Hi all. Problems resolved! I found the samba process that was increasing the memory after I ran the netstat from PID and I discovered that the process opened 88/464 tcp/udp port. After I ran tcpdump program in my DC server listening udp 88 port and I found many clients machines sending traffic a lot to my DC server. I blocked the ips from clients machines by iptables and the samba process stoped to consume memory. To resolve another problem I just commented full_audit options in my smb.conf file and now the command "samba-tool ntacl sysvolreset" works without errors and I'm able to create GPOs. Thanks Fabio Monteiro -------- Mensagem original -------- Assunto: [Samba] Samba4 ClassicUpgrade De: Fabio Monteiro <fabioitb at yahoo.com.br> Para: samba at lists.samba.org Data: 25/11/2014 13:17> Hi, guys. > > I had a server Debian with samba (PDC) 3.6 and ldap, but I needed > upgrade to samba (AD) 4.1.13 with classicupgrade command. > > See below the command: > > # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/ > --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local > /root/backup/etc/samba/smb.conf > > The users, groups and machines was imported sucesful but the upgrade has > some problems. > > * When I start samba, there are one process that it's increasing the > memory until error. The process starts with 500MB but it's increasing > and 2 or 3 days after the process it's with 6GB and the server has only > 8GB RAM. > > See the top below: > > PID %CPU Size Res Res Res > Res Shared Faults Command > Used KB Set Text Data Lib > KB Min Maj > 13959 24.9 4917724 4425780 76 0 4417236 > 9972 206 0 samba > > # ps_mem.py > > Private + Shared = RAM used Program > 560.3 MiB + 49.9 MiB = 610.1 MiB smbd (103) > 4.4 GiB + 13.8 MiB = 4.4 GiB samba (13) > > See the nestat from the PID: > > netstat -putan | grep 13959 > > tcp 0 0 192.168.0.5:464 0.0.0.0:* LISTEN > 13959/samba > tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN > 13959/samba > tcp 0 0 192.168.0.5:88 0.0.0.0:* LISTEN > 13959/samba > tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN 13959/samba > udp 0 0 192.168.0.5:88 0.0.0.0:* 13959/samba > udp 0 0 127.0.0.1:88 0.0.0.0:* 13959/samba > udp 0 0 192.168.0.5:464 0.0.0.0:* 13959/samba > udp 0 0 127.0.0.1:464 0.0.0.0:* 13959/samba > > * I'm not able to create group policies and show me the message below: > > Isn't possible to attribute this security identification as object's owner. > > Thanks a lot. > > Best regards. > > Fabio Monteiro > >
On 02/12/14 12:10, Fabio Monteiro wrote:> Hi all. > > Problems resolved! > > I found the samba process that was increasing the memory after I ran > the netstat from PID and I discovered that the process opened 88/464 > tcp/udp port. > After I ran tcpdump program in my DC server listening udp 88 port and > I found many clients machines sending traffic a lot to my DC server. I > blocked the ips from clients machines by iptables and the samba > process stoped to consume memory. > > To resolve another problem I just commented full_audit options in my > smb.conf file and now the command "samba-tool ntacl sysvolreset" works > without errors and I'm able to create GPOs. > > Thanks > > Fabio Monteiro > > -------- Mensagem original -------- > Assunto: [Samba] Samba4 ClassicUpgrade > De: Fabio Monteiro <fabioitb at yahoo.com.br> > Para: samba at lists.samba.org > Data: 25/11/2014 13:17 > >> Hi, guys. >> >> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed >> upgrade to samba (AD) 4.1.13 with classicupgrade command. >> >> See below the command: >> >> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/ >> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local >> /root/backup/etc/samba/smb.conf >> >> The users, groups and machines was imported sucesful but the upgrade has >> some problems. >> >> * When I start samba, there are one process that it's increasing the >> memory until error. The process starts with 500MB but it's increasing >> and 2 or 3 days after the process it's with 6GB and the server has only >> 8GB RAM. >> >> See the top below: >> >> PID %CPU Size Res Res Res >> Res Shared Faults Command >> Used KB Set Text Data Lib >> KB Min Maj >> 13959 24.9 4917724 4425780 76 0 4417236 >> 9972 