Project

General

Profile

Bug #6124

We have to restart CIFS-Service from time to time, when using it with Linux-Clients

Added by Technik Team almost 6 years ago. Updated about 3 years ago.

Status:
Closed: Insufficient Info
Priority:
Nice to have
Assignee:
John Hixson
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

We do have following situation:
- Freenas 9.2.1.7
- Active Directory is used as User-Authentication
- some samba-Shares are set
- some Linux-Clients mount these samba-shares via cifs

Our problem is, that mounting these samba shares is working fine but we do have the problem, that once in 2 weeks we do have to restart this freenas-box because on one of our linux-box we can't mount the share anymore. We always get following message:

[root@vref7 ~]# mount -t cifs -o user=sourcecodeaccess,workgroup=netzwerk //monster.netzwerk.intern/workexpert /var/www/trunk
Password:
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

When we restart cifs and active directory service on feenas, everything works fine and we can mount this mountpoint again.
Strange is: we do have several other linux-clients. At the situation, when a box can't remount the share - other clients still can. And: on other clients i can mount share from the buggy-Client too. On same time i can mount a samba-share on this buggy client from another windows-host - so the client isn't the reason.

Because of these tests I'm completely sure, this is a problem on freenas.

Is there a way we easily can debug authentication-Process with cifs on freenas?

History

#1 Updated by Jordan Hubbard almost 6 years ago

  • Status changed from Unscreened to Screened
  • Target version set to 9.2.1.8-RELEASE

BRB: Can you turn the samba logging level up to debug and then attach the logs to this ticket when you've reproduced the problem. Also, ensure that you can ping the freenas box from the linux box during those periods when it cannot be mounted, just to validate that this is not a networking issue. Thanks.

#2 Updated by Technik Team almost 6 years ago

Jordan Hubbard wrote:

BRB: Can you turn the samba logging level up to debug and then attach the logs to this ticket when you've reproduced the problem. Also, ensure that you can ping the freenas box from the linux box during those periods when it cannot be mounted, just to validate that this is not a networking issue. Thanks.

- Yes, I'll attach the logs to this ticket when it occures again.
- i've tested the ping from both machines when this problem occured: every ping was ok

#3 Updated by Josh Paetzel almost 6 years ago

  • Target version changed from 9.2.1.8-RELEASE to 9.3-BETA

Too much is going on (shellshock for instance) to hold up 9.2.1.8 any further.

#4 Updated by Josh Paetzel almost 6 years ago

  • Target version changed from 9.3-BETA to 49

#5 Updated by Technik Team almost 6 years ago

less +F /var/log/messages

:17:26 monster nmbd92254: [2014/11/13 17:17:26.846314, 0, pid=92254, effective(0, 0), real(0, 0)] ../source3/nmbd/nmbd_namequery.c:109(query_name_response)
Nov 13 17:17:26 monster nmbd92254: query_name_response: Multiple (2) responses received for a query on subnet 192.168.100.35 for name NETZWERK<1d>.
Nov 13 17:17:26 monster nmbd92254: This response was from IP 192.168.100.10, reporting an IP address of 192.168.100.10.
Nov 13 17:21:04 monster smbd92258: [2014/11/13 17:21:04.218265, 0, pid=92258, effective(0, 0), real(0, 0)] ../source3/smbd/server.c:563(smbd_accept_connection)
Nov 13 17:21:04 monster smbd92258: accept: Software caused connection abort

cat /usr/local/etc/smb4.conf
[global]
server max protocol = SMB2_24
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 11070
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = Yes
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
server string = FreeNAS
ea support = yes
store dos attributes = yes
time server = yes
acl allow execute always = true
idmap config *:backend = tdb
idmap config *:range = 90000000-100000000
server role = member server
netbios name = MONSTER
workgroup = NETZWERK
realm = NETZWERK.INTERN
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
acl check permissions = true
acl map full control = true
dos filemode = yes
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
idmap config NETZWERK: backend = rid
idmap config NETZWERK: range = 20000-20000000
allow trusted domains = yes
template shell = /bin/sh
template homedir = /home/%U
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 10

path = /mnt/tank1-1/share-workexpert
printable = no
veto files = /.snap/.windows/.zfs/
writeable = yes
browseable = yes
recycle:repository = .recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:directory_mode = 0777
recycle:subdir_mode = 0700
shadow:snapdir = .zfs/snapshot
shadow:sort = desc
shadow:localtime = yes
shadow:format = auto-%Y%m%d.%H%M-10d
vfs objects = shadow_copy2 zfsacl streams_xattr aio_pthread
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
zfsacl:acesort = dontcare

btw: the first entry regarding restarting the cifs and Directory servcie was w: we had to restartthe complete freenas System.

right now we have the same issue again, we will restart the freenas appliance in 2h, inbetween we are playing with different Mount Options on the client side.

#6 Updated by Technik Team almost 6 years ago

just for the complete record: we sitched from smb2_24 to smb_2, no change.

restartet cifs and the Directory Service: no change.

all hosts can ping each other, dsn resolv is ok, all are on the same dns Domain. Linux clients are not member of the AD (so no workstation account).

restarting the freenas box resolvs this issue temporary (well, for 2-3 weeks)

right now we have no way to stress the freenas cifs service, to reproduce the Problem on a sooner time schedule.

#7 Updated by John Hixson about 5 years ago

  • Status changed from Screened to Closed: Insufficient Info

#8 Avatar?id=14398&size=24x24 Updated by Kris Moore about 3 years ago

  • Target version changed from 49 to N/A

Also available in: Atom PDF