bind interfaces only = yes

     ; fs related stuff
     hide dot files = yes

     ; auto-disconnection
     root postexec = echo -e "[%T] auto-disconnection\n  %u disconnected
from %S from %m (%I)" >> /usr/local/samba/var/log.smbd
     deadtime = 0

     ; limitations
     max log size = 200000
     max connections = 0
     max smbd processes = 0

     ; time server
     time server = yes

     ; Listen for SMB traffic only on port 139. This may help avoid
         ; lost connection issues under Windows XP.
         smb ports = 139

; using a ipc share deny
[ipc$]
     hosts allow = 0.0.0.0/0
;     hosts allow = 192.168.80.0/24 192.168.52.0/24 192.168.16.0/24
127.0.0.1
     
     ; hosts allow = 192.168.80. EXCEPT 192.168.80.10
;     hosts deny = 0.0.0.0/0
     
     ; hosts deny = localhost 0.0.0.0/0
     path = /var/tmp

; necessary share for domain controller
[netlogon]

     path = /media/array/netlogon
     guest ok = yes
     read only = yes
     write list = ntadmin
     browseable = no

; share for storing user profises
[profile$]

       comment = Profile Data
     path = /media/array/profile
        read only = no
       create mask = 0660
        directory mask = 0770
     profile acls = yes
      ; oplocks = no
     ; level2 oplocks = no
     ; this stops w2k fucking up it's logon
        veto oplock files = /prf*.tmp/
       ; veto files = /prf*.tmp/
     ; delete veto files = yes
     csc policy = disable
     ; next line allows administrator to access all profiles
     force group = admins
     valid users = %U @"Domain Admins"

; share for global system data
[system$]

       comment = Global System Data
        path = /media/array/system
        browseable = no
       read only = no
        create mode = 0700
     directory mask = 0700
      ; oplocks = no
     ; level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes
     ; valid users = %U @"Domain Admins"


; share for netboot
[netmc$]

       comment = NetMC Administrative Share
        path = /media/array/netmc
        browseable = no
       read only = no
        create mode = 0760
     directory mask = 0770
      ; oplocks = no
     ; level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes
     ; valid users = %U @"Domain Admins"

[it$]
       comment = IT Department Administrative Share
       path = /media/array/admin
        browseable = no
       read only = no
        create mode = 0760
     directory mask = 0770
      ; oplocks = no
     ; level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes

; home directories
[homes]

       comment = Home Directory
        path = /media/array/home/%U
        browseable = no
       read only = no
        create mode = 0770
     directory mask = 0770
      ; oplocks = no
     ; level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes
        veto files = /test.tmp/
     delete veto files = yes
     ; next line allows administrator to access all homes
     force group = admins
     valid users = %U @"Domain Admins"

; share all printers
[printers]
     comment = All Printers
     path = /var/spool/samba
     browseable = no
     ; Set public = yes to allow user 'guest account' to print
     guest ok = no
     writable = yes
     printable = yes
     create mode = 0700
     write list = root, @"Domain Admins"

; share printer driver
[print$]
     comment = Printer Driver Download Area
     path = /media/array/drivers
     browseable = yes
     guest ok = yes
     read only = yes
     write list = root, @"Domain Admins"

; public share
[public]

     path = /media/array/public
     browseable = yes
     guest ok = yes
     read only = no
     create mask = 0760
     directory mask = 0770
      ; oplocks = no
     ; level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes
     ; valid users = %U @"Domain Admins"

; sysvol share
[SYSVOL]

     path = /media/array/sysvol
     browseable = yes
     guest ok = yes
     read only = yes
     create mask = 0760
     directory mask = 0770
      oplocks = no
     level2 oplocks = no
     map system = yes
     map hidden = yes
     map archive = yes

i forget to write, that the nscd daemon is allways crashing to a not
specified time and we have added:

*/1 * * * * rcnscd status >/dev/nul 2>&1 || rcnscd start >/dev/nul
2>&1

in the crontab till we found the bug or a solution.

we using sles8 on a siemens p250 with a storage unit. i dont know if the
trouble starts with last online updates from suse. is debian a solution? why
nscd crashing? i dont know...

