Samba 3.0.9 runs in SCO OSR506 - but many smbd in CLOSE_WAIT
Robert Troester
OSR506 (5.0.6j with multiprocessing 1.1.1Ga). Now I have it running, but
with a flaw which, if not fixed, will force me to return to Samba 2.2.x.
So I really would appreciate some enlightenment - maybe I missed a step?
We have a small site with one unix server and some 60 PCs, mixed 98,
2000 and XP. I had successfully been running samba 2.2.11 (compiled with
no problems with gcc 2.95.2 and the Development System 5.1.2A into the
default /usr/local/samba tree) as a PDC/WINS/file/print server.
I am describing my Samba 3 install steps in detail because they were not
(to me) obvious, and I haven't seen them anywhere else:
-----------------------------------------------------------------------------
To install Samba 3 I installed the following from a RS506A base (with
other, hopefully unimportant-to-mention CSSA, OSS, and Skunkware
programs from SCO, and some compiled-from-source programs):
1) SLS OSS646C (Execution Environment Supplement)
(ftp.sco.com/pub/openserver5/oss646c/)
2) Suppl. Graphics, Web and X11 Libraries gwxlibs-1.3.2Ag
(ftp.sco.com/pub/openserver5/opensrc/gwxlibs-1.3.2Ag/)
3) X.Org X Window System Version 11 Release 6.7 Supplement xorg-6.7.0BA
(ftp.sco.com/pub/openserver5/opensrc/xorg-6.7.0Ba/)
4) Suppl. Graphics, Web and X11 Libraries gwxlibs-1.3.3Db (SCOSA-2004-10.1)
(ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/)
These have to be installed in this order.
Then to get gcc 2.95.3, add the GNU Development Tools (and put
/usr/gnu/bin first in the PATH but watch out for other tools with
differing syntax, like df):
5) gnutools-5.0.7Kj
(ftp.sco.com/pub/openserver5/opensrc/gnutools-5.0.7Kj/)
With that, samba 3.0.10 compiled (with many error messages) but core
dumped when anything was executed.
So I tried another tack and downloaded and installed samba-3.0.9-VOLS.cpio
(ftp2.caldera.com/pub/skunkware/osr5/net/samba/ or
ftp2.sco.com/pub/skunkware/osr5/vols/)
which installs all over the place in Linux-layout: /etc/samba/, /usr/sbin/,
/var/log/samba/, /usr/share/samba/swat/, /usr/share/lib/samba,
/var/lib/samba/.
Then I
1) copied the 2.2.x smb.conf, secrets.tdb, smbpasswd to /etc/samba/ and
removed the entries in smb.conf that were no longer supported in 3.0.
2) copied my startup.bat used to set Win98 clocks to
/var/lib/samba/netlogon/.
3) copied my static WINS entries from /etc/hosts to /etc/samba/lmhosts
(although there was some reference I read to putting them in
/var/lib/samba/wins.dat with samba stopped, but it did not seem
necessary(?)).
4) changed /etc/inetd.conf to point at swat in /usr/sbin/.
5) fixed an error in the install (that prevented displaying the
documentation links on the SWAT home page) by copying
welcome-swat.html to welcome.html in /usr/share/samba/swat/help/.
6) fixed another error that created /var/spool/samba owned by bin mode
755, where in release 2.2.x it had been owned by root mode 1777. That
proved necessary in release 3.0 as well.
---------------------------------------------------------------------------
After doing all that, it just worked! Well, almost. It did the
PDC/WINS/file/print functions perfectly, even to joining new WinXP PCs
tothe domain. But two problems remain, one a killer:
1) I tried setting up a RHEL 3 Linux box as a file and print server with
security=domain to authorize from the SCO PDC. It would work with
/etc/passwd, /etc/shadow, /etc/group, and smbpasswd manually syncronized
with the SCO PDC and passdb=smbpaswd but only if I logged in as
"linuxbox\bob" not just "bob". Maybe this is reasonable, just unexpected.
To attempt a single-sign-on procedure I also tried setting up pam and
winbind according to the docs (without ldap). As soon as I changed
/etc/pam.d/samba it locked me out, would not let root (or xxx\root where
xxx were various domain guesses) log in to swat. Without pam, of
course, windbind wouldn't work so it it couldn't find the PDC and
attempts to mount shares from a PC were met with "there are curently no
logon servers to service the logon request." I could just have made a
configuration error,which I might yet find, but is it possible that the
SCO PDC is just not talking?
2) The really serious problem is that smbd daemons do not seem to exit
when the connection is terminated, so what I see are smbd processes in
CLOSE_WAIT or CLOSED state on port 139 or 445 that never die but use cpu
at a rapid rate so that the number of queued processes rises so high
that sendmail shuts down serving! It may be that processes in
ESTABLISHED statealso never die, even when the PC is shut down and
people go home at night.