206 0 samba >> >> # ps_mem.py >> >> Private + Shared = RAM used Program >> 560.3 MiB + 49.9 MiB = 610.1 MiB smbd (103) >> 4.4 GiB + 13.8 MiB = 4.4 GiB samba (13) >> >> See the nestat from the PID: >> >> netstat -putan | grep 13959 >> >> tcp 0 0 192.168.0.5:464 0.0.0.0:* LISTEN >> 13959/samba >> tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN >> 13959/samba >> tcp 0 0 192.168.0.5:88 0.0.0.0:* LISTEN >> 13959/samba >> tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN >> 13959/samba >> udp 0 0 192.168.0.5:88 0.0.0.0:* 13959/samba >> udp 0 0 127.0.0.1:88 0.0.0.0:* 13959/samba >> udp 0 0 192.168.0.5:464 0.0.0.0:* 13959/samba >> udp 0 0 127.0.0.1:464 0.0.0.0:* 13959/samba >> >> * I'm not able to create group policies and show me the message below: >> >> Isn't possible to attribute this security identification as object's >> owner. >> >> Thanks a lot. >> >> Best regards. >> >> Fabio Monteiro >> >>I take it you know port 88 is the kerberos port ? Rowland
On 02/12/14 13:04, Fabio Monteiro wrote:> Hi, Rowland! > > I know kerberos uses 88 tcp/udp port but the traffic from some client > machines (15 machines) was unbelievable. I think this clients has virus. > > Fabio Monteiro > > -------- Mensagem original -------- > Assunto: Re: [Samba] Samba4 ClassicUpgrade > De: Rowland Penny <rowlandpenny at googlemail.com> > Para: samba at lists.samba.org > Data: 02/12/2014 10:42 > >> On 02/12/14 12:10, Fabio Monteiro wrote: >>> Hi all. >>> >>> Problems resolved! >>> >>> I found the samba process that was increasing the memory after I ran >>> the netstat from PID and I discovered that the process opened 88/464 >>> tcp/udp port. >>> After I ran tcpdump program in my DC server listening udp 88 port and >>> I found many clients machines sending traffic a lot to my DC server. I >>> blocked the ips from clients machines by iptables and the samba >>> process stoped to consume memory. >>> >>> To resolve another problem I just commented full_audit options in my >>> smb.conf file and now the command "samba-tool ntacl sysvolreset" works >>> without errors and I'm able to create GPOs. >>> >>> Thanks >>> >>> Fabio Monteiro >>> >>> -------- Mensagem original -------- >>> Assunto: [Samba] Samba4 ClassicUpgrade >>> De: Fabio Monteiro <fabioitb at yahoo.com.br> >>> Para: samba at lists.samba.org >>> Data: 25/11/2014 13:17 >>> >>>> Hi, guys. >>>> >>>> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed >>>> upgrade to samba (AD) 4.1.13 with classicupgrade command. >>>> >>>> See below the command: >>>> >>>> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/ >>>> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local >>>> /root/backup/etc/samba/smb.conf >>>> >>>> The users, groups and machines was imported sucesful but the >>>> upgrade has >>>> some problems. >>>> >>>> * When I start samba, there are one process that it's increasing the >>>> memory until error. The process starts with 500MB but it's increasing >>>> and 2 or 3 days after the process it's with 6GB and the server has >>>> only >>>> 8GB RAM. >>>> >>>> See the top below: >>>> >>>> PID %CPU Size Res Res Res >>>> Res Shared Faults Command >>>> Used KB Set Text Data Lib >>>> KB Min Maj >>>> 13959 24.9 4917724 4425780 76 0 4417236 >>>> 9972 206 0 samba >>>> >>>> # ps_mem.py >>>> >>>> Private + Shared = RAM used Program >>>> 560.3 MiB + 49.9 MiB = 610.1 MiB smbd (103) >>>> 4.4 GiB + 13.8 MiB = 4.4 GiB samba (13) >>>> >>>> See the nestat from the PID: >>>> >>>> netstat -putan | grep 13959 >>>> >>>> tcp 0 0 192.168.0.5:464 0.0.0.0:* LISTEN >>>> 13959/samba >>>> tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN >>>> 13959/samba >>>> tcp 0 0 192.168.0.5:88 0.0.0.0:* LISTEN >>>> 13959/samba >>>> tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN >>>> 13959/samba >>>> udp 0 0 192.168.0.5:88 0.0.0.0:* 13959/samba >>>> udp 0 0 127.0.0.1:88 0.0.0.0:* 13959/samba >>>> udp 0 0 192.168.0.5:464 0.0.0.0:* 13959/samba >>>> udp 0 0 127.0.0.1:464 0.0.0.0:* 13959/samba >>>> >>>> * I'm not able to create group policies and show me the message below: >>>> >>>> Isn't possible to attribute this security identification as object's >>>> owner. >>>> >>>> Thanks a lot. >>>> >>>> Best regards. >>>> >>>> Fabio Monteiro >>>> >>>> >> I take it you know port 88 is the kerberos port ? >> >> Rowland >>In which case, find the clients that have a virus **AND* *fix them!!!! Turning off port 88 is not a fix. Rowland
