有时 samba 4.1.11 会停止为客户端提供服务。每天,我都必须重新启动 smbd 才能修复此问题。Windows 客户端会提示共享设备无法访问或身份验证失败。
当他们尝试连接时,会生成以下日志:
[2014/09/17 09:37:19.739314, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
check_ntlm_password: authentication for user [user] -> [user] -> [DOMAIN\user] succeeded
[2014/09/17 09:58:41.021885, 1] ../source3/param/loadparm.c:3178(lp_do_parameter)
WARNING: The "idmap uid" option is deprecated
[2014/09/17 09:58:41.022305, 1] ../source3/param/loadparm.c:3178(lp_do_parameter)
WARNING: The "idmap gid" option is deprecated
[2014/09/17 09:58:41.022621, 2] ../source3/param/loadparm.c:3581(do_section)
Processing section "[home]"
[2014/09/17 09:58:41.028757, 2] ../source3/auth/auth.c:278(auth_check_ntlm_password)
check_ntlm_password: authentication for user [user] -> [user] -> [DOMAIN\user] succeeded
据我所知,如果服务正常运行,则应该遵循以下几行:
[2014/09/17 09:54:43.760688, 2] ../source3/smbd/reply.c:592(reply_special)
netbios connect: name1=SMB 0x20 name2=WORKSPACE 0x0
[2014/09/17 09:54:43.761081, 2] ../source3/smbd/reply.c:633(reply_special)
netbios connect: local=smb remote=WORKSPACE, name type = 0
设置如下(由 testparm 提供):
[global]
dos charset = CP850
unix charset = UTF-8
workgroup = DOMAIN
realm = DOMAIN.ORG
netbios name = SAMBA
netbios aliases =
netbios scope =
server string = SAMBA
interfaces =
bind interfaces only = No
server role = auto
security = ADS
auth methods =
encrypt passwords = Yes
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /private/smbpasswd
private dir = /private
passdb backend = tdbsam
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = No
ntlm auth = Yes
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
client use spnego principal = No
preload modules =
dedicated keytab file =
kerberos method = default
map untrusted to domain = No
log level = 2
syslog = 1
syslog only = No
log file = /var/log/samba/%m
max log size = 500
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = Yes
debug pid = No
debug uid = No
debug class = No
enable core files = Yes
smb ports = 445, 139
large readwrite = Yes
server max protocol = SMB3
server min protocol = LANMAN1
client max protocol = NT1
client min protocol = CORE
unicode = Yes
min receivefile size = 0
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
log writeable files on exit = No
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
max mux = 50
max xmit = 16644
name resolve order = lmhosts, wins, host, bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = required
server signing = required
client use spnego = Yes
client ldap sasl wrapping = plain
enable asu support = No
svcctl list =
cldap port = 0
dgram port = 0
nbt port = 0
krb5 port = 0
kpasswd port = 0
web port = 0
rpc big endian = No
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 30
max smbd processes = 0
max disk size = 0
max open files = 16384
socket options = TCP_NODELAY
use mmap = Yes
use ntdb = No
hostname lookups = No
name cache timeout = 660
ctdbd socket =
cluster addresses =
clustering = No
ctdb timeout = 0
ctdb locktime warn threshold = 0
smb2 max read = 1048576
smb2 max write = 1048576
smb2 max trans = 1048576
smb2 max credits = 8192
load printers = No
printcap cache time = 0
printcap name = /dev/null
cups server =
cups encrypt = No
cups connection timeout = 30
iprint server =
disable spoolss = No
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 256
stat cache = Yes
machine password timeout = 604800
add user script =
rename user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
username map script =
username map cache time = 0
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
init logon delayed hosts =
init logon delay = 100
os level = 20
lm announce = Auto
lm interval = 60
preferred master = No
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = No
wins hook =
lock spin time = 200
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl = start tls
ldap ssl ads = No
ldap deref = auto
ldap follow referral = Auto
ldap timeout = 15
ldap connection timeout = 2
ldap page size = 1024
ldap user suffix =
ldap debug level = 0
ldap debug threshold = 10
eventlog list =
add share command =
change share command =
delete share command =
preload =
lock directory = /var/lock
state directory = /var/locks
cache directory = /var/cache
pid directory = /var/run
ntp signd socket directory =
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
get quota command =
set quota command =
remote announce =
remote browse sync =
nbt client socket address = 0.0.0.0
nmbd bind explicit broadcast = Yes
homedir map = auto.home
afs username map =
afs token lifetime = 604800
log nt token command =
NIS homedir = No
registry shares = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/locks/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
async smb echo handler = No
panic action =
perfcount module =
host msdfs = Yes
passdb expand explicit = No
idmap backend = tdb
idmap cache time = 604800
idmap negative cache time = 120
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /sbin/nologin
winbind separator = \
winbind cache time = 300
winbind reconnect delay = 30
winbind max clients = 200
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = No
winbind nested groups = Yes
winbind expand groups = 1
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind rpc only = No
create krb5 conf = Yes
ncalrpc dir = /var/run/ncalrpc
winbind max domain connections = 1
winbindd socket directory =
winbindd privileged socket directory =
winbind sealed pipes = No
allow dns updates = disabled
dns forwarder =
dns update command =
nsupdate command =
rndc command =
multicast dns register = Yes
samba kcc command =
server services =
dcerpc endpoint servers =
spn update command =
share backend =
tls enabled = No
tls keyfile =
tls certfile =
tls cafile =
tls crlfile =
tls dh params file =
idmap config * : range = 600-20000
idmap config * : backend = tdb
comment =
path =
username =
invalid users =
valid users =
admin users =
read list =
write list =
force user =
force group =
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
acl allow execute always = No
create mask = 0744
force create mode = 00
directory mask = 0755
force directory mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
administrative share = No
guest ok = No
only user = No
hosts allow =
hosts deny =
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
aio write behind =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
smb encrypt = default
durable handles = Yes
block size = 1024
change notify = Yes
directory name cache size = 100
kernel change notify = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
print notify backchannel = Yes
print ok = No
printing = cups
cups options =
print command =
lpq command = %p
lprm command =
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = Yes
force printername = No
printjob username = %U
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = Yes
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = Yes
store dos attributes = No
dmapi support = No
browseable = Yes
access based share enum = No
blocking locks = Yes
csc policy = manual
fake oplocks = No
kernel oplocks = No
kernel share modes = Yes
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
dfree cache time = 0
dfree command =
copy =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
wide links = No
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
ntvfs handler =
[home]
comment = Home Directories
path = /home
read only = No
任何帮助表示感谢
答案1
事实证明,默认锁定目录 (/var/lock)(由编译时使用“ --PREFIX="" ”引起)被 samba 锁定机制填满。这是一个 5MB 的 tmpfs,而通常的锁定大小为 3MB 或更大。
我建议将默认目录更改为未使用的路径。例如:
lock directory = /var/samba