Hello Andrew & Louis, Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. /*Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition.*/ When I restarted the samba-ad-dc service, all started working well again. However, as mentioned again, I could not trace the error in the logs. I have uploaded the log (starting 11:00 AM to 2:30 PM, it is 36 MB in size!!) to google drive and invited you all. Request you to check and suggest. The logs are from PDC emulator. We have one more additional domain controller. If you need I can enclose the logs from second DC as well. Also enclosed is the Windows Event (in CSV format) from the PC with Windows 7 Professional 64 Bit, running RSAT. I could only see the error with respect to Group Policy processing and windows pc had some problem with restarting. Unfortunately the script we have written to dump the memory consumption by samba process has failed. The file is having only few entries untill 10:00, till then everything was normal. I will fix this, simulate the error, take the dump and post it here. Also as Marc had suggested, dbcheck --cross-ncs didn't report any error on both DCs. Look forward for your help to fix this. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 04/08/17 10:14 PM, Anantha Raghava wrote:> > Hello Louis, > > You are welcome. > > As Andrew suggested, we are now monitoring the memory and written a > script to dump the memory consumption information at given interval of > 20 minutes. We will share the results here. > > One thing we observed today. None connected to RSAT today and we kept > adding the PCs to Domain. All versions of Windows - XP with SP3, > Windows 7 Professional and Ultimate (32 and 64Bit) and Windows 10 > Professional and Enterprise. Everything worked just fine. We were not > cut off by Samba at any time. However, we have now given instructions > to all not to touch the RSAT either on Windows 7 Professional or on > Windows Server 2008 R2 when we are adding PCs to domain. If the > problem does not repeat, then we feel probably we are heading towards > some conclusion. > > In our case, there is all the possibility that I connect to RSAT on > Windows Server 2008 R2 from one location and another personal at the > same time connects to RSAT from Windows 7 Professional. While I keep > observing the Computer Accounts and DNS entries, the other person > works on OU reorganization etc. This could be leading to this sudden > disconnection as DB may go inconsistent. I am not sure. > > However, I will check the error from Windows Events and share the > details here. As Marc suggested, earlier, I will also execute dbcheck > cross-ncs and post the results here along with memory utilization data > over a period of time. > > Just to give all information about our setup: > > OS : CentOS 7.3 (1611) > > ADDC : 4.6.5 > > No. of DC : 2 (1 in Physical Server with 2 X Octacore CPU, 64 GB > Memory, 300 GB HDD & another Virtual Machine, 8 vCPU, 16 GB Memory, 50 > GB HDD) > > Total number of users accounts added : around 5000 > > Total Computers added to Domain : around 500 as of now. > > Target is to achieve close to 8000 users and equal number of PCs. > > -- > > Thanks & Regards, > > > Anantha Raghava > > > Do not print this e-mail unless required. Save Paper & trees. > > On 04/08/17 3:55 PM, L.P.H. van Belle wrote: >> Hai, >> >> Im joining this one if you dont mind. >> My setup: >> Debian 8 (Jessie) >> ADDC's : samba 4.6.6 >> Member with profiles : samba 4.6.6 >> This problem is here seen also on a Windows7 Pro 64bit client. >> The client here, is related to the user profile, this one is having a corrupted user profile in my case. >> Due to this, my GPO fails and i see event id: 4098 , error code : 0x8007000E insufficions space .... >> >> I also seen some hotfixes related to dotnet 3.0 for Win 7, but im not sure yet for Anantha what the problem is. >> >> Also dont see this on my other computers, checked. >> Windows 7 Pro 64bit ( other users ) >> Windows 10 Pro 64bit. Works fine also. ( builds 15xx upto 17xx ) >> >> >> @Anantha, can you check if you see in the windows event logs with warnings and errors. >> Can you post these? Event id NR. and error codes that all i need. >> >> Imho, this is not samba that causing the problem but something in