enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #10979
[Bug 2121024] [NEW] Memory leak in Samba when DRS replication fails
Public bug reported:
While running Samba as an Active Directory Domain Controller, I observed
a memory leak occurring in scenarios where DRS replication fails.
The timeline was as follows: while experimenting with the environment,
the setup entered an inconsistent state and replication between the two
DCs broke (at times they could not see each other, a split-brain
situation). After the replication failure, the memory leak started to
appear only on dc-01, in dc-02 we do not observe replication issues.
Although the environment manipulations may have contributed to the
replication failure, the main focus of this report is the memory leak
itself: once replication fails, Samba continues to consume memory until
the system triggers the OOM killer.
[Steps to Reproduce]
The issue is not consistently reproducible. It appears during
replication failures between DCs.
[Expected Result]
Samba should properly handle replication errors without leaking memory.
[Actual Result]
When replication fails, memory usage grows without limit, eventually
leading to an OOM kill of the Samba process.
[Fix / Workarround]
The replication problem seems to be fixed by performing a dead peer
removal of dc-02, rejoining dc-02 and restarting samba-ad-dc in both
servers dc-01 & dc-02
[Testing Environment]
Package: samba
Pakcage Version: 4.19.5+dfsg-4ubuntu9
Kernel: 6.8.0-45-generic
Distribution: Ubuntu 24.04.1 LTS
Architecture: x64
[Replication logs]
root@dc-01:~# samba-tool drs showrepl
Default-First-Site-Name\dc-01
DSA Options: 0x00000001
DSA object GUID: 9eb744bc-f286-4a8e-9b64-fcdf07c762ae
DSA invocationId: 65e0fac6-b1ce-4c3e-9afa-aed4224f7976
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2277 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:38 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=DomainDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:39 2025 CEST
DC=ForestDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2278 consecutive failure(s).
Last success @ Tue Aug 12 11:54:39 2025 CEST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
48 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
48 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: d7e0aa05-1611-4ec0-b20f-3fa343530fb3
Enabled : TRUE
Server DNS name : dc-02.testdomain.lan
Server DN name : CN=NTDS Settings,CN=dc-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[Samba logs]
/var/log/samba/log.samba
[2025/08/20 09:25:07.842720, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.547272, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.620812, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[Syslog OOM-kill excerption]
2025-08-19T17:17:03.147620+02:00 dc-01 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/samba-ad-dc.service,task=drepl[master],pid=1205252,uid=0
2025-08-19T17:17:03.147623+02:00 dc-01 kernel: Out of memory: Killed process 1205252 (drepl[master]) total-vm:3845896kB, anon-rss:3422528kB, file-rss:2452kB, shmem-rss:0kB, UID:0 pgtables:7484kB oom_score_adj:0
2025-08-19T17:17:03.579770+02:00 dc-01 systemd[1]: samba-ad-dc.service: Failed with result 'oom-kill'.
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- Memory leak dcerpc_util.c
+ Memory leak in Samba when DRS replication fails
** Description changed:
- Description:
- While running Samba as an Active Directory Domain Controller, I have observed a memory leak occurring in scenarios where DRS replication fails.
+ While running Samba as an Active Directory Domain Controller, I have
+ observed a memory leak occurring in scenarios where DRS replication
+ fails.
Unfortunately, I have not been able to reproduce the issue
deterministically, but when the failure occurs, the Samba process
continues to consume memory until the system triggers the OOM killer.
[Steps to Reproduce]
The issue is not consistently reproducible. It appears during
replication failures between DCs.
[Expected Result]
Samba should properly handle replication errors without leaking memory.
[Actual Result]
When replication fails, memory usage grows without limit, eventually
leading to an OOM kill of the Samba process.
