thr3ads.net - samba - [Samba] Error SAMBA4.19.2 [Oct 2024]

If this information is useful, please help other people find it:
Share via:

Douglas Bagnall

2024-Oct-08 22:26 UTC

[Samba] Error SAMBA4.19.2

hi Gabriel,
>> /usr/local/samba/private/sam.ldb: Error (24) Too many open files - 
I have not seen other reports of 4.19 or similar versions running out of 
open files, so I suspect it is a peculiarity of your machine.

This message from 2018 has some hints for diagnosis and fixes:

https://lists.samba.org/archive/samba/2018-April/215130.html

And you could also look at the output of `lsof` to see what has which 
files open.

If it does seem like Samba is leaking files, please tell us!

cheers,
Douglas


On 4/10/24 03:26, Gabriel via samba wrote:> Good evening,
> 
>>
>> We have been dealing with an incident for several weeks during peak
load
>> times, either due to authentications or service accesses that rely on
Samba
>> 4 AD. Below are the details of the current Samba version and OS:
>>
>> **Samba version 4.19.2**
>>
>> ```bash
>> ~$ uname -r
>> 5.15.0-41-generic
>> ~$ sudo lsb_release
>> No LSB modules are available.
>> ~$ sudo lsb_release -a
>> No LSB modules are available.
>> Distributor ID: Ubuntu
>> Description:    Ubuntu 20.04.2 LTS
>> Release:        20.04
>> Codename:       focal
>> The first error that appeared in the logs since September 10 is as
follows:
>>
>> bash
>> Copiar c?digo
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.301924,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module encrypted_secrets
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module group_audit_log
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module repl_meta_data
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module subtree_delete
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module aclread
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module acl initialization
>> failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module descriptor
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module objectclass
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module audit_log
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module asq initialization
>> failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module server_sort
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module vlv initialization
>> failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module dsdb_paged_results
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module dirsync
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module schema_load
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module dsdb_notification
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module rootdse
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: module samba_dsdb
>> initialization failed : Operations error
>> Sep 10 09:41:36 domain samba[1658021]:   ldb: Unable to load modules
for
>> /usr/local/samba/private/sam.ldb: Error (24) Too many open files -
Opening
>> encrypted_secrets key file
>> The current configuration file is:
>>
>> bash
>> Copiar c?digo
>> # Global parameters
>> [global]
>>          bind interfaces only = Yes
>>          dns forwarder = x.x.x.x x.x.x.x
>>          interfaces = lo ens3
>>          netbios name = xxxxxx
>>          realm = xxxxxx
>>          server role = active directory domain controller
>>          workgroup = xxxxx
>>
>>          tls enabled  = yes
>>          tls keyfile  = /usr/local/xxxxx/private/tls/key.pem
>>          tls certfile = /usr/local/xxxxx/private/tls/cert.pem
>>          tls cafile   = /usr/local/xxxxx/private/tls/ca.pem
>>
>>          log level = 1 dsdb_json_audit:2 dsdb_password_json_audit:2
>> dsdb_group_json_audit:2 dsdb_transaction_json_audit:2
auth_json_audit:3@
>> /usr/local/samba/var/log.samba
>>          max log size = 100000
>>
>>          tls priority = NORMAL:-VERS-TLS1.0:-VERS-TLS1.1
>>          restrict anonymous = 2
>>          disable netbios = yes
>>          smb ports = 445
>>          printcap name = /dev/null
>>          load printers = no
>>          disable spoolss = yes
>>          printing = bsd
>>
>> [sysvol]
>>          path = /usr/local/samba/var/locks/sysvol
>>          read only = No
>>
>> [netlogon]
>>          path = /usr/local/samba/var/locks/sysvol/xxxxxxx/scripts
>>          read only = No
>>  From September 10 onwards, we have continuously seen errors similar to
the
>> following in the event logs:
>>
>> bash
>> Copiar c?digo
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.301924,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302148,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302159,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302169,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302179,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302192,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302365,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302387,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302398,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302408,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302417,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302426,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302439,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302459,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302649,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10 09:41:36.302672,  0]
>> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
>>
>>
>> We are actively looking for information regarding this error but have
not
>> been able to pinpoint the root cause.
>>
>> Please feel free to reach out to me.
>>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Gabriel

2024-Oct-08 23:27 UTC

head link

[Samba] Error SAMBA4.19.2

Thanks, Douglas.

Due to these recurring incidents, we have migrated the entire SAMBA 4 farm
(11 domain controllers) to version 4.20.5.

We have realized that the current issue is caused by LDAP queries,
primarily coming from port 3269 (Global Catalog). There is a proxy service
that queries our domain controller to authenticate the user and authorize
access via security groups, assigning the corresponding navigation profile.

During peak demand hours, this service temporarily delegates tasks, driving
the CPU usage of all controllers to 100% due to the prefork ldap process.

