Applies to: All versions of Centrify-Enabled Samba on Solaris 10
Question:
Whenever a user tries to connect to a samba share on a Solaris 10 machine, the following adbindd error can be seen in /var/adm/message:
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 485328 auth.error] ERROR samba.adbindd2 error when connecting to winbindd with message: Too many open files
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 362521 auth.error] ERROR samba.adbindd2 /tmp/.winbindd2/pipe: Cannot bind socket: Too many open files
Jun 19 10:22:30 sins231023 adbindd[11442]: [ID 485328 auth.error] ERROR samba.adbindd2 error when connecting to winbindd with message: Too many open files
What is the possible reason for this and how can these error messages be prevented?
Answer:
By default, processes in Solaris 10 are given a maximum file handle allocation of 256.
The following command can verify the maximum number of file handles allowed for adbindd:
prctl -n process.max-file-descriptor -i process `pgrep adbindd`
E.g.
bash-3.00# prctl -n process.max-file-descriptor -i process `pgrep adbindd`
process: 8680: ./adbindd
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
process.max-file-descriptor
basic 256 - deny 8680
privileged 65.5K - deny -
system 2.15G max deny -
The value for basic file is 256 by default in Solaris 10.
To check the number of files opened by adbindd, run the following command:
pfiles -F `pgrep adbindd`
E.g.
bash-3.00# pfiles -F `pgrep adbindd`
8680: ./adbindd
Current rlimit: 256 file descriptors
0: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_RDWR
/devices/pseudo/mm@0:null
1: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_RDWR
/devices/pseudo/mm@0:null
2: S_IFCHR mode:0666 dev:292,0 ino:6815752 uid:0 gid:3 rdev:13,2
O_RDWR
/devices/pseudo/mm@0:null
3: S_IFCHR mode:0000 dev:292,0 ino:21269 uid:0 gid:0 rdev:21,13309
O_WRONLY FD_CLOEXEC
/devices/pseudo/log@0:conslog
The error messages in question will appear in /var/adm/message if the number of file opened by adbindd reaches the fdlimit: 256.
If the Solaris 10 machine is a busy box which needs to handle lots of concurrent processes, the following command (as root) can be used to increase adbindd's maximum file allocations to 1024 in order to stop the error messages in question:
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
E.g.
bash-3.00# prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
bash-3.00# prctl -n process.max-file-descriptor -i process `pgrep adbindd`
process: 8680: ./adbindd
NAME PRIVILEGE VALUE FLAG ACTION RECIPIENT
process.max-file-descriptor
basic 1.02K - deny 8680
privileged 65.5K - deny -
system 2.15G max deny -
However, the new value will be returned back to default value after restarting the adbindd service.
To keep the value unchanged after restarting the service, edit the startup script of centrifydc-samba so that whenever the service restarts, the script will run "prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`" to set the value.
To edit the startup script, run the following command on the problem server:
vi /etc/init.d/centrifydc-samba
Locate the following part inside the script and add the command into three places:
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
The three locations are as follows:
==============
case "$CMD" in
start)
start_daemon nmbd
start_daemon winbindd
start_daemon adbindd
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
start_daemon smbd
RETVAL=$?
;;
stop)
stop_daemon smbd
stop_daemon adbindd
stop_daemon winbindd
stop_daemon nmbd
RETVAL=$?
;;
status)
daemon_status nmbd
daemon_status winbindd
daemon_status adbindd
daemon_status smbd
RETVAL=$?
;;
restart|reload)
stop_daemon smbd
stop_daemon adbindd
stop_daemon winbindd
stop_daemon nmbd
start_daemon nmbd
start_daemon winbindd
start_daemon adbindd
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
start_daemon smbd
RETVAL=$?
;;
condrestart)
cond_restart nmbd
cond_restart winbindd
cond_restart adbindd
prctl -n process.max-file-descriptor -t basic -v 1024 -r -i process `pgrep adbindd`
cond_restart smbd
;;
*)
==============
The logic is, whenever start/restart/reload/condrestart centrifydc-samba (which in turn, adbindd) is run, the startup script runs that command to set the new max value.
Note: The change in the startup script (/etc/init.d/centrifydc-samba) above may be lost when upgrading to new version
KB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role?