regards tom


On 01.10.2004 14:13 Uhr, "Thomas Werner" <werner@esmt.org>
wrote:
> hi,
> 
> we using samba3.0.7 with a ldap(tls). it works fine. no problems with dns
> (reverse) lookups etc. all 20  xp clients can logon fast into the samba
> machine and access all shares.
> 
> the problem since 3 weeks is, that after a while all shares freeze for
10-20
> seconds in a user session and the user have to wait to continue. not all
> user at the time. the user get no response from explorer, the computer
> freezes. the only change is, that we installed 5-10 clients.
> 
> it looks like that sometimes users waiting for samba freeing resources or
> something like that, but it's not truth, because in the samba log there
are
> no activities for that session. if the machine get the share's content,
the
> samba is starting with logging and the user can continue with work. what
the
> hell is xp doing in that case? or is samba wating for ldap? but the ldap
> responses queries all the time without any problems. samba is a big machine
> with 2gig ram, 0,5tg raid5 etc. and has enough reserves.
> 
> and the next problem is, that after freezing outlook looses the connection
> to the pst file on home drive. with restarting outlook the pst is locked.
> after 6 reboots or waiting 10 minutes outlook can access the file. when is
> samba releasing the read/write lock for files with lost connections?
> 
> 27757  DENY_WRITE 0x2019f     RDWR       NONE
> /media/array/home/mess/Outlook.pst
> 
> we install etheral on samba and xp client. we found out the samba is
missing
> the guest account or cannot find some files etc. trying every configuration
> tweaks, we downgraded to samba 3.05... at the end we doesnt found a
> solution, frustrating. the user are irritated. my boss is pissed off.
> 
> have someone an idea. it will be great. i dont want replace samba with a
> windose machine to fix the problem :(
> 
> cheers tom
> 
> our current running smb.conf/attempt:
> 
> [global]
>      ;; debugging support
>      ;debug level = 9
>      ;debug hires timestamp = Yes
> 
>      ; basic server settings
>      netbios name = PDC2
> ;     netbios aliases = PFS2 PPS2
>      server string = ESMT Server
>      workgroup = ESMT-BERLIN
>      announce version = 5.0
>      announce as = Windows 2000 Enterprise Server
>      socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
> SO_RCVBUF=8192
>      ; socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> 
>      ; user and machine account backends
>      passdb backend = ldapsam:"ldap://ldap1.campus.esmt.org"
guest
>      ; name resolve order = host lmhosts wins bcast
> 
>      ; should act as the domain and local master browser
>      os level = 64
>      preferred master = yes
>      domain master = yes
>      local master = yes
> 
>      ; security settings
>      security = user
> 
>      ; necessary for domain controller
>      encrypt passwords = yes
> 
>      ; support domain logons
>      domain logons = yes
>      
>      ; user's home and profile directory
>      logon drive = H:
>      logon home = \\PDC2\%U
>      logon path = \\PDC2\profile$\%U
> 
>      ; ldap related stuff
>      ldap suffix = o=berlin,dc=esmt,dc=org
>      ldap admin dn = cn=manager,ou=samba,o=berlin,dc=esmt,dc=org
>      ldap filter = "(&(uid=%u)(objectClass=sambaSamAccount))"
>      ldap ssl = start tls
>      #ldap ssl = yes
>      #ldap ssl = no
>      ldap delete dn = no
>      ldap user suffix = ou=users
>      ldap machine suffix = ou=samba
>      ; ldap trust ids = yes
>      
>      ; sync samba with unix password
>      ; unix password sync = yes
>      ; passwd program = /usr/local/sbin/ldapsync.pl -o %u
>      ; passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *modifying* 
>      ; passwd chat debug = yes
>      ldap passwd sync = yes
> 
>      ; idmap backend = ldap:ldap://192.168.52.31
>      ; ldap idmap suffix = ou=samba,o=munich,dc=esmt,dc=org
>      ; idmap uid = 10000-20000
>      ; idmap gid = 10000-20000
> 
>      ; wins server
>      wins support = yes
>      remote announce = 192.168.52.23/ESMT-MUNICH
>         remote browse sync = 192.168.52.23
>      ; wins support = yes
>      ; wins server = 192.168.90.33 192.168.52.23
>      ; dns proxy = no
> 
>      ; using interface protection
>      interfaces = eth0 lo
>      bind interfaces only = yes
