Hi All,
Let me start by saying i am fairly new to FreeNAS. The issue we are having is that we are serving SMB shares from FreeNAS 11.3-U3.1 to Windows 10 Pro computers. We have the drives mapped to the Windows servers as mapped drives through an AD policy. The issue we are having is after 24 hours the mapped drives show as disconnect and disappear from the windows servers. In order to have the drives show again on the windows computers i restart Samba from the GUI in FreeNAS.
Any ideas ?
With the help of another sysadmin we created a debug cron job for Samba and it seems that winbindd is having issues after 24 hours. Here is a little from our debug logs (changing some info for posting):
Thu Jun 11 19:57:41 PDT 2020
+ echo ---------------------------------------
---------------------------------------
+ wbinfo -u
(this shows all users)
+ wbinfo -g
(this shows all groups)
+ wbinfo -t
checking the trust secret for domain domain.com via RPC calls succeeded
+ wbinfo -P
checking the NETLOGON for domain[domain.com] dc connection to "ads2.domain.com" succeeded
+ net ads info
LDAP server: 10.30.*.*
LDAP server name: ads2.domain.com
Realm: domain.com
Bind Path: dc=domain,dc=com
LDAP port: 389
Server time: Thu, 11 Jun 2020 19:57:42 PDT
KDC server: 10.30.*.*
Server time offset: 0
Last machine account password change: Mon, 08 Jun 2020 22:45:53 PDT
+ net ads testjoin
Join is OK
+ klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: ST1$@domain.com
Issued Expires Principal
Jun 11 10:30:00 2020 Jun 11 20:30:00 2020 krbtgt/domain.com@domain.com
+ wbinfo -i 'domain\random.person'
failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for user domain\random.person
+ id random.person
id: random.person: no such user
+ id 10090
id: 10090: no such user
+ tail -30 /var/log/samba4/log.wb-domain
[2020/06/11 17:00:01.489011, 1] ../../source3/libads/ldap_utils.c:111(ads_do_search_retry_internal)
ads_search_retry: failed to reconnect (No logon servers are currently available to service the logon request.)
[2020/06/11 17:00:01.489079, 1] ../../source3/winbindd/winbindd_ads.c:342(query_user_list)
query_user_list ads_search: No logon servers are currently available to service the logon request.
[2020/06/11 17:45:42.789145, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\root returned NT_STATUS_NO_SUCH_USER (PAM: 13)
[2020/06/11 17:46:12.734175, 1] ../../source3/libads/authdata.c:177(kerberos_return_pac)
kinit failed for 'random.person@domain.com' with: Preauthentication failed (-1765328360)
[2020/06/11 17:46:12.734304, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\random.person returned NT_STATUS_LOGON_FAILURE (PAM: 9)
[2020/06/11 17:46:21.107451, 1] ../../source3/libads/authdata.c:177(kerberos_return_pac)
kinit failed for 'random.person@domain.com' with: Preauthentication failed (-1765328360)
[2020/06/11 17:46:21.107579, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\random.person returned NT_STATUS_LOGON_FAILURE (PAM: 9)
[2020/06/11 17:46:26.668116, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\root returned NT_STATUS_NO_SUCH_USER (PAM: 13)
[2020/06/11 19:57:41.375897, 1] ../../source3/libads/ldap_utils.c:93(ads_do_search_retry_internal)
Reducing LDAP page size from 1000 to 500 due to IO_TIMEOUT
[2020/06/11 19:57:41.378166, 1] ../../source3/libads/ldap_utils.c:111(ads_do_search_retry_internal)
ads_search_retry: failed to reconnect (No logon servers are currently available to service the logon request.)
[2020/06/11 19:58:43.550344, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
[2020/06/11 19:58:43.550361, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
[2020/06/11 19:58:43.550349, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
Got sig[15] terminate (is_parent=0)
Got sig[15] terminate (is_parent=0)
Let me start by saying i am fairly new to FreeNAS. The issue we are having is that we are serving SMB shares from FreeNAS 11.3-U3.1 to Windows 10 Pro computers. We have the drives mapped to the Windows servers as mapped drives through an AD policy. The issue we are having is after 24 hours the mapped drives show as disconnect and disappear from the windows servers. In order to have the drives show again on the windows computers i restart Samba from the GUI in FreeNAS.
