samba - Jul 2014 - Lots of NMBD zombie processes

Hello,

I am running a Samba 4 DC, recently upgraded to the latest version and I
have just installed a member server to run as a File Server (Samba 4.1.9).

While it seems to be working properly, we are getting a lot of zombie nmbd
processes on the member server, running the command *pidof nmbd* results in:

*[root at BHFS01 etc]# pidof nmbd*
*12861 12644 12404 12236 12071 11885 11720 11553 11388 11201 11036 10869
10704 10518 10353 10186 10020 9834 9669 9502 9337 9151 8985 8818 8653 8467
8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380 6189 6024 5857 5692
5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691 3526 3339 3174 3006
2841 2655 2429 2149 1855 1505*

Restarting the nmbd service fixes the problem, but the above processes are
what we get in a single day. I do not want to restart the service each
night to fix this, but I am not sure where the problem is either.

My SMB.conf is the following:

*[global]*

*   netbios name = BHFS01*
*   workgroup = BUH*
*   security = ADS*
*   realm = SAMDOM*
*   encrypt passwords = yes*
*   vfs objects = acl_xattr full_audit*
*   map acl inherit = yes*
*   store dos attributes = yes*
*   #log level = 3*

*   idmap config *:backend = tdb*
*   idmap config *:range = 10001-20000*
*   idmap config BUH:backend = rid*
*   idmap config BUH:schema_mode = rfc2307*
*   idmap config BUH:range = 10000-20000*
*   idmap config BUH:base_rid = 0*

*   winbind nss info = rfc2307*
*   winbind trusted domains only = no*
*   winbind use default domain = yes*
*   winbind enum users  = yes*
*   winbind enum groups = yes*
*...*
*   full_audit:prefix = %u|%I|%S*
*   full_audit:success = mkdir rename unlink rmdir pwrite*
*   full_audit:failure = none*
*   full_audit:facility = local7*
*   full_audit:priority = NOTICE*

*[Data]*
*   path = /DataStorage/Data*
*   read only = no*

Like previously stated, I do not know where to further look to help
diagnose this problem. Any pointers are more than welcome :)

Thank you!

George

On 20/07/14 09:16, George Itee wrote:
> Hello,
>
> I am running a Samba 4 DC, recently upgraded to the latest version and I
> have just installed a member server to run as a File Server (Samba 4.1.9).
>
> While it seems to be working properly, we are getting a lot of zombie nmbd
> processes on the member server, running the command *pidof nmbd* results
in:
>
> *[root at BHFS01 etc]# pidof nmbd*
> *12861 12644 12404 12236 12071 11885 11720 11553 11388 11201 11036 10869
> 10704 10518 10353 10186 10020 9834 9669 9502 9337 9151 8985 8818 8653 8467
> 8302 8135 7970 7783 7618 7234 7069 6878 6713 6545 6380 6189 6024 5857 5692
> 5496 5330 5163 4998 4799 4633 4466 4300 4084 3858 3691 3526 3339 3174 3006
> 2841 2655 2429 2149 1855 1505*
>
> Restarting the nmbd service fixes the problem, but the above processes are
> what we get in a single day. I do not want to restart the service each
> night to fix this, but I am not sure where the problem is either.
>
> My SMB.conf is the following:
>
> *[global]*
>
> *   netbios name = BHFS01*
> *   workgroup = BUH*
> *   security = ADS*
> *   realm = SAMDOM*
> *   encrypt passwords = yes*
> *   vfs objects = acl_xattr full_audit*
> *   map acl inherit = yes*
> *   store dos attributes = yes*
> *   #log level = 3*
>
> *   idmap config *:backend = tdb*
> *   idmap config *:range = 10001-20000*
> *   idmap config BUH:backend = rid*
> *   idmap config BUH:schema_mode = rfc2307*
> *   idmap config BUH:range = 10000-20000*
> *   idmap config BUH:base_rid = 0*
Well you could start by sorting out the idmap ranges, they are both 
virtually the same and shouldn't be, they must not overlap.

Oh and change the base rid, as you have it, it will drag in all the 
local users.

Rowland
>
> *   winbind nss info = rfc2307*
> *   winbind trusted domains only = no*
> *   winbind use default domain = yes*
> *   winbind enum users  = yes*
> *   winbind enum groups = yes*
> *...*
> *   full_audit:prefix = %u|%I|%S*
> *   full_audit:success = mkdir rename unlink rmdir pwrite*
> *   full_audit:failure = none*
> *   full_audit:facility = local7*
> *   full_audit:priority = NOTICE*
>
> *[Data]*
> *   path = /DataStorage/Data*
> *   read only = no*
>
> Like previously stated, I do not know where to further look to help
> diagnose this problem. Any pointers are more than welcome :)
>
> Thank you!
>
> George