> 
>      ; fs related stuff
>      hide dot files = yes
> 
>      ; auto-disconnection
>      root postexec = echo -e "[%T] auto-disconnection\n  %u
disconnected
> from %S from %m (%I)" >> /usr/local/samba/var/log.smbd
>      deadtime = 0
> 
>      ; limitations
>      max log size = 200000
>      max connections = 0
>      max smbd processes = 0
> 
>      ; time server
>      time server = yes
> 
>      ; Listen for SMB traffic only on port 139. This may help avoid
>          ; lost connection issues under Windows XP.
>          smb ports = 139
> 
> ; using a ipc share deny
> [ipc$]
>      hosts allow = 0.0.0.0/0
> ;     hosts allow = 192.168.80.0/24 192.168.52.0/24 192.168.16.0/24
> 127.0.0.1
>      
>      ; hosts allow = 192.168.80. EXCEPT 192.168.80.10
> ;     hosts deny = 0.0.0.0/0
>      
>      ; hosts deny = localhost 0.0.0.0/0
>      path = /var/tmp
> 
> ; necessary share for domain controller
> [netlogon]
> 
>      path = /media/array/netlogon
>      guest ok = yes
>      read only = yes
>      write list = ntadmin
>      browseable = no
> 
> ; share for storing user profises
> [profile$]
> 
>        comment = Profile Data
>      path = /media/array/profile
>         read only = no
>        create mask = 0660
>         directory mask = 0770
>      profile acls = yes
>       ; oplocks = no
>      ; level2 oplocks = no
>      ; this stops w2k fucking up it's logon
>         veto oplock files = /prf*.tmp/
>        ; veto files = /prf*.tmp/
>      ; delete veto files = yes
>      csc policy = disable
>      ; next line allows administrator to access all profiles
>      force group = admins
>      valid users = %U @"Domain Admins"
> 
> ; share for global system data
> [system$]
> 
>        comment = Global System Data
>         path = /media/array/system
>         browseable = no
>        read only = no
>         create mode = 0700
>      directory mask = 0700
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> 
> ; share for netboot
> [netmc$]
> 
>        comment = NetMC Administrative Share
>         path = /media/array/netmc
>         browseable = no
>        read only = no
>         create mode = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> [it$]
>        comment = IT Department Administrative Share
>        path = /media/array/admin
>         browseable = no
>        read only = no
>         create mode = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
> 
> ; home directories
> [homes]
> 
>        comment = Home Directory
>         path = /media/array/home/%U
>         browseable = no
>        read only = no
>         create mode = 0770
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>         veto files = /test.tmp/
>      delete veto files = yes
>      ; next line allows administrator to access all homes
>      force group = admins
>      valid users = %U @"Domain Admins"
> 
> ; share all printers
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      browseable = no
>      ; Set public = yes to allow user 'guest account' to print
>      guest ok = no
>      writable = yes
>      printable = yes
>      create mode = 0700
>      write list = root, @"Domain Admins"
> 
> ; share printer driver
> [print$]
>      comment = Printer Driver Download Area
>      path = /media/array/drivers
>      browseable = yes
>      guest ok = yes
>      read only = yes
>      write list = root, @"Domain Admins"
> 
> ; public share
> [public]
> 
>      path = /media/array/public
>      browseable = yes
>      guest ok = yes
>      read only = no
>      create mask = 0760
>      directory mask = 0770
>       ; oplocks = no
>      ; level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>      ; valid users = %U @"Domain Admins"
> 
> ; sysvol share
> [SYSVOL]
> 
>      path = /media/array/sysvol
>      browseable = yes
>      guest ok = yes
>      read only = yes
>      create mask = 0760
>      directory mask = 0770
>       oplocks = no
>      level2 oplocks = no
>      map system = yes
>      map hidden = yes
>      map archive = yes
>  
> 
> 
> 
> 
Dipl. Betriebswirt(BA) f. Inf. Thomas Werner
Webmaster / Network Administrator
ESMT European School of Management and Technology GmbH
Schlossplatz 1
D-10178 Berlin 
Germany 

Tel: +49 (0)30 21231 - 1085
Fax: +49 (0)30 21231 - 9
E-mail: werner@esmt.org
Web: http://www.esmt.org