Hi,
I have an strange issue on our company network. We run samba4 ad-dc's on
four branches as separate sites, they are connected via ipsec tunnels,
all servers are debian wheezy systems using sernet 4.1.9-8 samba packages.
We use roaming profiles with folder redirection configured via GPo's. In
tree of the four branches users suddenly losse the connection to their
home shares, since their appdata and desktop folders are redirected
there desktop goes blank and all types of errors pop up. If i look at
the samba server i can see the all shares are still available beside the
homes share and the sare with the username. It's fixable with an samba
restart on the server side. It never happens on the main site just at
the branches.
First this happen every two weeks or so on tree branches thougt i can
prevent it by restarting samba every night but that did not help.
Two days ago i upgraded samba from 4.1.4-7 to 4.1.9-8 and since then it
happes twice a day.
Here's the config we use at all four locations with differen netbios
name's of course.
# Global parameters
[global]
workgroup = DOMAIN
realm = domain.local
netbios name = SERVER
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = 192.168.160.200
template shell = /bin/bash
log level = 3
wins support = Yes
deadtime = 10
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120
TCP_KEEPINTVL=10 TCP_KEEPCNT=5
ea support = yes
store dos attributes = yes
map readonly = no
map archive = no
map system = no
map hidden = no
strict allocate = yes
acl allow execute always = yes
vfs objects = dfs_samba4, acl_xattr, aio_pthread
aio read size = 1024
aio write size = 1024
csc policy = disable
reset on zero vc = yes
idmap config * : range = 3000000-4000000
[netlogon]
root preexec = /etc/samba/scripts/user.py "%U"
path = /var/lib/samba/sysvol/fot.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
path = /data/profiles
read only = no
[homes]
read only = No
[data]
path = /data/data
read only = No
inherit acls = Yes
[applic]
path = /data/applic
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/lib/samba/printing
browseable = Yes
read only = No
printable = Yes
[print$]
comment = Point and Print Printer Drivers
path = /var/lib/samba/drivers
read only = No
Unfortunately i have no error messages from log.smbd, had the log level
increased from1 to 3 and it seems to rotate once it reaches 5MB, another
thing i have to investigate now, there is no logrotate configuration
which interferes here.
I remember seeing errors like "service [username]not found trying
[username] as a printer".
Once it starts to happen for one user others can work for an while and
access there home shares but they loose them in an timeframe of about an
hour.
Have some of you seens such an behavior? It looks kinda dubious here
atm. :-)
achim~
Am 08.07.2014 11:23, schrieb Achim Gottinger:> Hi, > > I have an strange issue on our company network. We run samba4 ad-dc's > on four branches as separate sites, they are connected via ipsec > tunnels, all servers are debian wheezy systems using sernet 4.1.9-8 > samba packages. > We use roaming profiles with folder redirection configured via GPo's. > In tree of the four branches users suddenly losse the connection to > their home shares, since their appdata and desktop folders are > redirected there desktop goes blank and all types of errors pop up. If > i look at the samba server i can see the all shares are still > available beside the homes share and the sare with the username. It's > fixable with an samba restart on the server side. It never happens on > the main site just at the branches. > First this happen every two weeks or so on tree branches thougt i can > prevent it by restarting samba every night but that did not help. > Two days ago i upgraded samba from 4.1.4-7 to 4.1.9-8 and since then > it happes twice a day. > > Here's the config we use at all four locations with differen netbios > name's of course. > > # Global parameters > [global] > workgroup = DOMAIN > realm = domain.local > netbios name = SERVER > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > dns forwarder = 192.168.160.200 > template shell = /bin/bash > log level = 3 > wins support = Yes > deadtime = 10 > socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 > TCP_KEEPINTVL=10 TCP_KEEPCNT=5 > ea support = yes > store dos attributes = yes > map readonly = no > map archive = no > map system = no > map hidden = no > strict allocate = yes > acl allow execute always = yes > vfs objects = dfs_samba4, acl_xattr, aio_pthread > aio read size = 1024 > aio write size = 1024 > csc policy = disable > reset on zero vc = yes > idmap config * : range = 3000000-4000000 > > [netlogon] > root preexec = /etc/samba/scripts/user.py "%U" > path = /var/lib/samba/sysvol/fot.local/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [profiles] > path = /data/profiles > read only = no > > [homes] > read only = No > > [data] > path = /data/data > read only = No > inherit acls = Yes > > [applic] > path = /data/applic > read only = No > inherit acls = Yes > > [printers] > comment = All Printers > path = /var/lib/samba/printing > browseable = Yes > read only = No > printable = Yes > > [print$] > comment = Point and Print Printer Drivers > path = /var/lib/samba/drivers > read only = No > > Unfortunately i have no error messages from log.smbd, had the log > level increased from1 to 3 and it seems to rotate once it reaches 5MB, > another thing i have to investigate now, there is no logrotate > configuration which interferes here. > I remember seeing errors like "service [username]not found trying > [username] as a printer". > > Once it starts to happen for one user others can work for an while and > access there home shares but they loose them in an timeframe of about > an hour. > > Have some of you seens such an behavior? It looks kinda dubious here > atm. :-) > > achim~ >Hmm only differnce between main site and the branches was this setting only defined at the main site. reset on zero vc = yes Added it to the branches configs, increased log level to 5 and max log size to 500MB and have to wait if the issue appears again.
Possibly Parallel Threads
- after identify labels dissapear XP
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Noob question: user moved to a OU dissapear from getent, but groups don't
- Xen 3.1.0 and openSuse 10.3 - xenbr0 won''t dissapear