|
|
Пишет Русскоязычное Linux-сообщество (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} lj_ru_linux)@ 2014-03-04 14:01:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
Samba или сеть или ...
У меня возникла следующая проблема. Samba (а может и не самба) начала чудить и периодически внезапно стал пропадать доступ к папкам пользователей и расшареным папкам, а потом опять внезапно появляться. Windows могла не пускать пользователя с первого раза, но пускать через 10 минут или после перезагрузки. При этом, с данной конфигурацией год-два всё работало нормально. Бился я с этой проблемой-бился, не пробился и принял радикальное решение перенести всё на другой сервер, который поднял с нуля (благо давно хотел это сделать). Первую неделю всё работало хорошо, сейчас опять пошли эти симптомы — папки уже то проявляются, то пропадают. При этом порой не пускает по ssh — пишет что-то типа connection refused или coonnection closed by server, так же ошибка мерцающая, в логах следов этого нет. Я не понимаю в чём именно проблема, с самбой, с сетью, с чем-нибудь ещё? Как это проверить? Отдельная беда, что всё это происходит в школе и уже дело доходит до срыва уроков. На сервере стоит только самба и управлялка на Ruby on Rails. Ubuntu 12.04. Даже когда возникают эти ошибки нагрузка на систему небольшая.
В syslog'е из ошибок только регулярная ошибка SASL:
Mar 4 17:49:02 servsmb slapd[1132]: SASL [conn=2934] Failure: no secret in database
В логах самбы по машинам куча мелких ошибок типа таких:
[2014/03/04 14:00:38.670114, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/trans2.c(5238) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2014/03/04 14:00:38.713328, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/nttrans.c(557) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND
[2014/03/04 14:03:01.969433, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2014/03/04 14:03:01.977544, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY
[2014/03/04 14:03:01.980004, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/nttrans.c(250) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL
smb.conf:
[global]
netbios name = servsmb
workgroup = SCH25-students
server string = %h server
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#hosts allow = 10.0.25.0/255.255.0.0, 127.0.0.1
name resolve order = bcast
wins support = yes
#wins server = 10.0.25.253
dns proxy = no
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost
idmap backend = ldap:ldap://localhost
#ldaps
obey pam restrictions = no
ldap admin dn = cn=admin,dc=sch25-students,dc=local
ldap suffix = dc=sch25-students,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = off
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
os level = 255
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
time server = yes
admin users = admin
#socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
getwd cache = yes
read raw = yes
write raw = yes
max xmit = 65536
dns proxy = no
name resolve order = wins hosts bcast lmhosts
wide links = yes
unix extensions = no
unix password sync = yes
map untrusted to domain = Yes
# guest account = pcguest
map to guest = nobody
logon drive = P:
#logon path and home doesn't work for ldap — look pdbedit
logon home = \\%N\%U
logon path = \\%N\profiles\%u
logon script = logon.cmd
usershare allow guests = yes
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
dos charset = 866
unix charset = utf-8
display charset = CP1251
[homes]
browseable = no
read only = no
path = /samba/home/%u
comment = %u - Home Directory
create mode = 0775
directory mode = 0775
force create mode = 0775
force directory mode = 0775
invalid users = root join
nt acl support = no
root preexec = /var/www/smbash/clr-recursive-folders %u
hide files = /desktop.ini/$RECYCLE.BIN/
# r
#if [ -h "/samba/home/%u/%u" ]; then rm /samba/home/%u/%u; fi
#/var/www/smbash/clr-recursive-folders %u
#root preexec = /var/www/smbash/set_perm %u
#[incoming]
#comment = Incoming
#browseable = no
#readonly = no
#writeable = yes
#write list = admins
#read list = admins
#path = /var/www
#guest account = pcguest
#guest ok = yes
#invalid users = root, join
#write list = @prog
#force group = prog
[prog]
comment = Prog
browseable = yes
readonly = yes
#writeable = yes
#write list = admins
#read list = admins
create mode = 0664
directory mode = 0775
force create mode = 0664
force directory mode = 0775
#force group = prog
# valid users = @admins
read only = yes
guest account = pcguest
guest ok = yes
write list = @teachers
invalid users = root join
path = /samba/shares/prog
[public]
comment = Public
browseable = yes
