Hi. I have a samba server that suddenly gets smbd
processes at 100% and becomes unusable.
This is samba release 2:4.9.5+dfsg-5+deb10u1
in this host:
Operating System: Debian GNU/Linux 10 (buster)
Kernel: Linux 4.19.0-14-amd64
We use only LDAP backend.
The process at 100% are smbd, but they won't show
up in "samba-tool processes". Only that:
notify-daemon 2764
If I check ps I see:
/usr/sbin/smbd --foreground --no-process-group
I tried removing the firewall, I also checked:
samba-tool drs, I get this error but I think it is
normal because we have no ADS:
NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection
I managed to get a
stack trace from one of those processes:
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fbe6baf2535 in __GI_abort () at abort.c:79
#2 0x00007fbe6c4319e3 in dump_core () from
/lib/x86_64-linux-gnu/libsmbconf.so.0
#3 0x00007fbe6c41e22b in smb_panic_s3 () from
/lib/x86_64-linux-gnu/libsmbconf.so.0
#4 0x00007fbe6c7fe9df in smb_panic () from
/lib/x86_64-linux-gnu/libsamba-util.so.0
#5 0x00007fbe6c7fec16 in ?? () from /lib/x86_64-linux-gnu/libsamba-util.so.0
#6 <signal handler called>
#7 0x00007fbe6c8646fe in __GI___pthread_mutex_lock (mutex=0x55c78fd27c50) at
../nptl/pthread_mutex_lock.c:80
#8 0x00007fbe6aae53e9 in ?? () from /lib/x86_64-linux-gnu/libgnutls.so.30
#9 0x00007fbe6aab962b in gnutls_record_send2 () from
/lib/x86_64-linux-gnu/libgnutls.so.30
#10 0x00007fbe6b3d03a2 in ?? () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#11 0x00007fbe6b282108 in ?? () from /lib/x86_64-linux-gnu/liblber-2.4.so.2
#12 0x00007fbe6b283411 in ber_int_sb_write () from
/lib/x86_64-linux-gnu/liblber-2.4.so.2
#13 0x00007fbe6b27fb2b in ber_flush2 () from
/lib/x86_64-linux-gnu/liblber-2.4.so.2
#14 0x00007fbe6b3bcfa1 in ldap_int_flush_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#15 0x00007fbe6b3bd27f in ldap_send_server_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#16 0x00007fbe6b3bd5f1 in ldap_send_initial_request () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#17 0x00007fbe6b3b21dc in ldap_sasl_bind () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#18 0x00007fbe6b3b262a in ldap_sasl_bind_s () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#19 0x00007fbe6b3b2eb0 in ldap_simple_bind_s () from
/lib/x86_64-linux-gnu/libldap_r-2.4.so.2
#20 0x00007fbe6afb4d69 in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
#21 0x00007fbe6afb5ade in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2
#22 0x00007fbe6afb624f in smbldap_search () from
/lib/x86_64-linux-gnu/libsmbldap.so.2
#23 0x00007fbe6afb62a9 in smbldap_search_suffix () from
/lib/x86_64-linux-gnu/libsmbldap.so.2
#24 0x00007fbe6af93add in smbldap_search_domain_info () from
/usr/lib/x86_64-linux-gnu/samba/libsmbldaphelper.so.0
#25 0x00007fbe6c0b7ede in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
#26 0x00007fbe6c0d4748 in make_pdb_method_name () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
#27 0x00007fbe6c0d4a1e in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0
#28 0x00007fbe6c0d6d19 in initialize_password_db () from
/lib/x86_64-linux-gnu/libsamba-passdb.so.0
#29 0x00007fbe6c63932e in smbd_reinit_after_fork () from
/usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0
#30 0x000055c78e2a7b3f in ?? ()
#31 0x00007fbe6bc9803f in tevent_common_invoke_fd_handler () from
/lib/x86_64-linux-gnu/libtevent.so.0
#32 0x00007fbe6bc9e05f in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
#33 0x00007fbe6bc9c2d7 in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0
#34 0x00007fbe6bc977e4 in _tevent_loop_once () from
/lib/x86_64-linux-gnu/libtevent.so.0
And here is an edited smb.conf
netbios name = alu-a2
workgroup = ALU
realm = aluete.example.com
interfaces = 127.0.0.1 192.168.68.7 192.168.81.8 192.168.68.11
debug level = 4
log file = /var/log/samba/%m.log
max log size = 25
#socket options = IPTOS_LOWDELAY TCP_NODELAY
load printers = no
keepalive = 600
deadtime = 120
os level = 99
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
server max protocol = NT1
ldap admin dn = "cn=admin,dc=example,dc=com"
smbpasswd:/etc/samba/smbpasswd
ldap ssl = off
ldap passwd sync = yes
passdb backend = ldapsam:ldaps://mero.example.com/
ldap admin dn = cn=admin,dc=example,dc=com
ldap suffix = ou=ALUETE,ou=EXAMPLEBCN,dc=example,dc=com
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -W -t 0 "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u"
"%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g '%g'
'%u'
logon path = \\%L\profiles\%U
logon drive = l:
logon home = \\%N\%U
logon script = logon.bat
remote announce = 192.168.81.255 10.1.36.255
wins support = yes
algorithmic rid base = 1000
dns proxy = yes
hosts allow = 192.168.68. 192.168.36. 127.