windows. >> >> >> Greetz, >> >> Louis >> >> >> >>> -----Oorspronkelijk bericht----- >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >>> Anantha Raghava via samba >>> Verzonden: vrijdag 4 augustus 2017 6:03 >>> Aan: Andrew Bartlett;samba at lists.samba.org >>> Onderwerp: Re: [Samba] Not enough storage space error >>> >>> Hello Andrew, >>> >>> Good Morning.. >>> >>> Thanks for quick response. >>> >>> We will monitor the memory usage and intimate you accordingly. >>> >>> However, I doubt using the 4.7rc in this case. Also, creating >>> a test environment with 4.7rc, simulating the current process >>> (Adding new domain member PCs and users, reorganizing the >>> Groups and OU) is very difficult. Will definitely give it a try. >>> >>> -- >>> >>> Thanks & Regards, >>> >>> >>> Anantha Raghava >>> >>> >>> Do not print this e-mail unless required. Save Paper & trees. >>> >>> On 04/08/17 8:44 AM, Andrew Bartlett wrote: >>>> On Fri, 2017-08-04 at 06:34 +0530, Anantha Raghava wrote: >>>>> Hello Andrew, >>>>> From the day one, we set the log level to 3. Log size is >>> really huge. >>>>> However, I did not see some thing very interesting and related to >>>>> this error. It is all to do with user login, information, >>> etc. Should >>>>> I have to increase the log level to get more info? >>>>> One thing we noticed. When we restart the samba-ad-dc service, it >>>>> allows us to add new users, add new computers to domain, and even >>>>> move the user from one OU to another. However, from last >>> two days, at >>>>> around evening (around 4:45 PM), samba all of a sudden >>> cuts off all >>>>> users from domain and even fails to list the domain controllers in >>>>> RSAT. If we restart samba-ad-dc, it starts working properly. >>>>> Now we need to see, what is that event that is causing >>> this cut off >>>>> all of a sudden? Is it a shear coincidence? Or is it >>> something to do >>>>> with the large number of PCs are now getting added from different >>>>> places? Incidentally, we use the same domain admin account (limited >>>>> administrator) to add PCs to domain. Is this causing some problem? >>>> Can you track the memory use of samba over time? >>>> >>>> You say elsewhere that there is plenty of RAM free, but is >>> that still >>>> the case just before it blows up? >>>> >>>> Can you try Samba 4.7rc, where we made LDAP multi-process? >>> That would >>>> keep any memory leak more isolated, which might help us find it. >>>> >>>> You can also look for some clues in the output of: >>>> >>>> smbcontrol $PID pool-usage >>>> >>>> It is very verbose, but careful analysis over time might >>> give a clue >>>> where the memory is. >>>> >>>> Thanks, >>>> >>>> Andrew Bartlett >>>> >>>>> -- >>>>> >>>>> Thanks & Regards, >>>>> >>>>> Anantha Raghava >>>>> >>>>> Do not print this e-mail unless required. Save Paper & trees. >>>>> On 03/08/17 8:09 AM, Andrew Bartlett wrote: >>>>>> On Wed, 2017-08-02 at 21:09 +0530, Anantha Raghava via >>> samba wrote: >>>>>>> Hi, >>>>>>> >>>>>>> We are using Samba AD DC (Version 4.6.5) on CentOS 7.3. >>> We have two >>>>>>> servers with BIND9 DNS and all are working just fine. >>>>>>> >>>>>>> Today, when we attempted to move couple of users from one OU to >>>>>>> another, Windows RSAT reported /*"Windows cannot move object. >>>>>>> Ther*//*e *//*is not enough storage space*//*"*/. >>>>>> I wouldn't take the error string literally. There are too many >>>>>> layers of mapping going on. LDAP does not contain such >>> an error, so >>>>>> think of it as a bad translation. >>>>>> >>>>>>> Our servers have 300 GB Storage more that 270GB is free on the >>>>>>> storage. At the moment we have added about 1000 users >>> and about 450 >>>>>>> computers into domain. Overall, we will add about 7500 users and >>>>>>> equal no of computers to domain. I also noticed that >>> RSAT lost the >>>>>>> connection to domain all of a sudden. However, when I >>> restarted the >>>>>>> samba-ad-dc service, it reconnected. I am able to add >>> new computers >>>>>>> and new users into domain. But moving the user from one OU to >>>>>>> another is throwing above error. >>>>>>> >>>>>>> I believe the DB is a 32 bit one and should support upto 4 GB. >>>>>>> When >>>>>>> I >>>>>>> checked in /usr/local/samba/private folder the size of >>> smb.ldb file >>>>>>> is about 4.1 MB and rest of the ldb and tdb files are >>> around 1 MB >>>>>>> in size. >>>>>>> >>>>>>> Now, how do I correctly check the current DB size? Is the above >>>>>>> error a strange behaviour? How do we fix the above error? >>>>>> Turn up the logging on the AD DC and see what the real error and >>>>>> error string is. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Andrew Bartlett >>>>>> >>>>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions:https://lists.samba.org/mailman/options/samba >>> >