readonly = yes
#writeable = yes
#write list = @admins, @teachers
#read list = admins
path = /samba/shares/public
create mode = 0664
directory mode = 0775
force create mode = 0664
force directory mode = 0775
#force group = public
# valid users = @admins
read only = yes
guest account = pcguest
guest ok = yes
write list = @teachers
invalid users = root join
[students]
browseable = yes
comment = Students
path = /samba/home_by/Grades
#force group = teachers
create mask = 0775
force create mode = 0775
#0664
directory mask = 0775
force directory mode = 0775
#force user = teachers
valid users = @teachers
read only = yes
# guest ok = yes
write list = @teachers
#read list = @teachers
invalid users = root join
[netlogon]
comment = Network Logon Service
browseable = no
path = /samba/netlogon/
guest ok = yes
read only = yes
[profiles]
comment = Network Profiles Share
path = /samba/profiles/users
browseable = no
writeable = yes
profile acls = yes
hide files = /desktop.ini/$RECYCLE.BIN/
# r
csc policy = disable
create mode = 0700
directory mode = 0700
force create mode = 0700
force directory mode = 0700
invalid users = root join
nt acl support = no
root preexec = /var/www/smbash/set_perm %u
#root preexec = /usr/local/sbin/smbprofupdate in %u %m %I
#root postexec = /usr/local/sbin/smbprofupdate out %u %m %I
# root preexec = /usr/local/sbin/smbusertraq in %u %m %I
# root postexec = /usr/local/sbin/smbusertraq out %u %m %I
# hosts allow = 10.0.1.0/255.255.255.0, 10.0.10.0/255.255.255.0, 127.0.0.1
# hide files = /desktop.ini
# hide files = /desktop.ini/$RECYCLE.BIN/
# read only = no
# store dos attributes = yes
# create mask = 0600
# directory mask = 0700
# browseable = yes
# guest ok = no
# printable = no
# profile acls = yes
# csc policy = disable
# root preexec = /usr/local/sbin/smbprofupdate in %u %m %I
# root postexec = /usr/local/sbin/smbprofupdate out %u %m %I
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
#[profiles]
# comment = Users profiles
# path = /samba/profiles
# guest ok = no
# browseable = no
# create mask = 0600
# directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
write list = root, @lpadmin
postexec = /bin/umount /cdrom
У меня возникла следующая проблема. Samba (а может и не самба) начала чудить и периодически внезапно стал пропадать доступ к папкам пользователей и расшареным папкам, а потом опять внезапно появляться. Windows могла не пускать пользователя с первого раза, но пускать через 10 минут или после перезагрузки. При этом, с данной конфигурацией год-два всё работало нормально. Бился я с этой проблемой-бился, не пробился и принял радикальное решение перенести всё на другой сервер, который поднял с нуля (благо давно хотел это сделать). Первую неделю всё работало хорошо, сейчас опять пошли эти симптомы — папки уже то проявляются, то пропадают. При этом порой не пускает по ssh — пишет что-то типа connection refused или coonnection closed by server, так же ошибка мерцающая, в логах следов этого нет. Я не понимаю в чём именно проблема, с самбой, с сетью, с чем-нибудь ещё? Как это проверить? Отдельная беда, что всё это происходит в школе и уже дело доходит до срыва уроков. На сервере стоит только самба и управлялка на Ruby on Rails. Ubuntu 12.04. Даже когда возникают эти ошибки нагрузка на систему небольшая.
В syslog'е из ошибок только регулярная ошибка SASL:
Mar 4 17:49:02 servsmb slapd[1132]: SASL [conn=2934] Failure: no secret in database
В логах самбы по машинам куча мелких ошибок типа таких:
[2014/03/04 14:00:38.670114, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/trans2.c(5238) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2014/03/04 14:00:38.713328, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/nttrans.c(557) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND
[2014/03/04 14:03:01.969433, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND
[2014/03/04 14:03:01.977544, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/error.c(161) cmd=162 (SMBntcreateX) NT_STATUS_FILE_IS_A_DIRECTORY
[2014/03/04 14:03:01.980004, 3] smbd/error.c:81(error_packet_set)
error packet at smbd/nttrans.c(250) cmd=160 (SMBnttrans) NT_STATUS_BUFFER_TOO_SMALL
smb.conf:
[global]
netbios name = servsmb
workgroup = SCH25-students
server string = %h server
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#hosts allow = 10.0.25.0/255.255.0.0, 127.0.0.1
name resolve order = bcast
wins support = yes
#wins server = 10.0.25.253
dns proxy = no
log file = /var/log/samba/log.%m
log level = 3
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
encrypt passwords = true
passdb backend = ldapsam:ldap://localhost
