Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-3437: adbindd2 error when connecting to winbindd: Too many open files

12 April,16 at 11:13 AM

Applies to: All versions of Centrify-Enabled Samba on Solaris 10
 
Question:
 
Whenever a user tries to connect to a samba share on a Solaris 10 machine, the following adbindd error can be seen in /var/adm/message:
 
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 485328 auth.error] ERROR samba.adbindd2 error when connecting to winbindd with message: Too many open files 
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 362521 auth.error] ERROR samba.adbindd2 /tmp/.winbindd2/pipe: Cannot bind socket: Too many open files 
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 485328 auth.error] ERROR samba.adbindd2 error when connecting to winbindd with message: Too many open files 
 
What is the possible reason for this and how can these error messages be prevented?
 
Answer:
 
By default, processes in Solaris 10 are given a maximum file handle allocation of 256.
The following command can verify the maximum number of file handles allowed for adbindd
 
  prctl -n process.max-file-descriptor -i process `pgrep adbindd` 
 
E.g.
 
bash-3.00# prctl -n process.max-file-descriptor -i process `pgrep adbindd`
process: 8680: ./adbindd
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-file-descriptor
        basic             256       -   deny                              8680
        privileged      65.5K       -   deny                                 -
        system          2.15G     max   deny                                 -
 
The value for basic file is 256 by default in Solaris 10.
 
 
To check the number of files opened by adbindd, run the following command:
 
  pfiles -F `pgrep adbindd`
 
E.g.
 
bash-3.00# pfiles -F `pgrep adbindd`
8680:   ./adbindd
  Current rlimit: 256 file descriptors
   0: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
      O_RDWR
      /devices/pseudo/mm@0:null
   1: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
      O_RDWR
      /devices/pseudo/mm@0:null
   2: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
      O_RDWR
      /devices/pseudo/mm@0:null
   3: S_IFCHR mode:0000 dev:292,0 ino:21269 uid:0 gid:0 rdev:21,13309
      O_WRONLY FD_CLOEXEC
      /devices/pseudo/log@0:conslog
 
The error messages in question will appear in /var/adm/message if the number of file opened by adbindd reaches the fdlimit: 256.
 
 
If the Solaris 10 machine is a busy box which needs to handle lots of concurrent processes, the following command (as root) can be used to increase adbindd's maximum file allocations to 1024 in order to stop the error messages in question:
 
  prctl -n process.max-file-descriptor  -t basic -v  1024 -r -i process  `pgrep adbindd`
 
E.g. 
 
bash-3.00# prctl -n process.max-file-descriptor  -t basic -v  1024 -r -i process  `pgrep adbindd`
bash-3.00# prctl -n process.max-file-descriptor -i process `pgrep adbindd`
process: 8680: ./adbindd
NAME    PRIVILEGE       VALUE    FLAG   ACTION                       RECIPIENT
process.max-file-descriptor
        basic           1.02K       -   deny                              8680
        privileged      65.5K       -   deny                                 -
        system          2.15G     max   deny                                 -
 
 
However, the new value will be returned back to default value after restarting the adbindd service.
 
To keep the value unchanged after restarting the service, edit the startup script of centrifydc-samba so that whenever the service restarts, the script will run "prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`" to set the value. 
 
To edit the startup script, run the following command on the problem server:
 
  vi /etc/init.d/centrifydc-samba
 
Locate the following part inside the script and add the command into three places:
 
  prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
 
 
The three locations are as follows:
 
============== 
case "$CMD" in 
start) 
start_daemon nmbd 
start_daemon winbindd 
start_daemon adbindd 
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd` 
start_daemon smbd 
RETVAL=$? 
;; 
 
stop) 
stop_daemon smbd 
stop_daemon adbindd 
stop_daemon winbindd 
stop_daemon nmbd 
RETVAL=$? 
;; 
 
status) 
daemon_status nmbd 
daemon_status winbindd 
daemon_status adbindd 
daemon_status smbd 
RETVAL=$? 
;; 
 
restart|reload) 
stop_daemon smbd 
stop_daemon adbindd 
stop_daemon winbindd 
stop_daemon nmbd 
 
start_daemon nmbd 
start_daemon winbindd 
start_daemon adbindd 
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd` 
start_daemon smbd 
 
RETVAL=$? 
;; 
 
condrestart) 
cond_restart nmbd 
cond_restart winbindd 
cond_restart adbindd 
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd` 
cond_restart smbd 
;; 
 
*) 
============== 
 
The logic is, whenever start/restart/reload/condrestart centrifydc-samba (which in turn, adbindd) is run, the startup script runs that command to set the new max value. 
 
 
Note: The change in the startup script (/etc/init.d/centrifydc-samba) above may be lost when upgrading to new version

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-3925: How to add Centrify parameter to a group policy articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0)