[4.3.11-Ubuntu] SMBD keeps Locks on NTUSER.DAT and ntuser.ini after logout

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[4.3.11-Ubuntu] SMBD keeps Locks on NTUSER.DAT and ntuser.ini after logout

rawi
After having migrated my machines and user to Samba 4.3.11 on Ubuntu 16.04.1 (no domain upgrade, new provision, all accounts new defined) and old data copied over to the new machines, I have now a broader testbed and notice issues I didn't see prior to that.

Having roaming profiles (defined in the user object in LDB)...

Seemingly at random smbd keeps locks on NTUSER.DAT and ntuser.ini for a random time (from minutes to over 2 hours).
In this time it is not possible for the user affected to login any more (from any machine).
Error is: "The User Profile Service failed the sign-in"
The only solution is to call me and I kill then the process on the server.

Sure, this is not a prospect with pleasant ending.

On the (member) file server I see:

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14398        9009       DENY_NONE  0x100081    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w81   .   Wed Jan 25 16:49:28 2017
14398        9009       DENY_NONE  0x1000a0    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/institute   .   Wed Jan 25 09:46:33 2017
14398        9009       DENY_NONE  0x120089    RDONLY     EXCLUSIVE+BATCH  /mnt/SRVDATA_crypt/samba/home/user_w81   winprofile.V2/ntuser.ini   Wed Jan 25 17:31:08 2017
14398        9009       DENY_WRITE 0x12019f    RDWR       EXCLUSIVE+BATCH  /mnt/SRVDATA_crypt/samba/home/user_w81   winprofile.V2/NTUSER.DAT   Wed Jan 25 17:31:08 2017

The Clients are mostly Windows 8.1 (they connect with SMB3_02),
a couple of Windows 7 (they connect with SMB2_10)
a couple of Windows XP (they connect with NT1)
and my linux cifs mount (NT1)

I have the gut feeling, that SMB3_02 is mostly affected (but that's also the majority of my machines) and it comes more often, if the user does a shutdown than simply a logout (difficult to say, I'd need more observations).

I saw today also a Windows 7 for about 15 minutes after shutdown keeping ntuser.ini open, but without Locked files. The user could login from another machine without problems

9979         9031       DENY_NONE  0x100081    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w7   .   Wed Jan 25 20:25:04 2017
9979         9031       DENY_NONE  0x120089    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w7   winprofile.V2/ntuser.ini   Thu Jan 26 11:00:17 2017

I have
fake oplocks = No
kernel oplocks = No
level2 oplocks = Yes
oplocks = Yes
reset on zero vc = Yes. (This doesn't help. Making a login with another user on the same machine didn't break the former Lock)

The same user won't be always affected.

At the moment I think to try desperately either
- to restrict the client max protocol to lower (NT1?), or
- to set veto oplock files = /NTUSER.DAT/ntuser.ini for the Homes share

... unless someone of you knows the problem and has a probed solution.

Please, what do you think about this?

Thanks

rawi
Reply | Threaded
Open this post in threaded view
|

Re: [4.3.11-Ubuntu] SMBD keeps Locks on NTUSER.DAT and ntuser.ini after logout

rawi
rawi wrote
After having migrated my machines and user to Samba 4.3.11 on Ubuntu 16.04.1 (no domain upgrade, new provision, all accounts new defined) and old data copied over to the new machines, I have now a broader testbed and notice issues I didn't see prior to that.

Having roaming profiles (defined in the user object in LDB)...

Seemingly at random smbd keeps locks on NTUSER.DAT and ntuser.ini for a random time (from minutes to over 2 hours).
In this time it is not possible for the user affected to login any more (from any machine).
Error is: "The User Profile Service failed the sign-in"
The only solution is to call me and I kill then the process on the server.

Sure, this is not a prospect with pleasant ending.

On the (member) file server I see:

Locked files:
Pid          Uid        DenyMode   Access      R/W        Oplock           SharePath   Name   Time
--------------------------------------------------------------------------------------------------
14398        9009       DENY_NONE  0x100081    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w81   .   Wed Jan 25 16:49:28 2017
14398        9009       DENY_NONE  0x1000a0    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/institute   .   Wed Jan 25 09:46:33 2017
14398        9009       DENY_NONE  0x120089    RDONLY     EXCLUSIVE+BATCH  /mnt/SRVDATA_crypt/samba/home/user_w81   winprofile.V2/ntuser.ini   Wed Jan 25 17:31:08 2017
14398        9009       DENY_WRITE 0x12019f    RDWR       EXCLUSIVE+BATCH  /mnt/SRVDATA_crypt/samba/home/user_w81   winprofile.V2/NTUSER.DAT   Wed Jan 25 17:31:08 2017

The Clients are mostly Windows 8.1 (they connect with SMB3_02),
a couple of Windows 7 (they connect with SMB2_10)
a couple of Windows XP (they connect with NT1)
and my linux cifs mount (NT1)

I have the gut feeling, that SMB3_02 is mostly affected (but that's also the majority of my machines) and it comes more often, if the user does a shutdown than simply a logout (difficult to say, I'd need more observations).

I saw today also a Windows 7 for about 15 minutes after shutdown keeping ntuser.ini open, but without Locked files. The user could login from another machine without problems

9979         9031       DENY_NONE  0x100081    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w7   .   Wed Jan 25 20:25:04 2017
9979         9031       DENY_NONE  0x120089    RDONLY     NONE             /mnt/SRVDATA_crypt/samba/home/user_w7   winprofile.V2/ntuser.ini   Thu Jan 26 11:00:17 2017

I have
fake oplocks = No
kernel oplocks = No
level2 oplocks = Yes
oplocks = Yes
reset on zero vc = Yes. (This doesn't help. Making a login with another user on the same machine didn't break the former Lock)

The same user won't be always affected.

At the moment I think to try desperately either
- to restrict the client max protocol to lower (NT1?), or
- to set veto oplock files = /NTUSER.DAT/ntuser.ini for the Homes share

... unless someone of you knows the problem and has a probed solution.

Please, what do you think about this?

Thanks

rawi
Hi everybody,

I'm bumping this issue, because I have new insights in the matter, but still no elegant solution.

1.
NTUSER.DAT stays locked ONLY WHEN THE USER IS DOING A SHUTDOWN.
The Windows 7 and 8.1 machines (using SMB2 and SMB3 protocols) are going off before the logout process is completed.
If the user makes ONLY A LOGOFF, it takes about 20-30 seconds until his smbd disappears from the list (smbstatus -b), without leaving locked files.

This never happened in the old NT domain.
Still now with AD, it is no problem if I directly shutdown a WindowsXP (connected with NT1 protocol)

2.
Setting...
- client max protocol = NT1 (on the member file server) and
- kill -HUP <PARENT-SMBD>
... won't be honored.

The Windows 8.1 machines will still connect with SMB3. How to let them connect with NT1 (even only for a test)?

Any thoughts further?

Thanks!

Regards

rawi