Hi Rowland. Yes, I'm fixing the clients but until fix all I block port 88. I'm installing/running antivirus in this machines. I blocked the 88 port by iptables for while to not let unavailable my DC server. It's temporary. Thanks. Fabio Monteiro -------- Mensagem original -------- Assunto: Re: [Samba] Samba4 ClassicUpgrade De: Rowland Penny <rowlandpenny at googlemail.com> Para: fabioitb at yahoo.com.br, sambalist <samba at lists.samba.org> Data: 02/12/2014 12:17> On 02/12/14 13:04, Fabio Monteiro wrote: >> Hi, Rowland! >> >> I know kerberos uses 88 tcp/udp port but the traffic from some client >> machines (15 machines) was unbelievable. I think this clients has virus. >> >> Fabio Monteiro >> >> -------- Mensagem original -------- >> Assunto: Re: [Samba] Samba4 ClassicUpgrade >> De: Rowland Penny <rowlandpenny at googlemail.com> >> Para: samba at lists.samba.org >> Data: 02/12/2014 10:42 >> >>> On 02/12/14 12:10, Fabio Monteiro wrote: >>>> Hi all. >>>> >>>> Problems resolved! >>>> >>>> I found the samba process that was increasing the memory after I ran >>>> the netstat from PID and I discovered that the process opened 88/464 >>>> tcp/udp port. >>>> After I ran tcpdump program in my DC server listening udp 88 port and >>>> I found many clients machines sending traffic a lot to my DC server. I >>>> blocked the ips from clients machines by iptables and the samba >>>> process stoped to consume memory. >>>> >>>> To resolve another problem I just commented full_audit options in my >>>> smb.conf file and now the command "samba-tool ntacl sysvolreset" works >>>> without errors and I'm able to create GPOs. >>>> >>>> Thanks >>>> >>>> Fabio Monteiro >>>> >>>> -------- Mensagem original -------- >>>> Assunto: [Samba] Samba4 ClassicUpgrade >>>> De: Fabio Monteiro <fabioitb at yahoo.com.br> >>>> Para: samba at lists.samba.org >>>> Data: 25/11/2014 13:17 >>>> >>>>> Hi, guys. >>>>> >>>>> I had a server Debian with samba (PDC) 3.6 and ldap, but I needed >>>>> upgrade to samba (AD) 4.1.13 with classicupgrade command. >>>>> >>>>> See below the command: >>>>> >>>>> # samba-tool domain classicupgrade --dbdir=/root/backup/var/lib/samba/ >>>>> --use-xattrs=yes --dns-backend=BIND9_DLZ --realm=test.local >>>>> /root/backup/etc/samba/smb.conf >>>>> >>>>> The users, groups and machines was imported sucesful but the >>>>> upgrade has >>>>> some problems. >>>>> >>>>> * When I start samba, there are one process that it's increasing the >>>>> memory until error. The process starts with 500MB but it's increasing >>>>> and 2 or 3 days after the process it's with 6GB and the server has >>>>> only >>>>> 8GB RAM. >>>>> >>>>> See the top below: >>>>> >>>>> PID %CPU Size Res Res Res >>>>> Res Shared Faults Command >>>>> Used KB Set Text Data Lib >>>>> KB Min Maj >>>>> 13959 24.9 4917724 4425780 76 0 4417236 >>>>> 9972 206 0 samba >>>>> >>>>> # ps_mem.py >>>>> >>>>> Private + Shared = RAM used Program >>>>> 560.3 MiB + 49.9 MiB = 610.1 MiB smbd (103) >>>>> 4.4 GiB + 13.8 MiB = 4.4 GiB samba (13) >>>>> >>>>> See the nestat from the PID: >>>>> >>>>> netstat -putan | grep 13959 >>>>> >>>>> tcp 0 0 192.168.0.5:464 0.0.0.0:* LISTEN >>>>> 13959/samba >>>>> tcp 0 0 127.0.0.1:464 0.0.0.0:* LISTEN >>>>> 13959/samba >>>>> tcp 0 0 192.168.0.5:88 0.0.0.0:* LISTEN >>>>> 13959/samba >>>>> tcp 0 0 127.0.0.1:88 0.0.0.0:* LISTEN >>>>> 13959/samba >>>>> udp 0 0 192.168.0.5:88 0.0.0.0:* 13959/samba >>>>> udp 0 0 127.0.0.1:88 0.0.0.0:* 13959/samba >>>>> udp 0 0 192.168.0.5:464 0.0.0.0:* 13959/samba >>>>> udp 0 0 127.0.0.1:464 0.0.0.0:* 13959/samba >>>>> >>>>> * I'm not able to create group policies and show me the message below: >>>>> >>>>> Isn't possible to attribute this security identification as object's >>>>> owner. >>>>> >>>>> Thanks a lot. >>>>> >>>>> Best regards. >>>>> >>>>> Fabio Monteiro >>>>> >>>>> >>> I take it you know port 88 is the kerberos port ? >>> >>> Rowland >>> > > In which case, find the clients that have a virus **AND* *fix them!!!! > > Turning off port 88 is not a fix. > > Rowland