Hai, For me.. the interesting parts.. where i think i can help out a bit. [2017/08/07 11:00:06.129569, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: constrained delegation from BLR066YESH03$@KTKBANKLTD.COM (blr066yesh03$\@KTKBANKLTD.COM at KTKBANKLTD.COM) as BLR066YESH03$@KTKBANKLTD.COM to blr066yesh03$\@KTKBANKLTD.COM at KTKBANKLTD.COM not allowed [2017/08/07 11:00:06.129646, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) Kerberos: Failed building TGS-REP to ipv4:172.25.182.15:49768 [2017/08/07 11:00:12.917959, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [KAMATH-PC]\[Lenovo]@[KAMATH-PC] auth_check_password_send: mapped user is: [KTKBANKLTD]\[Lenovo]@[KAMATH-PC] [2017/08/07 11:00:12.918663, 3] ../source4/auth/ntlm/auth_sam.c:63(authsam_search_account) sam_search_user: Couldn't find user [Lenovo] in samdb, under DC=ktkbankltd,DC=com and all auth messages, like this one. auth_check_password_send: Checking password for unmapped user [KAMATH-PC]\[Lenovo]@[KAMATH-PC] auth_check_password_send: mapped user is: [KTKBANKLTD]\[Lenovo]@[KAMATH-PC] [2017/08/07 11:00:32.499136, 3] ../source4/auth/ntlm/auth_sam.c:63(authsam_search_account) sam_search_user: Couldn't find user [Lenovo] in samdb, under DC=ktkbankltd,DC=com [2017/08/07 11:00:32.499172, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) [2017/08/07 11:00:50.131823, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [VALUED-SK025MV9]\[Administrator]@[VALUED-SK025MV9] auth_check_password_send: mapped user is: [KTKBANKLTD]\[Administrator]@[VALUED-SK025MV9] [2017/08/07 11:00:50.133267, 3] ../libcli/auth/ntlm_check.c:397(ntlm_password_check) ntlm_password_check: NTLMv2 password check failed [2017/08/07 11:00:50.133308, 3] ../libcli/auth/ntlm_check.c:442(ntlm_password_check) ntlm_password_check: Lanman passwords NOT PERMITTED for user Administrator [2017/08/07 11:00:50.133357, 3] ../libcli/auth/ntlm_check.c:588(ntlm_password_check) ntlm_password_check: LM password and LMv2 failed for user Administrator, and NT MD4 password in LM field not permitted [2017/08/07 11:00:50.133729, 3] ../libcli/auth/ntlm_check.c:397(ntlm_password_check) ntlm_password_check: NTLMv2 password check failed I checked the thread again, and we are missing the smb.conf. Can you post the smb.conf of one of the DC's and same for a member ( preffered the one with problems) I cant tell anything about the DB sizes, so i leave that to marc and Andrew. But we really need the smb.conf's to make sure you did setup correctly. last, to make searching a bit better also. Can you define some of the pc's if its winXP 7 or 10. [KAMATH-PC]\[Lenovo]@[KAMATH-PC] ? is this a windows XP pc? ho001rmd37$@KTKBANKLTD.COM is a server? ( os and samba versions) and this one : BLR065SRIR07$ Server ? pc ? That makes it a bit better to read the log and where what is happing and that should help the samba dev's to find whats going on.>Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition.What where you doing at that time with RSAT. Please describe. i use the RSAT tools a lot, but my network is lots smaller. Greetz, Louis Van: Anantha Raghava [mailto:raghav at exzatechconsulting.com] Verzonden: dinsdag 8 augustus 2017 8:29 Aan: L.P.H. van Belle; samba at lists.samba.org; Andrew Bartlett; Marc Muehlfeld Onderwerp: Re: [Samba] Not enough storage space error Hi, Fine the logs attached. It is now compressed intoa zip file. Hope this helps. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 08/08/17 8:30 AM, Anantha Raghava wrote: Hello Andrew & Louis, Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition. When I restarted the samba-ad-dc service, all started working well again. However, as mentioned again, I could not trace the error in the logs. I have uploaded the log (starting 11:00 AM to 2:30 PM, it is 36 MB in size!!) to google drive and invited you all. Request you to check and suggest. The logs are from PDC emulator. We have one more additional domain controller. If you need I can enclose the logs from second DC as well. Also enclosed is the Windows Event (in CSV format) from the PC with Windows 7 Professional 64 Bit, running RSAT. I could only see the error with respect to Group Policy processing and windows pc had some problem with restarting. Unfortunately the script we have written to dump the memory consumption by samba process has failed. The file is having only few entries untill 10:00, till then everything was normal. I will fix this, simulate the error, take the dump and post it here. Also as Marc had suggested, dbcheck --cross-ncs didn't report any error on both DCs. Look forward for your help to fix this. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 04/08/17 10:14 PM, Anantha Raghava wrote: Hello Louis, You are welcome. As Andrew suggested, we are now monitoring the memory and written a script to dump the memory consumption information at given interval of 20 minutes. We will share the results here. One thing we observed today. None connected to RSAT today and we kept adding the PCs to Domain. All versions of Windows - XP with SP3, Windows 7 Professional and Ultimate (32 and 64Bit) and Windows 10 Professional and Enterprise. Everything worked just fine. We were not cut off by Samba at any time. However, we have now given instructions to all not to touch the RSAT either on Windows 7 Professional or on Windows Server 2008 R2 when we are adding PCs to domain. If the problem does not repeat, then we feel probably we are heading towards some conclusion. In our case, there is all the possibility that I connect to RSAT on Windows Server 2008 R2 from one location and another personal at the same time connects to RSAT from Windows 7 Professional. While I keep observing the Computer Accounts and DNS entries, the other person works on OU reorganization etc. This could be leading to this sudden disconnection as DB may go inconsistent. I am not sure. However, I will check the error from Windows Events and share the details here. As Marc suggested, earlier, I will also execute dbcheck cross-ncs and post the results here along with memory utilization data over a period of time. Just to give all information about our setup: OS : CentOS 7.3 (1611) ADDC : 4.6.5 No. of DC : 2 (1 in Physical Server with 2 X Octacore CPU, 64 GB Memory, 300 GB HDD & another Virtual Machine, 8 vCPU, 16 GB Memory, 50 GB HDD) Total number of users accounts added : around 5000 Total Computers added to Domain : around 500 as of now. Target is to achieve close to 8000 users and equal number of PCs. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 04/08/17 3:55 PM, L.P.H. van Belle wrote: Hai, Im joining this one if you dont mind. My setup: Debian 8 (Jessie) ADDC's : samba 4.6.6 Member with profiles : samba 4.6.6 This problem is here seen also on a Windows7 Pro 64bit client. The client here, is related to the user profile, this one is having a corrupted user profile in my case. Due to this, my GPO fails and i see event id: 4098 , error code : 0x8007000E insufficions space .... I also seen some hotfixes related to dotnet 3.0 for Win 7, but im not sure yet for Anantha what the problem is. Also dont see this on my other computers, checked. Windows 7 Pro 64bit ( other users ) Windows 10 Pro 64bit. Works fine also. ( builds 15xx upto 17xx ) @Anantha, can you check if you see in the windows event logs with warnings and errors. Can you post these? Event id NR. and error codes that all i need. Imho, this is not samba that causing the problem but something in windows. Greetz, Louis -----Oorspronkelijk bericht----- Van: samba [mailto:samba-bounces at lists.samba.org] Namens Anantha Raghava via samba Verzonden: vrijdag 4 augustus 2017 6:03 Aan: Andrew Bartlett; samba at lists.samba.org Onderwerp: Re: [Samba] Not enough storage space error Hello Andrew, Good Morning.. Thanks for quick response. We will monitor the memory usage and intimate you accordingly. However, I doubt using the 4.7rc in this case. Also, creating a test environment with 4.7rc, simulating the current process (Adding new domain member PCs and users, reorganizing the Groups and OU) is very difficult. Will definitely give it a try. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 04/08/17 8:44 AM, Andrew Bartlett wrote: On Fri, 2017-08-04 at 06:34 +0530, Anantha Raghava wrote: Hello Andrew, From the day one, we set the log level to 3. Log size is really huge. However, I did not see some thing very interesting and related to this error. It is all to do with user login, information, etc. Should I have to increase the log level to get more info? One thing we noticed. When we restart the samba-ad-dc service, it allows us to add new users, add new computers to domain, and even move the user from one OU to another. However, from last two days, at around evening (around 4:45 PM), samba all of a sudden cuts off all users from domain and even fails to list the domain controllers in RSAT. If we restart samba-ad-dc, it starts working properly. Now we need to see, what is that event that is causing this cut off all of a sudden? Is it a shear coincidence? Or is it something to do with the large number of PCs are now getting added from different places? Incidentally, we use the same domain admin account (limited administrator) to add PCs to domain. Is this causing some problem? Can you track the memory use of samba over time? You say elsewhere that there is plenty of RAM free, but is that still the case just before it blows up? Can you try Samba 4.7rc, where we made LDAP multi-process? That would keep any memory leak more isolated, which might help us find it. You can also look for some clues in the output of: smbcontrol $PID pool-usage It is very verbose, but careful analysis over time might give a clue where the memory is. Thanks, Andrew Bartlett -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 03/08/17 8:09 AM, Andrew Bartlett wrote: On Wed, 2017-08-02 at 21:09 +0530, Anantha Raghava via samba wrote: Hi, We are using Samba AD DC (Version 4.6.5) on CentOS 7.3. We have two servers with BIND9 DNS and all are working just fine. Today, when we attempted to move couple of users from one OU to another, Windows RSAT reported /*"Windows cannot move object. Ther*//*e *//*is not enough storage space*//*"*/. I wouldn't take the error string literally. There are too many layers of mapping going on. LDAP does not contain such an error, so think of it as a bad translation. Our servers have 300 GB Storage more that 270GB is free on the storage. At the moment we have added about 1000 users and about 450 computers into domain. Overall, we will add about 7500 users and equal no of computers to domain. I also noticed that RSAT lost the connection to domain all of a sudden. However, when I restarted the samba-ad-dc service, it reconnected. I am able to add new computers and new users into domain. But moving the user from one OU to another is throwing above error. I believe the DB is a 32 bit one and should support upto 4 GB. When I checked in /usr/local/samba/private folder the size of smb.ldb file is about 4.1 MB and rest of the ldb and tdb files are around 1 MB in size. Now, how do I correctly check the current DB size? Is the above error a strange behaviour? How do we fix the above error? Turn up the logging on the AD DC and see what the real error and error string is. Thanks, Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hello Louis, I am traveling to the location where the Samba servers are installed. I can take the backup of smb.conf and post it here tomorrow. Also, I will check the relevant PC / servers / workstations and give you the details by noon tomorrow -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 08/08/17 12:56 PM, L.P.H. van Belle via samba wrote:> Hai, > > For me.. the interesting parts.. where i think i can help out a bit. > > [2017/08/07 11:00:06.129569, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) > Kerberos: constrained delegation from BLR066YESH03$@KTKBANKLTD.COM (blr066yesh03$\@KTKBANKLTD.COM at KTKBANKLTD.COM) as BLR066YESH03$@KTKBANKLTD.COM to blr066yesh03$\@KTKBANKLTD.COM at KTKBANKLTD.COM not allowed > [2017/08/07 11:00:06.129646, 3] ../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper) > Kerberos: Failed building TGS-REP to ipv4:172.25.182.15:49768 > > > [2017/08/07 11:00:12.917959, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user [KAMATH-PC]\[Lenovo]@[KAMATH-PC] > auth_check_password_send: mapped user is: [KTKBANKLTD]\[Lenovo]@[KAMATH-PC] > [2017/08/07 11:00:12.918663, 3] ../source4/auth/ntlm/auth_sam.c:63(authsam_search_account) > sam_search_user: Couldn't find user [Lenovo] in samdb, under DC=ktkbankltd,DC=com > > and all auth messages, like this one. > > auth_check_password_send: Checking password for unmapped user [KAMATH-PC]\[Lenovo]@[KAMATH-PC] > auth_check_password_send: mapped user is: [KTKBANKLTD]\[Lenovo]@[KAMATH-PC] > [2017/08/07 11:00:32.499136, 3] ../source4/auth/ntlm/auth_sam.c:63(authsam_search_account) > sam_search_user: Couldn't find user [Lenovo] in samdb, under DC=ktkbankltd,DC=com > [2017/08/07 11:00:32.499172, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) > > [2017/08/07 11:00:50.131823, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user [VALUED-SK025MV9]\[Administrator]@[VALUED-SK025MV9] > auth_check_password_send: mapped user is: [KTKBANKLTD]\[Administrator]@[VALUED-SK025MV9] > [2017/08/07 11:00:50.133267, 3] ../libcli/auth/ntlm_check.c:397(ntlm_password_check) > ntlm_password_check: NTLMv2 password check failed > [2017/08/07 11:00:50.133308, 3] ../libcli/auth/ntlm_check.c:442(ntlm_password_check) > ntlm_password_check: Lanman passwords NOT PERMITTED for user Administrator > [2017/08/07 11:00:50.133357, 3] ../libcli/auth/ntlm_check.c:588(ntlm_password_check) > ntlm_password_check: LM password and LMv2 failed for user Administrator, and NT MD4 password in LM field not permitted > [2017/08/07 11:00:50.133729, 3] ../libcli/auth/ntlm_check.c:397(ntlm_password_check) > ntlm_password_check: NTLMv2 password check failed > > > I checked the thread again, and we are missing the smb.conf. > Can you post the smb.conf of one of the DC's and same for a member ( preffered the one with problems) > > I cant tell anything about the DB sizes, so i leave that to marc and Andrew. > But we really need the smb.conf's to make sure you did setup correctly. > > last, to make searching a bit better also. > Can you define some of the pc's if its winXP 7 or 10. > > [KAMATH-PC]\[Lenovo]@[KAMATH-PC] ? is this a windows XP pc? > > ho001rmd37$@KTKBANKLTD.COM is a server? ( os and samba versions) > > and this one : BLR065SRIR07$ Server ? pc ? > > That makes it a bit better to read the log and where what is happing and that should help the samba dev's to find whats going on. > > >> Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition. > What where you doing at that time with RSAT. Please describe. i use the RSAT tools a lot, but my network is lots smaller. > > > Greetz, > Louis > > Van: Anantha Raghava [mailto:raghav at exzatechconsulting.com] > Verzonden: dinsdag 8 augustus 2017 8:29 > Aan: L.P.H. van Belle; samba at lists.samba.org; Andrew Bartlett; Marc Muehlfeld > Onderwerp: Re: [Samba] Not enough storage space error > > > > > Hi, > > Fine the logs attached. It is now compressed intoa zip file. Hope this helps. > >
On Tue, 2017-08-08 at 08:30 +0530, Anantha Raghava wrote:> Hello Andrew & Louis, > > Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition. > > When I restarted the samba-ad-dc service, all started working well again. However, as mentioned again, I could not trace the error in the logs. I have uploaded the log (starting 11:00 AM to 2:30 PM, it is 36 MB in size!!) to google drive and invited you all. Request you to check and suggest. The logs are from PDC emulator. We have one more additional domain controller. If you need I can enclose the logs from second DC as well. > > Also enclosed is the Windows Event (in CSV format) from the PC with Windows 7 Professional 64 Bit, running RSAT. I could only see the error with respect to Group Policy processing and windows pc had some problem with restarting. > > Unfortunately the script we have written to dump the memory consumption by samba process has failed. The file is having only few entries untill 10:00, till then everything was normal. I will fix this, simulate the error, take the dump and post it here. > > Also as Marc had suggested, dbcheck --cross-ncs didn't report any error on both DCs. > > Look forward for your help to fix this.I know you ruled out using Samba 4.7, but I would still suggest running the current 4.7 git tree. You are having repeated failures of your main AD, I think the balance of risk is quite different in your case. You can add an additional DC, and see how that one goes. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