Any ideas ?
With the help of another sysadmin we created a debug cron job for Samba and it seems that winbindd is having issues after 24 hours. Here is a little from our debug logs (changing some info for posting):
Thu Jun 11 19:57:41 PDT 2020
+ echo ---------------------------------------
---------------------------------------
+ wbinfo -u
(this shows all users)
+ wbinfo -g
(this shows all groups)
+ wbinfo -t
checking the trust secret for domain domain.com via RPC calls succeeded
+ wbinfo -P
checking the NETLOGON for domain[domain.com] dc connection to "ads2.domain.com" succeeded
+ net ads info
LDAP server: 10.30.*.*
LDAP server name: ads2.domain.com
Realm: domain.com
Bind Path: dc=domain,dc=com
LDAP port: 389
Server time: Thu, 11 Jun 2020 19:57:42 PDT
KDC server: 10.30.*.*
Server time offset: 0
Last machine account password change: Mon, 08 Jun 2020 22:45:53 PDT
+ net ads testjoin
Join is OK
+ klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: ST1$@domain.com
Issued Expires Principal
Jun 11 10:30:00 2020 Jun 11 20:30:00 2020 krbtgt/domain.com@domain.com
+ wbinfo -i 'domain\random.person'
failed to call wbcGetpwnam: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get info for user domain\random.person
+ id random.person
id: random.person: no such user
+ id 10090
id: 10090: no such user
+ tail -30 /var/log/samba4/log.wb-domain
[2020/06/11 17:00:01.489011, 1] ../../source3/libads/ldap_utils.c:111(ads_do_search_retry_internal)
ads_search_retry: failed to reconnect (No logon servers are currently available to service the logon request.)
[2020/06/11 17:00:01.489079, 1] ../../source3/winbindd/winbindd_ads.c:342(query_user_list)
query_user_list ads_search: No logon servers are currently available to service the logon request.
[2020/06/11 17:45:42.789145, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\root returned NT_STATUS_NO_SUCH_USER (PAM: 13)
[2020/06/11 17:46:12.734175, 1] ../../source3/libads/authdata.c:177(kerberos_return_pac)
kinit failed for 'random.person@domain.com' with: Preauthentication failed (-1765328360)
[2020/06/11 17:46:12.734304, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\random.person returned NT_STATUS_LOGON_FAILURE (PAM: 9)
[2020/06/11 17:46:21.107451, 1] ../../source3/libads/authdata.c:177(kerberos_return_pac)
kinit failed for 'random.person@domain.com' with: Preauthentication failed (-1765328360)
[2020/06/11 17:46:21.107579, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\random.person returned NT_STATUS_LOGON_FAILURE (PAM: 9)
[2020/06/11 17:46:26.668116, 2] ../../source3/winbindd/winbindd_pam.c:2246(winbindd_dual_pam_auth)
Plain-text authentication for user domain\root returned NT_STATUS_NO_SUCH_USER (PAM: 13)
[2020/06/11 19:57:41.375897, 1] ../../source3/libads/ldap_utils.c:93(ads_do_search_retry_internal)
Reducing LDAP page size from 1000 to 500 due to IO_TIMEOUT
[2020/06/11 19:57:41.378166, 1] ../../source3/libads/ldap_utils.c:111(ads_do_search_retry_internal)
ads_search_retry: failed to reconnect (No logon servers are currently available to service the logon request.)
[2020/06/11 19:58:43.550344, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
[2020/06/11 19:58:43.550361, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
[2020/06/11 19:58:43.550349, 0] ../../source3/winbindd/winbindd.c:243(winbindd_sig_term_handler)
Got sig[15] terminate (is_parent=0)
Got sig[15] terminate (is_parent=0)
Got sig[15] terminate (is_parent=0)