security = user
max disk size = 60
guest account = nobody
ntlm auth = yes
lanman auth = yes
client ntlmv2 auth = yes
load printers = no
[IPC$]
path = /tmp
hosts allow= 10.0.36.0/24, 192.168.36.0/25, 192.168.36.128/25,
192.168.68.0/24, 192.168.81.0/24, 127.0.0.1/32 10.0.68.0/24 10.1.36.0/24
hosts deny = 0.0.0.0/0
[netlogon]
path = /samba/netlogon
read only = yes
browseable = Yes
writable = No
public = No
[profiles]
path = /samba/profiles
read only = no
guest ok = Yes
create mask = 0600
directory mask = 0700
[homes]
Comment = Home Directories
read only = No
force create mode = 0700
browseable = No
fake oplocks = yes
On 15/02/2021 12:39, Francesc Guasch via samba wrote:> Hi. I have a samba server that suddenly gets smbd > processes at 100% and becomes unusable. > > This is samba release 2:4.9.5+dfsg-5+deb10u1 > in this host: > > Operating System: Debian GNU/Linux 10 (buster) > Kernel: Linux 4.19.0-14-amd64 > > We use only LDAP backend. > > The process at 100% are smbd, but they won't show > up in "samba-tool processes". Only that: > notify-daemon 2764Not sure that 'samba-tool' will work against an NT4-style PDC, it was written to be used against Samba AD.> I managed to get a > stack trace from one of those processes: > > #0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 > #1 0x00007fbe6baf2535 in __GI_abort () at abort.c:79 > #2 0x00007fbe6c4319e3 in dump_core () from /lib/x86_64-linux-gnu/libsmbconf.so.0 > #3 0x00007fbe6c41e22b in smb_panic_s3 () from /lib/x86_64-linux-gnu/libsmbconf.so.0 > #4 0x00007fbe6c7fe9df in smb_panic () from /lib/x86_64-linux-gnu/libsamba-util.so.0 > #5 0x00007fbe6c7fec16 in ?? () from /lib/x86_64-linux-gnu/libsamba-util.so.0 > #6 <signal handler called> > #7 0x00007fbe6c8646fe in __GI___pthread_mutex_lock (mutex=0x55c78fd27c50) at ../nptl/pthread_mutex_lock.c:80 > #8 0x00007fbe6aae53e9 in ?? () from /lib/x86_64-linux-gnu/libgnutls.so.30 > #9 0x00007fbe6aab962b in gnutls_record_send2 () from /lib/x86_64-linux-gnu/libgnutls.so.30 > #10 0x00007fbe6b3d03a2 in ?? () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #11 0x00007fbe6b282108 in ?? () from /lib/x86_64-linux-gnu/liblber-2.4.so.2 > #12 0x00007fbe6b283411 in ber_int_sb_write () from /lib/x86_64-linux-gnu/liblber-2.4.so.2 > #13 0x00007fbe6b27fb2b in ber_flush2 () from /lib/x86_64-linux-gnu/liblber-2.4.so.2 > #14 0x00007fbe6b3bcfa1 in ldap_int_flush_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #15 0x00007fbe6b3bd27f in ldap_send_server_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #16 0x00007fbe6b3bd5f1 in ldap_send_initial_request () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #17 0x00007fbe6b3b21dc in ldap_sasl_bind () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #18 0x00007fbe6b3b262a in ldap_sasl_bind_s () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #19 0x00007fbe6b3b2eb0 in ldap_simple_bind_s () from /lib/x86_64-linux-gnu/libldap_r-2.4.so.2 > #20 0x00007fbe6afb4d69 in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2 > #21 0x00007fbe6afb5ade in ?? () from /lib/x86_64-linux-gnu/libsmbldap.so.2 > #22 0x00007fbe6afb624f in smbldap_search () from /lib/x86_64-linux-gnu/libsmbldap.so.2 > #23 