Created attachment 11466 [details]
sernet-samba-suppress-connection-message patch

I have a samba 4 server node configured as Domain Controller and I have another samba 4 node configured as secondary DC. When the secondary DC node is taken offline the remaining DC continously logs the following messages:

Sep 29 23:27:55 mydc1 samba[4955]: [2015/09/29 23:27:55.623400,  0] ../source4/librpc/rpc/dcerpc_sock.c:63(continue_socket_connect)
Sep 29 23:27:55 mydc1 samba[4955]:   Failed to connect host xxx.xxx.xxx.xxx on port 135 - NT_STATUS_HOST_UNREACHABLE

and

Sep 30 20:33:31 mydc1 samba[4955]: [2015/09/30 20:33:31.610738,  0] ../source4/librpc/rpc/dcerpc_sock.c:240(continue_ip_open_socket)
Sep 30 20:33:31 mydc1 samba[4955]:   Failed to connect host xxx.xxx.xxx.xxx (df0289d6-aae5-4f26-b980-0ea0673527da._msdcs.mydomain.org) on port 135 - NT_STATUS_HOST_UNREACHABLE.

Since my secondary DC is a standby node usually left powered off, within a few hours the log file /var/log/messages increases to several megabytes sizes requiring continous trimming. When the secondary DC is powered on and booted, communications resume, the ldaps are synchronized automatically, operations resume normally and the messages no longer appear. The messages resume when the secondary node is shutdown and powered off.

To avoid filling up log files with these repeated (and not so useful) alerts it would be preferable to have an option to suppress the messages or to have them suppressed by default and activated if/when necessary.

I found the issue in the following code (lines marked with =====>), in:

source4/librpc/rpc/dcerpc_sock.c

static void continue_socket_connect(struct composite_context *ctx)
{
    struct dcecli_connection *conn;
    struct composite_context *c = talloc_get_type_abort(
        ctx->async.private_data, struct composite_context);
    struct pipe_open_socket_state *s = talloc_get_type_abort(
        c->private_data, struct pipe_open_socket_state);
    int rc;
    int sock_fd;

    /* make it easier to write a function calls */
    conn = s->conn;

    c->status = socket_connect_recv(ctx);
    if (!NT_STATUS_IS_OK(c->status)) {
====>   DEBUG(0, ("Failed to connect host %s on port %d - %s\n",
              s->server->addr, s->server->port,
              nt_errstr(c->status)));
        composite_error(c, c->status);
        return;
    }


[...]
static void continue_ip_open_socket(struct composite_context *ctx)
{
    struct composite_context *c = talloc_get_type_abort(
        ctx->async.private_data, struct composite_context);
    struct pipe_tcp_state *s = talloc_get_type_abort(
        c->private_data, struct pipe_tcp_state);
    struct socket_address *localaddr = NULL;

    /* receive result socket open request */
    c->status = dcerpc_pipe_open_socket_recv(ctx, s, &localaddr);
    if (!NT_STATUS_IS_OK(c->status)) {
        /* something went wrong... */
=====>   DEBUG(0, ("Failed to connect host %s (%s) on port %d - %s.\n",
              s->addresses[s->index - 1], s->target_hostname,
              s->port, nt_errstr(c->status)));


If the DEBUG level is changed from 0 to 1 for example, the messages are suppressed unless debug level 1 is activated, which provide the desirable result.

This represents a simple modification that suppresses the above messages by default. Should it be more desirable to have to suppress the messages only by choice then we should introduce a new switch with the relative handling case in the code (this would be a more time consuming modification).

I hereby provide an attachment with a patch file that changes the DEBUG level from 0 to 1 for these messages only.

The patch is against samba-4.2.4

I would like to see this patch included in future releases to provide a better administration experience.

Thank you in advance.
Mauro M.