On Fri, 13 Oct 2017, Rowland Penny via samba wrote:> On Fri, 13 Oct 2017 11:45:43 +0200 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > >> Hai, >> >> I'll explain a bit. >> >>> There is no keytab on the member servers. > > Oh yes there is ;-)Seems reasonable. :-)> You only need an explicit keytab if something else requires it e.g. > squid, Samba uses a keytab in memory.OK, please educate me, how do I reset it? I tried restarting everything and even re-joining the member server to the domain. No joy. I am obviously missing something.> >> Ok, can you post your smb.conf >> Because without it is a guessing game as of this point. > > It always helps if the smb.conf is posted.I already sent it in reply to Louis's request. If you need it again let me know. Also in case it is useful below is what I have in /etc/krb5.conf: [libdefaults] default_realm = SAMDOM.MYDOMAIN.COM dns_lookup_realm = false dns_lookup_kdc = true The weird thing about all of this is everything is working. Other than the log messages, the only thing not normal is that winbind is constantly running which has the machine's load higher than normal. Regards, -- Tom me at tdiehl.org
On Sat, 14 Oct 2017 05:33:31 -0400 (EDT) me at tdiehl.org wrote:> On Fri, 13 Oct 2017, Rowland Penny via samba wrote: > > > On Fri, 13 Oct 2017 11:45:43 +0200 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > >> Hai, > >> > >> I'll explain a bit. > >> > >>> There is no keytab on the member servers. > > > > Oh yes there is ;-) > > Seems reasonable. :-) > > > You only need an explicit keytab if something else requires it e.g. > > squid, Samba uses a keytab in memory. > > OK, please educate me, how do I reset it? > > I tried restarting everything and even re-joining the member server to > the domain. No joy. I am obviously missing something. > > > > >> Ok, can you post your smb.conf > >> Because without it is a guessing game as of this point. > > > > It always helps if the smb.conf is posted. > > I already sent it in reply to Louis's request. If you need it again > let me know. > > Also in case it is useful below is what I have in /etc/krb5.conf: > > [libdefaults] > default_realm = SAMDOM.MYDOMAIN.COM > dns_lookup_realm = false > dns_lookup_kdc = true > > The weird thing about all of this is everything is working. Other than > the log messages, the only thing not normal is that winbind is > constantly running which has the machine's load higher than normal. > > Regards, >There doesn't seem to be anything wrong with your smb.conf and if everything is working okay and all that is worrying you is the log messages, change 'log level = 2' to 'log level = 1'. The messages will stop ;-) Rowland
On Sat, 14 Oct 2017, Rowland Penny via samba wrote:> On Sat, 14 Oct 2017 05:33:31 -0400 (EDT) > me at tdiehl.org wrote: > >> On Fri, 13 Oct 2017, Rowland Penny via samba wrote: >> >>> On Fri, 13 Oct 2017 11:45:43 +0200 >>> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >>> >>>> Hai, >>>> >>>> I'll explain a bit. >>>> >>>>> There is no keytab on the member servers. >>> >>> Oh yes there is ;-) >> >> Seems reasonable. :-) >> >>> You only need an explicit keytab if something else requires it e.g. >>> squid, Samba uses a keytab in memory. >> >> OK, please educate me, how do I reset it? >> >> I tried restarting everything and even re-joining the member server to >> the domain. No joy. I am obviously missing something. >> >>> >>>> Ok, can you post your smb.conf >>>> Because without it is a guessing game as of this point. >>> >>> It always helps if the smb.conf is posted. >> >> I already sent it in reply to Louis's request. If you need it again >> let me know. >> >> Also in case it is useful below is what I have in /etc/krb5.conf: >> >> [libdefaults] >> default_realm = SAMDOM.MYDOMAIN.COM >> dns_lookup_realm = false >> dns_lookup_kdc = true >> >> The weird thing about all of this is everything is working. Other than >> the log messages, the only thing not normal is that winbind is >> constantly running which has the machine's load higher than normal. >> >> Regards, >> > > There doesn't seem to be anything wrong with your smb.conf and if > everything is working okay and all that is worrying you is the log > messages, change 'log level = 2' to 'log level = 1'. The messages will > stop ;-)Yes I understand, however, there are 2 things I am concerned about. When the errors are spewing, winbind never goes to sleep and the load on the server runs somewhere between 6-8 constantly (as shown by top.). Even when there is no one in the office and hence no files being served I still see the high load. When the errors stop (This happens intermittently) winbind will sleep and the load settles down to < 1. The other thing that concerns me is that I am wondering if this is an indication that something more serious is about to break. It is one thing for me to see things in the background and entirely something else for it to impact the users. :-) Suggestions? Regards, -- Tom me at tdiehl.org