To counteract this I have to monitor periodically with ps and lsof and
kill -9 the runaway smbd processes. Obviously, I can't keep doing that
even if i automate the process.
It appears that it may be only the Windows XP clients that produce this
problem: when a W2K client shuts down it appears the smbd daemon
terminates normally; so far I haven't determined what happens with
Windows 98 clients.
Googling finds one similar problem, maybe: mailing.unix.samba, 3Dec04,
14Dec04 "[Samba] smbd hung processes - Samba 3.0.7" on RHEL, but that
problem happened intermittently and no resolution was reported. In
comp.protocols.smb, 7Jul03 "SMB Hangs" it seems to be a problem fixed in
2.2.8a. I am including below some excerpts of log messages at level 1
that look interesting and the obligatory smb.conf [global].
I would really appreciate some insight on how to debug this problem. TIA.
------------------------------------------------------------------------------
main log.nmbd (this appears to be a normal domain master startup?):
*****
[2005/02/12 13:41:44, 0] nmbd/nmbd.c:main(668)
Netbios nameserver version 3.0.9-20041212-SCO started.
Copyright Andrew Tridgell and the Samba Team 1994-2004
[2005/02/12 13:41:45, 0] nmbd/asyncdns.c:start_async_dns(149)
started asyncdns process 726
[2005/02/12 13:41:45, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
add_domain_logon_names:
Attempting to become logon server for workgroup VTAGR on subnet n.m.g.2
[2005/02/12 13:41:45, 0] nmbd/nmbd_logonnames.c:add_logon_names(163)
add_domain_logon_names:
Attempting to become logon server for workgroup VTAGR on subnet
UNICAST_SUBNET
[2005/02/12 13:41:45, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327)
become_domain_master_browser_wins:
Attempting to become domain master browser on workgroup VTAGR, subnet
UNICAST_SUBNET.
[2005/02/12 13:41:45, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341)
become_domain_master_browser_wins: querying WINS server from IP
n.m.g.2 for domain master browser name VTAGR<1b> on workgroup VTAGR
[2005/02/12 13:41:45, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for
workgroup VTAGR on subnet UNICAST_SUBNET
[2005/02/12 13:41:45, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
*****
Samba server VTAGR02 is now a domain master browser for workgroup
VTAGR on subnet UNICAST_SUBNET
*****
[2005/02/12 13:41:45, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282)
become_domain_master_browser_bcast:
Attempting to become domain master browser on workgroup VTAGR on
subnet n.m.g.2
[2005/02/12 13:41:45, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295)
become_domain_master_browser_bcast: querying subnet n.m.g.2 for
domain master browser on workgroup VTAGR
[2005/02/12 13:41:50, 0]
nmbd/nmbd_logonnames.c:become_logon_server_success(124)
become_logon_server_success: Samba is now a logon server for
workgroup VTAGR on subnet n.m.g.2
[2005/02/12 13:41:54, 0]
nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113)
*****
Samba server VTAGR02 is now a domain master browser for workgroup
VTAGR on subnet n.m.g.2
*****
[2005/02/12 13:42:08, 0]
nmbd/nmbd_become_lmb.c:become_local_master_stage2(396)
*****
Samba name server VTAGR02 is now a local master browser for workgroup
VTAGR on subnet n.m.g.2
*****
------------------------------------------------------------
main log.smbd (no error messages):
[2005/02/12 13:41:47, 0] smbd/server.c:main(760)
smbd version 3.0.9-20041212-SCO started.