We are currently working with the owner of this service to optimize queries
to our Global Catalog. The query is currently composed as follows:

User logon ID attribute: uid
First name attribute: givenname
Last name attribute: sn
Group attribute: cn
MemberOf attribute: memberOf
User search filter: (objectclass=person)
Group search filter: (cn=INT*)
Domain search filter:
(|(objectclass=organizationalUnit)(objectclass=organization)(objectclass=domain))
User's group search filter: (|(member=%dn)(uniquemember=%dn))

Unfortunately, on the Samba4 side, we cannot prevent this behavior. We have
increased the number of preforks and attempted to configure LDAP caching,
but all attempts have recently.

Thanks.
Gabriel



El mar, 8 oct 2024 a las 19:26, Douglas Bagnall (<
douglas.bagnall at catalyst.net.nz>) escribi?:
> hi Gabriel,
>
> >> /usr/local/samba/private/sam.ldb: Error (24) Too many open files -
>
> I have not seen other reports of 4.19 or similar versions running out of
> open files, so I suspect it is a peculiarity of your machine.
>
> This message from 2018 has some hints for diagnosis and fixes:
>
> https://lists.samba.org/archive/samba/2018-April/215130.html
>
> And you could also look at the output of `lsof` to see what has which
> files open.
>
> If it does seem like Samba is leaking files, please tell us!
>
> cheers,
> Douglas
>
>
> On 4/10/24 03:26, Gabriel via samba wrote:
> > Good evening,
> >
> >>
> >> We have been dealing with an incident for several weeks during
peak load
> >> times, either due to authentications or service accesses that rely
on
> Samba
> >> 4 AD. Below are the details of the current Samba version and OS:
> >>
> >> **Samba version 4.19.2**
> >>
> >> ```bash
> >> ~$ uname -r
> >> 5.15.0-41-generic
> >> ~$ sudo lsb_release
> >> No LSB modules are available.
> >> ~$ sudo lsb_release -a
> >> No LSB modules are available.
> >> Distributor ID: Ubuntu
> >> Description:    Ubuntu 20.04.2 LTS
> >> Release:        20.04
> >> Codename:       focal
> >> The first error that appeared in the logs since September 10 is as
> follows:
> >>
> >> bash
> >> Copiar c?digo
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.301924,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
encrypted_secrets
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
group_audit_log
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
repl_meta_data
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
subtree_delete
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module aclread
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module acl
initialization
> >> failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module descriptor
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module objectclass
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module audit_log
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module asq
initialization
> >> failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module server_sort
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module vlv
initialization
> >> failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
dsdb_paged_results
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module dirsync
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module schema_load
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module
dsdb_notification
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module rootdse
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: module samba_dsdb
> >> initialization failed : Operations error
> >> Sep 10 09:41:36 domain samba[1658021]:   ldb: Unable to load
modules for
> >> /usr/local/samba/private/sam.ldb: Error (24) Too many open files -
> Opening
> >> encrypted_secrets key file
> >> The current configuration file is:
> >>
> >> bash
> >> Copiar c?digo
> >> # Global parameters
> >> [global]
> >>          bind interfaces only = Yes
> >>          dns forwarder = x.x.x.x x.x.x.x
> >>          interfaces = lo ens3
> >>          netbios name = xxxxxx
> >>          realm = xxxxxx
> >>          server role = active directory domain controller
> >>          workgroup = xxxxx
> >>
> >>          tls enabled  = yes
> >>          tls keyfile  = /usr/local/xxxxx/private/tls/key.pem
> >>          tls certfile = /usr/local/xxxxx/private/tls/cert.pem
> >>          tls cafile   = /usr/local/xxxxx/private/tls/ca.pem
> >>
> >>          log level = 1 dsdb_json_audit:2
dsdb_password_json_audit:2
> >> dsdb_group_json_audit:2 dsdb_transaction_json_audit:2
auth_json_audit:3@
> >> /usr/local/samba/var/log.samba
> >>          max log size = 100000
> >>
> >>          tls priority = NORMAL:-VERS-TLS1.0:-VERS-TLS1.1
> >>          restrict anonymous = 2
> >>          disable netbios = yes
> >>          smb ports = 445
> >>          printcap name = /dev/null
> >>          load printers = no
> >>          disable spoolss = yes
> >>          printing = bsd
> >>
> >> [sysvol]
> >>          path = /usr/local/samba/var/locks/sysvol
> >>          read only = No
> >>
> >> [netlogon]
> >>          path = /usr/local/samba/var/locks/sysvol/xxxxxxx/scripts
> >>          read only = No
> >>  From September 10 onwards, we have continuously seen errors
similar to
> the
> >> following in the event logs:
> >>
> >> bash
> >> Copiar c?digo
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.301924,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302148,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302159,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302169,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302179,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302192,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302365,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302387,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302398,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302408,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302417,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302426,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302439,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302459,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302649,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >> Sep 10 09:41:36 domain samba[1658021]: [2024/09/10
09:41:36.302672,  0]
> >> ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
> >>
> >>
> >> We are actively looking for information regarding this error but
have
> not
> >> been able to pinpoint the root cause.
> >>
> >> Please feel free to reach out to me.
> >>
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>

Possibly Parallel Threads

Search for more apparently analagous threads

samba - Oct 2024 - Error SAMBA4.19.2

[Samba] Error SAMBA4.19.2

[Samba] Error SAMBA4.19.2

Possibly Parallel Threads