0x00007fbe6afb62a9 in smbldap_search_suffix () from /lib/x86_64-linux-gnu/libsmbldap.so.2 > #24 0x00007fbe6af93add in smbldap_search_domain_info () from /usr/lib/x86_64-linux-gnu/samba/libsmbldaphelper.so.0 > #25 0x00007fbe6c0b7ede in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0 > #26 0x00007fbe6c0d4748 in make_pdb_method_name () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0 > #27 0x00007fbe6c0d4a1e in ?? () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0 > #28 0x00007fbe6c0d6d19 in initialize_password_db () from /lib/x86_64-linux-gnu/libsamba-passdb.so.0 > #29 0x00007fbe6c63932e in smbd_reinit_after_fork () from /usr/lib/x86_64-linux-gnu/samba/libsmbd-base.so.0 > #30 0x000055c78e2a7b3f in ?? () > #31 0x00007fbe6bc9803f in tevent_common_invoke_fd_handler () from /lib/x86_64-linux-gnu/libtevent.so.0 > #32 0x00007fbe6bc9e05f in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0 > #33 0x00007fbe6bc9c2d7 in ?? () from /lib/x86_64-linux-gnu/libtevent.so.0 > #34 0x00007fbe6bc977e4 in _tevent_loop_once () from /lib/x86_64-linux-gnu/libtevent.so.0 > > And here is an edited smb.conf > > netbios name = alu-a2 > workgroup = ALU > realm = aluete.example.com > interfaces = 127.0.0.1 192.168.68.7 192.168.81.8 192.168.68.11 > debug level = 4 > log file = /var/log/samba/%m.log > max log size = 25 > #socket options = IPTOS_LOWDELAY TCP_NODELAY > load printers = no > keepalive = 600 > deadtime = 120 > os level = 99 > preferred master = yes > domain master = yes > local master = yes > security = user > domain logons = yes > server max protocol = NT1 > ldap admin dn = "cn=admin,dc=example,dc=com" > smbpasswd:/etc/samba/smbpasswd > ldap ssl = off > ldap passwd sync = yes > passdb backend = ldapsam:ldaps://mero.example.com/ > ldap admin dn = cn=admin,dc=example,dc=com > ldap suffix = ou=ALUETE,ou=EXAMPLEBCN,dc=example,dc=com > ldap user suffix = ou=users > ldap group suffix = ou=groups > ldap machine suffix = ou=computers > ldap idmap suffix = ou=Idmap > add user script = /usr/sbin/smbldap-useradd -m "%u" > delete user script = /usr/sbin/smbldap-userdel "%u" > add machine script = /usr/sbin/smbldap-useradd -W -t 0 "%u" > add group script = /usr/sbin/smbldap-groupadd -p "%g" > add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" > delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" > set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' > logon path = \\%L\profiles\%U > logon drive = l: > logon home = \\%N\%U > logon script = logon.bat > remote announce = 192.168.81.255 10.1.36.255 > wins support = yes > algorithmic rid base = 1000 > dns proxy = yes > hosts allow = 192.168.68. 192.168.36. 127. > security = user > max disk size = 60 > guest account = nobody > ntlm auth = yes > lanman auth = yes > client ntlmv2 auth = yes > load printers = no > > [IPC$] > path = /tmp > hosts allow= 10.0.36.0/24, 192.168.36.0/25, 192.168.36.128/25, 192.168.68.0/24, 192.168.81.0/24, 127.0.0.1/32 10.0.68.0/24 10.1.36.0/24 > hosts deny = 0.0.0.0/0Why have you created a hidden share called 'IPC' ? Is this a new PDC, or an existing one ? Is apparmor running and possibly denying something ? Is there anything in the Samba logs ? Rowland