Copyright Andrew Tridgell and the Samba Team 1992-2004
------------------------------------------------------------
log.0.0.0.0 (don't understand why this log exists, or others named
log.ipaddress which are always 0-length - is this significant?):
[2005/02/12 11:46:04, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Socket is not connected
[2005/02/12 11:46:04, 0] lib/access.c:check_access(328)
[2005/02/12 11:46:04, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Socket is not connected
Denied connection from (0.0.0.0)
[2005/02/12 11:46:04, 1] smbd/process.c:process_smb(1085)
[2005/02/12 11:46:04, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Socket is not connected
Connection denied from 0.0.0.0
[2005/02/12 11:46:04, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Broken pipe
[2005/02/12 11:46:04, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 5 bytes to socket 22: ERRNO = Broken pipe
[2005/02/12 11:46:04, 0] lib/util_sock.c:send_smb(647)
Error writing 5 bytes to client. -1. (Broken pipe)
----------------------------------------------------
log.smbd (SCO doesn't seem to support SO_KEEPALIVE):
[2005/02/12 11:01:04, 0] smbd/server.c:open_sockets_smbd(383)
open_sockets_smbd: accept: Invalid argument
[2005/02/12 11:46:04, 0] lib/util_sock.c:set_socket_options(202)
Failed to set socket option SO_KEEPALIVE (Error Connection reset by peer)
[2005/02/12 11:46:04, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Socket is not connected
-----------------------------------------------------
log.vtagrpc34 (a W2K client booting and mounting shares):
[2005/02/12 14:58:11, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service LC1 initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:58:11, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service mosquito initially as user
mosdb (uid=195, gid=102) (pid 2715)
[2005/02/12 14:58:12, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service pcwin initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:58:12, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service pcdos initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:58:12, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service users initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:58:32, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service mosquito initially as user
mosdb (uid=195, gid=102) (pid 2715)
[2005/02/12 14:58:47, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service users initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:58:47, 1] smbd/service.c:close_cnum(836)
vtagrpc34 (n.m.g.34) closed connection to service users
[2005/02/12 14:59:02, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service pcwin initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:59:39, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service pcdos initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:59:39, 1] smbd/service.c:close_cnum(836)
vtagrpc34 (n.m.g.34) closed connection to service pcdos
[2005/02/12 14:59:39, 1] smbd/service.c:make_connection_snum(648)
vtagrpc34 (n.m.g.34) connect to service users initially as user bob
(uid=201, gid=201) (pid 2715)
[2005/02/12 14:59:39, 1] smbd/service.c:close_cnum(836)
vtagrpc34 (n.m.g.34) closed connection to service users
[2005/02/12 15:00:27, 0]
rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2627)
spoolss_connect_to_client: machine VTAGRPC34 rejected the tconX on
the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
[2005/02/12 15:00:27, 0]
rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2627)
spoolss_connect_to_client: machine VTAGRPC34 rejected the tconX on
the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
[2005/02/12 15:00:27, 0]
rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2627)
spoolss_connect_to_client: machine VTAGRPC34 rejected the tconX on
the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
[2005/02/12 15:00:27, 0]
rpc_server/srv_spoolss_nt.c:spoolss_connect_to_client(2627)
spoolss_connect_to_client: machine VTAGRPC34 rejected the tconX on
the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED.
[2005/02/12 15:01:23, 0] smbd/service.c:make_connection(800)
vtagrpc34 (n.m.g.34) couldn't find service printer$
[2005/02/12 15:01:28, 0] smbd/service.c:make_connection(800)
vtagrpc34 (n.m.g.34) couldn't find service printer$
[2005/02/12 15:09:51, 1] smbd/service.c:close_cnum(836)
vtagrpc34 (n.m.g.34) closed connection to service mosquito
--------------------------------------
The Linux box, a supposed domain member server, in PDC log after PC failed
to mount DMC share:
[2005/02/12 15:01:24, 0] lib/fault.c:fault_report(36)
===============================================================
[2005/02/12 15:01:24, 0] lib/fault.c:fault_report(37)
INTERNAL ERROR: Signal 11 in pid 3550 (3.0.9-20041212-SCO)
Please read the appendix Bugs of the Samba HOWTO collection
[2005/02/12 15:01:24, 0] lib/fault.c:fault_report(39)
===============================================================
[2005/02/12 15:01:24, 0] lib/util.c:smb_panic2(1403)
PANIC: internal error
--------------------------------------
smb.conf:
# Samba config file created using SWAT
# from n.m.g.34 (n.m.g.34)
# Date: 2005/02/11 18:32:26
# Global parameters
[global]
workgroup = VTAGR
server string = VT Agr Samba Server (%m) %v
min password length = 6
map to guest = Bad User
guest account = smbprint
passwd program = /bin/passwd %u
passwd chat = *Enter*choice* \n *New*password* %n\n *enter*password*
%n\n \n .
username map = /etc/samba/smbusers
password level = 8
unix password sync = Yes
log level = 1
log file = /var/log/samba/logs/log.%m
time server = Yes
deadtime = 15
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
logon script = startup.bat
logon home = \\%N\%U\profile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
kernel oplocks = No
ldap ssl = no
message command = /bin/mailx -s'Message from %f on %m' root<%s; rm %s
remote announce = n.m.g.127/ADMIN n.m.g.127/'AG DEVELOPMENT'
n.m.g.127/AH n.m.g.127/CA n.m.g.127/CP n.m.g.127/DAIRY n.m.g.127/LABS
n.m.g.127/EXEC n.m.g.127/MI n.m.g.127/NRCC n.m.g.127/PI
printer admin = @ntadmin, root, administrator
create mask = 0775
directory mask = 0775
hosts allow = n.m.g.0/255.255.255.128, n.m.p.0/255.255.255.128,
a.b.0.0/255.255.0.0, n.m.x.0/255.255.255.0, n.m.s.0/255.255.255.0
map archive = No
oplocks = No
level2 oplocks = No
wide links = No
delete readonly = Yes
dos filetimes = Yes
[homes]
...