Re: [Samba] TDB Corruption.

Thu, 08 Jan 2009 07:20:34 -0800 

Michael Adam wrote:

Linux Addict wrote:
Hello, I have relatively a large setup where RHEL 4 authenticating MS W2K3 R2. Every often a host may not be able to authenticate due tdb corruption and we had to rm the *.tdb and files and restart the winbind which would create fresh tdb files. I guess Redhat acknowledged the issue here. http://kbase.redhat.com/faq/docs/DOC-4842 My question is, is this something caused by samba itself or the underlying OS. If samba, are we tracking this? I know I can use LDAP backend, but I am using RID to eliminate layer of admin work by not entering UIDs for each user. 
Any hint is appreciated.


How do you tell it is tdb corruption?
Are all tdbs corrputed or just some?
(Or why do you erase all of the tdb files?...)

  

The user may not be able to login or get a message like "No Such UID". 
Once tdb(all) files are cleared, then it will start working.



TDB corruption has been seen on various versions of the reiser
file system due to broken implementations of memory mapping.
If your tdb files do reside on a reiser partition you might

  1. move them to some other partition (ext3, xfs, ...) or

  


We use ext3

  2. set "use mmap = no" in the [global] section of smb.conf,
     trading speed for reliability.

  


I am going to try this.

Generally, it is a good idea to run "tdbbackup" regularly on the
important tdb files (secrets.tdb, passdb.tdb, winbindd_idmap.tdb, ...)

Then you can simply restore your backup with "tdbbackup -v" if
corruption occurs. Also for doing file system backups, these
tdbbackup files are useful.

  

Currently we delete the tdb files and restart the winbind to create new 
ones. Is it not the same as restoring from backup?


My smb.conf file below. Let me know if its not optimal.

[global]
       workgroup = DOMAIN-A
       realm = DOMAIN-A.COM
       server string = RHEL 4 x86_64
       security = ADS
       obey pam restrictions = Yes
       client NTLMv2 auth = Yes
       log level = 5
       log file = /var/log/winbind
       local master = No
       dns proxy = No
       panic action = /usr/share/samba/panic-action %d
       idmap domains = default, DOMAIN-A, DOMAIN-B
       idmap alloc backend = tdb
       idmap uid = 10000 - 99999
       idmap gid = 10000 - 99999
       template shell = /bin/bash
       winbind separator = +
       winbind enum users = Yes
       winbind enum groups = Yes
       winbind use default domain = Yes
       winbind expand groups = 10
       winbind refresh tickets = Yes
       winbind offline logon = Yes
       idmap config DOMAIN-B:range = 10000 - 99999
       idmap config DOMAIN-B:backend = rid
       idmap config DOMAIN-A:range = 100000 - 199999
       idmap config DOMAIN-A:backend = rid
       idmap config default:default = Yes
       invalid users = root

Cheers - Michael


  




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba






















					Reply via email to