idmap backend = ldap:ldap://localhost
#ldaps
obey pam restrictions = no
ldap admin dn = cn=admin,dc=sch25-students,dc=local
ldap suffix = dc=sch25-students,dc=local
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
ldap ssl = off
; Do ldap passwd sync
ldap passwd sync = Yes
passwd program = /usr/sbin/smbldap-passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated*
add user script = /usr/sbin/smbldap-useradd -m "%u"
ldap delete dn = no
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
os level = 255
domain logons = yes
domain master = yes
preferred master = yes
local master = yes
time server = yes
admin users = admin
#socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
getwd cache = yes
read raw = yes
write raw = yes
max xmit = 65536
dns proxy = no
name resolve order = wins hosts bcast lmhosts
wide links = yes
unix extensions = no
unix password sync = yes
map untrusted to domain = Yes
# guest account = pcguest
map to guest = nobody
logon drive = P:
#logon path and home doesn't work for ldap — look pdbedit
logon home = \\%N\%U
logon path = \\%N\profiles\%u
logon script = logon.cmd
usershare allow guests = yes
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
dos charset = 866
unix charset = utf-8
display charset = CP1251
[homes]
browseable = no
read only = no
path = /samba/home/%u
comment = %u - Home Directory
create mode = 0775
directory mode = 0775
force create mode = 0775
force directory mode = 0775
invalid users = root join
nt acl support = no
root preexec = /var/www/smbash/clr-recursive-folders %u
hide files = /desktop.ini/$RECYCLE.BIN/
# r
#if [ -h "/samba/home/%u/%u" ]; then rm /samba/home/%u/%u; fi
#/var/www/smbash/clr-recursive-folders %u
#root preexec = /var/www/smbash/set_perm %u
#[incoming]
#comment = Incoming
#browseable = no
#readonly = no
#writeable = yes
#write list = admins
#read list = admins
#path = /var/www
#guest account = pcguest
#guest ok = yes
#invalid users = root, join
#write list = @prog
#force group = prog
[prog]
comment = Prog
browseable = yes
readonly = yes
#writeable = yes
#write list = admins
#read list = admins
create mode = 0664
directory mode = 0775
force create mode = 0664
force directory mode = 0775
#force group = prog
# valid users = @admins
read only = yes
guest account = pcguest
guest ok = yes
write list = @teachers
invalid users = root join
path = /samba/shares/prog
[public]
comment = Public
browseable = yes
readonly = yes
#writeable = yes
#write list = @admins, @teachers
#read list = admins
path = /samba/shares/public
create mode = 0664
directory mode = 0775
force create mode = 0664
force directory mode = 0775
#force group = public
# valid users = @admins
read only = yes
guest account = pcguest
guest ok = yes
write list = @teachers
invalid users = root join
[students]
browseable = yes
comment = Students
path = /samba/home_by/Grades
#force group = teachers
create mask = 0775
force create mode = 0775
#0664
directory mask = 0775
force directory mode = 0775
#force user = teachers
valid users = @teachers
read only = yes
# guest ok = yes
write list = @teachers
#read list = @teachers
invalid users = root join
[netlogon]
comment = Network Logon Service
browseable = no
path = /samba/netlogon/
guest ok = yes
read only = yes
[profiles]
comment = Network Profiles Share
path = /samba/profiles/users
browseable = no
writeable = yes
profile acls = yes
hide files = /desktop.ini/$RECYCLE.BIN/
# r
csc policy = disable
create mode = 0700
directory mode = 0700
force create mode = 0700
force directory mode = 0700
invalid users = root join
nt acl support = no
root preexec = /var/www/smbash/set_perm %u
#root preexec = /usr/local/sbin/smbprofupdate in %u %m %I
#root postexec = /usr/local/sbin/smbprofupdate out %u %m %I
# root preexec = /usr/local/sbin/smbusertraq in %u %m %I
# root postexec = /usr/local/sbin/smbusertraq out %u %m %I
# hosts allow = 10.0.1.0/255.255.255.0, 10.0.10.0/255.255.255.0, 127.0.0.1
# hide files = /desktop.ini
# hide files = /desktop.ini/$RECYCLE.BIN/
# read only = no
# store dos attributes = yes
# create mask = 0600
# directory mask = 0700
# browseable = yes
# guest ok = no
# printable = no
# profile acls = yes
# csc policy = disable
# root preexec = /usr/local/sbin/smbprofupdate in %u %m %I
# root postexec = /usr/local/sbin/smbprofupdate out %u %m %I
# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
#[profiles]
# comment = Users profiles
# path = /samba/profiles
# guest ok = no
# browseable = no
# create mask = 0600
# directory mask = 0700
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
write list = root, @lpadmin
postexec = /bin/umount /cdrom