[Fix / Workarround]
The replication problem seems to be fixed by performing a dead peer
removal of dc-02, rejoining dc-02 and restarting samba-ad-dc in both
servers dc-01 & dc-02
[Testing Environment]
Package: samba
Pakcage Version: 4.19.5+dfsg-4ubuntu9
Kernel: 6.8.0-45-generic
Distribution: Ubuntu 24.04.1 LTS
Architecture: x64
[Replication logs]
root@dc-01:~# samba-tool drs showrepl
Default-First-Site-Name\dc-01
DSA Options: 0x00000001
DSA object GUID: 9eb744bc-f286-4a8e-9b64-fcdf07c762ae
DSA invocationId: 65e0fac6-b1ce-4c3e-9afa-aed4224f7976
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 2276 consecutive failure(s).
- Last success @ Tue Aug 12 11:54:40 2025 CEST
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 2276 consecutive failure(s).
+ Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 2277 consecutive failure(s).
- Last success @ Tue Aug 12 11:54:40 2025 CEST
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 2277 consecutive failure(s).
+ Last success @ Tue Aug 12 11:54:40 2025 CEST
CN=Configuration,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:17:38 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 2276 consecutive failure(s).
- Last success @ Tue Aug 12 11:54:40 2025 CEST
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:17:38 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 2276 consecutive failure(s).
+ Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=DomainDnsZones,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 2276 consecutive failure(s).
- Last success @ Tue Aug 12 11:54:39 2025 CEST
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 2276 consecutive failure(s).
+ Last success @ Tue Aug 12 11:54:39 2025 CEST
DC=ForestDnsZones,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 2278 consecutive failure(s).
- Last success @ Tue Aug 12 11:54:39 2025 CEST
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 2278 consecutive failure(s).
+ Last success @ Tue Aug 12 11:54:39 2025 CEST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 49 consecutive failure(s).
- Last success @ NTTIME(0)
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 49 consecutive failure(s).
+ Last success @ NTTIME(0)
DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 49 consecutive failure(s).
- Last success @ NTTIME(0)
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 49 consecutive failure(s).
+ Last success @ NTTIME(0)
CN=Configuration,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 49 consecutive failure(s).
- Last success @ NTTIME(0)
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 49 consecutive failure(s).
+ Last success @ NTTIME(0)
DC=DomainDnsZones,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 48 consecutive failure(s).
- Last success @ NTTIME(0)
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 48 consecutive failure(s).
+ Last success @ NTTIME(0)
DC=ForestDnsZones,DC=testdomain,DC=lan
- Default-First-Site-Name\dc-02 via RPC
- DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
- Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
- 48 consecutive failure(s).
- Last success @ NTTIME(0)
+ Default-First-Site-Name\dc-02 via RPC
+ DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
+ Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
+ 48 consecutive failure(s).
+ Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
- Connection name: d7e0aa05-1611-4ec0-b20f-3fa343530fb3
- Enabled : TRUE
- Server DNS name : dc-02.testdomain.lan
- Server DN name : CN=NTDS Settings,CN=dc-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=lan
- TransportType: RPC
- options: 0x00000001
+ Connection name: d7e0aa05-1611-4ec0-b20f-3fa343530fb3
+ Enabled : TRUE
+ Server DNS name : dc-02.testdomain.lan
+ Server DN name : CN=NTDS Settings,CN=dc-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=lan
+ TransportType: RPC
+ options: 0x00000001
Warning: No NC replicated for Connection!
-
-
[Samba logs]
/var/log/samba/log.samba
[2025/08/20 09:25:07.842720, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
- Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
+ Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.547272, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
- Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
+ Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.620812, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
- Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
-
+ Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[Syslog OOM-kill excerption]
2025-08-19T17:17:03.147620+02:00 dc-01 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/samba-ad-dc.service,task=drepl[master],pid=1205252,uid=0
2025-08-19T17:17:03.147623+02:00 dc-01 kernel: Out of memory: Killed process 1205252 (drepl[master]) total-vm:3845896kB, anon-rss:3422528kB, file-rss:2452kB, shmem-rss:0kB, UID:0 pgtables:7484kB oom_score_adj:0
2025-08-19T17:17:03.579770+02:00 dc-01 systemd[1]: samba-ad-dc.service: Failed with result 'oom-kill'.