On Tue, 2017-08-08 at 08:30 +0530, Anantha Raghava wrote:> Hello Andrew & Louis, > > Yesterday by around 1:30 PM we had the same issue. Samba AD kicked > all of us out and RSAT did not connect to any domain controllers. > Incidentally the RSAT that caused this error was running on Windows 7 > Professional 64 Bit edition.What as the action being done in RSAT? If it was a OU rename/move, how many objects were under the OU? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi, Sincere apologies for delay in sending the details. After my return, I fell ill and just recovered. Find the details below as you had sought. Total No. of OU : 905 Objects under OU : On an average 10. Each OU contains mainly users. Total Number of Domain Computers : Now it is 1300, eventually it will grow to 8500 Total Number of Objects in DB 9005 (As reported by samba-tool dbcheck --cross-ncs, reports "0" errors) DB Size : 146 MB at present (That is "DC=ktkbankltd, DC=com.ldb" in "/usr/local/samba/private/sam.ldb.d/" folder.) Total Number of Domain Controller : 2 at Present, we will add two more shortly. Hardware configuration (Server with all FSMO Role) : Lenovo Flex System x240 M5 node with Intel E5-2600 v4 CPU (16 Core), 64 GB Memory and 300 GB HDD, 10Gbps NIC. Virtual Machine on KVM for Additional Domain Controller : 2 (Virtual Socket) x 8 Core per Virtual Socket, that is 16 vCore CPU, 32 GB Memory, 100 GB HDD, 1 Gbps Virtual NIC. OS on which Samba is installed : CentOS 7.3 (build 1611), firewall and SELinux disabled for the moment. DNS : BIND 9 (9.9.4 to be precise) We were moving many users from one OU to another when RSAT kicked us out. At the same time, in some other location, PCs were getting added to Domain as members. We kept observing the memory consumption using an NMS, both memory & CPU utilization never shot up abnormally even when domain controller kicked us out. Average CPU Utilization is about 3% and average memory utilization is about 4% of total memory of 64GB. Initially, as mentioned earlier, we thought this error is happening because of RSAT on Windows 7 Professional 64 Bit. However, the error surfaced even when RSAT is being used on Windows Server 2008 R2. smb.conf is attached to this mail. Sample PC (Workstation), server names, OS versions : AD-RSAT - Virtual Machine with Windows Server 2008 R2, mainly used for RSAT and remote support. BLR064RAJA06 - Windows 7 Professional 32 Bit with SP1 BLR114PADM01 - Windows 7 Professional 64 Bit with SP1 BLR902BSK307 - Windows XP Professinal SP3 32 bit MLR495PMRR17 - Windows XP Professional SP3 32bit KAMAT-PC - Windows 7 Professional 32 Bit with SP1 BLR907KHRO08 - Windows 10 Enterprise LTSB Also we have a Proxy Server (WebSense) and different applications authenticating against this AD Setup. @Andrew We did have a detailed discussion to move from version 4.6.5 to 4.7. However it was decided that we wait till 5th September, the day on which the stable version of 4.7 is scheduled to be released. We did setup 4.7rc, but simulating a large network is a challenge. Hence forced to drop the idea. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 10/08/17 3:22 PM, Andrew Bartlett wrote:> On Tue, 2017-08-08 at 08:30 +0530, Anantha Raghava wrote: >> Hello Andrew & Louis, >> >> Yesterday by around 1:30 PM we had the same issue. Samba AD kicked >> all of us out and RSAT did not connect to any domain controllers. >> Incidentally the RSAT that caused this error was running on Windows 7 >> Professional 64 Bit edition. > What as the action being done in RSAT? If it was a OU rename/move, how > many objects were under the OU? > > Thanks, > > Andrew Bartlett-------------- next part -------------- # Global parameters [global] netbios name = PDC realm = KTKBANKLTD.COM server services = s3fs, roc, nbt, repel, ldap, clad, ldc, deeply, winbindd, ntp_signed, lcc, dnsupdate workgroup = KTKBANKLTD server role = active directory domain controller idmap_ldb:use rfc2307 = yes #Logging log leve = 3 log file = /var/log/samba/samba.log.%T max log size = 102400 [netlogon] path = /usr/local/samba/var/locks/sysvol/ktkbankltd.com/scripts read only = NO [sysvol] path = /usr/local/samba/var/locks/sysvol read only = NO [shares] comment = for all users, store common files like desktop wall paper path = /home/shares read only = YES