** Description changed:
While running Samba as an Active Directory Domain Controller, I have
observed a memory leak occurring in scenarios where DRS replication
fails.
+
+ During troubleshooting, the environment was modified several times, and
+ at some points the two DCs were not seeing each other correctly (split-
+ brain situation). However, that behavior is not the focus of this
+ report. The main issue here is the memory leak that occurs when
+ replication fails.
Unfortunately, I have not been able to reproduce the issue
deterministically, but when the failure occurs, the Samba process
continues to consume memory until the system triggers the OOM killer.
[Steps to Reproduce]
The issue is not consistently reproducible. It appears during
replication failures between DCs.
[Expected Result]
Samba should properly handle replication errors without leaking memory.
[Actual Result]
When replication fails, memory usage grows without limit, eventually
leading to an OOM kill of the Samba process.
[Fix / Workarround]
The replication problem seems to be fixed by performing a dead peer
removal of dc-02, rejoining dc-02 and restarting samba-ad-dc in both
servers dc-01 & dc-02
[Testing Environment]
Package: samba
Pakcage Version: 4.19.5+dfsg-4ubuntu9
Kernel: 6.8.0-45-generic
Distribution: Ubuntu 24.04.1 LTS
Architecture: x64
[Replication logs]
root@dc-01:~# samba-tool drs showrepl
Default-First-Site-Name\dc-01
DSA Options: 0x00000001
DSA object GUID: 9eb744bc-f286-4a8e-9b64-fcdf07c762ae
DSA invocationId: 65e0fac6-b1ce-4c3e-9afa-aed4224f7976
==== INBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2277 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:38 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:40 2025 CEST
DC=DomainDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2276 consecutive failure(s).
Last success @ Tue Aug 12 11:54:39 2025 CEST
DC=ForestDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:17:37 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
2278 consecutive failure(s).
Last success @ Tue Aug 12 11:54:39 2025 CEST
==== OUTBOUND NEIGHBORS ====
CN=Schema,CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
49 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
48 consecutive failure(s).
Last success @ NTTIME(0)
DC=ForestDnsZones,DC=testdomain,DC=lan
Default-First-Site-Name\dc-02 via RPC
DSA object GUID: d85f3acf-37be-4d12-a68f-963a6a1536fd
Last attempt @ Wed Aug 20 09:21:17 2025 CEST failed, result 31 (WERR_GEN_FAILURE)
48 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: d7e0aa05-1611-4ec0-b20f-3fa343530fb3
Enabled : TRUE
Server DNS name : dc-02.testdomain.lan
Server DN name : CN=NTDS Settings,CN=dc-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testdomain,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[Samba logs]
/var/log/samba/log.samba
[2025/08/20 09:25:07.842720, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.547272, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[2025/08/20 09:25:12.620812, 0] source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:172.26.220.25[49153,seal,krb5,target_hostname=d85f3acf-37be-4d12-a68f-963a6a1536fd._msdcs.testdomain.lan,target_principal=GC/dc-02.testdomain.lan/testdomain.lan,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=172.26.220.25] NT_STATUS_UNSUCCESSFUL
[Syslog OOM-kill excerption]
2025-08-19T17:17:03.147620+02:00 dc-01 kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/samba-ad-dc.service,task=drepl[master],pid=1205252,uid=0
2025-08-19T17:17:03.147623+02:00 dc-01 kernel: Out of memory: Killed process 1205252 (drepl[master]) total-vm:3845896kB, anon-rss:3422528kB, file-rss:2452kB, shmem-rss:0kB, UID:0 pgtables:7484kB oom_score_adj:0
2025-08-19T17:17:03.579770+02:00 dc-01 systemd[1]: samba-ad-dc.service: Failed with result 'oom-kill'.
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to samba in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/2121024
Title:
Memory leak in Samba when DRS replication fails
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2121024/+subscriptions