Now, its getting more detailed for the samba devs and more out of my scope. But a small last question from me. Are you moving OU's with users and are there GPO's liked to these OU's? If yes, detach the GPO link and try moving without GPO's attached. Still errors? Are these users logged in or not? If still logged in, try an OU without users logged in. I also did read something about the kerberos tokensize ( MaxTokenSize should be 65535 ) Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos ( mainly xp and win2003 problems ) A long shot here..but google shows me also a relation of problems between GPO and RSAT mananging user"s with the exact same error message. Greetz, Louis Van: Anantha Raghava [mailto:raghav at exzatechconsulting.com] Verzonden: dinsdag 15 augustus 2017 4:46 Aan: Andrew Bartlett; L.P.H. van Belle; samba at lists.samba.org; Marc Muehlfeld Onderwerp: Re: [Samba] Not enough storage space error Hi, Sincere apologies for delay in sending the details. After my return, I fell ill and just recovered. Find the details below as you had sought. Total No. of OU : 905 Objects under OU : On an average 10. Each OU contains mainly users. Total Number of Domain Computers : Now it is 1300, eventually it will grow to 8500 Total Number of Objects in DB 9005 (As reported by samba-tool dbcheck --cross-ncs, reports "0" errors) DB Size : 146 MB at present (That is "DC=ktkbankltd, DC=com.ldb" in "/usr/local/samba/private/sam.ldb.d/" folder.) Total Number of Domain Controller : 2 at Present, we will add two more shortly. Hardware configuration (Server with all FSMO Role) : Lenovo Flex System x240 M5 node with Intel E5-2600 v4 CPU (16 Core), 64 GB Memory and 300 GB HDD, 10Gbps NIC. Virtual Machine on KVM for Additional Domain Controller : 2 (Virtual Socket) x 8 Core per Virtual Socket, that is 16 vCore CPU, 32 GB Memory, 100 GB HDD, 1 Gbps Virtual NIC. OS on which Samba is installed : CentOS 7.3 (build 1611), firewall and SELinux disabled for the moment. DNS : BIND 9 (9.9.4 to be precise) We were moving many users from one OU to another when RSAT kicked us out. At the same time, in some other location, PCs were getting added to Domain as members. We kept observing the memory consumption using an NMS, both memory & CPU utilization never shot up abnormally even when domain controller kicked us out. Average CPU Utilization is about 3% and average memory utilization is about 4% of total memory of 64GB. Initially, as mentioned earlier, we thought this error is happening because of RSAT on Windows 7 Professional 64 Bit. However, the error surfaced even when RSAT is being used on Windows Server 2008 R2. smb.conf is attached to this mail. Sample PC (Workstation), server names, OS versions : AD-RSAT - Virtual Machine with Windows Server 2008 R2, mainly used for RSAT and remote support. BLR064RAJA06 - Windows 7 Professional 32 Bit with SP1 BLR114PADM01 - Windows 7 Professional 64 Bit with SP1 BLR902BSK307 - Windows XP Professinal SP3 32 bit MLR495PMRR17 - Windows XP Professional SP3 32bit KAMAT-PC - Windows 7 Professional 32 Bit with SP1 BLR907KHRO08 - Windows 10 Enterprise LTSB Also we have a Proxy Server (WebSense) and different applications authenticating against this AD Setup. @Andrew We did have a detailed discussion to move from version 4.6.5 to 4.7. However it was decided that we wait till 5th September, the day on which the stable version of 4.7 is scheduled to be released. We did setup 4.7rc, but simulating a large network is a challenge. Hence forced to drop the idea. -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 10/08/17 3:22 PM, Andrew Bartlett wrote: On Tue, 2017-08-08 at 08:30 +0530, Anantha Raghava wrote: Hello Andrew & Louis, Yesterday by around 1:30 PM we had the same issue. Samba AD kicked all of us out and RSAT did not connect to any domain controllers. Incidentally the RSAT that caused this error was running on Windows 7 Professional 64 Bit edition. What as the action being done in RSAT? If it was a OU rename/move, how many objects were under the OU? Thanks, Andrew Bartlett