Samba package 4.9.x samba smbd not playing with winbind.

L.P.H. van Belle belle at bazuin.nl
Mon Dec 3 14:13:22 UTC 2018 

Hai, 


> -----Oorspronkelijk bericht-----
> > In Alexander Bokovoy install example, its shows. 
> > idmap config * : backend = tdb
> > This is why it starts without problems for him. 
> 
> The problem is, he doesn't need to add it, it is one of the default settings.
Yes, i know, i've checked that here also, its the default also on debian/ubuntu systems, 
what is normal since its the "samba" default. 

Its a bug, yes 100% sure.   ( and i say, its related to samba-ad-dc/members and winbind ) 
But i cant find this in code, tried to, i gave up, its a maze to me. 

I've tested this ( see below) with my own package and original debian packages from buster.
apt-get install samba 
Works fine, no errors in the logs, looks all ok. 

apt-get install samba winbind
Works fine with my own packages, but only after my adjustment in smb.conf at install, where i've enabled the range in idmap * range line. 
But if you use the debian buster repo, and install samba and winbind it failes.

Samba wants to start winbind first, and now the idmap range lines are not enabled by default and te result is fail.. 

The screen output of : apt-get install samba winbind
.... The part we want to see....

Setting up samba-common-bin (2:4.9.2+dfsg-2) ...
Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_STANDALONE

Done
Setting up samba-dsdb-modules:amd64 (2:4.9.2+dfsg-2) ...
Setting up winbind (2:4.9.2+dfsg-2) ...
mkdir: created directory '/var/lib/samba/winbindd_privileged'
changed group of '/var/lib/samba/winbindd_privileged' from root to winbindd_priv
mode of '/var/lib/samba/winbindd_privileged' changed from 0755 (rwxr-xr-x) to 0750 (rwxr-x---)
Created symlink /etc/systemd/system/multi-user.target.wants/winbind.service ?ยจ /lib/systemd/system/winbind.service.
Setting up samba (2:4.9.2+dfsg-2) ...
Samba is not being run as an AD Domain Controller: Masking samba-ad-dc.service
Please ignore the following error about deb-systemd-helper not finding those services.
(samba-ad-dc.service masked)
Job for smbd.service failed because the control process exited with error code.
See "systemctl status smbd.service" and "journalctl -xe" for details.
invoke-rc.d: initscript smbd, action "start" failed.
?? smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Mon 2018-12-03 14:39:26 CET; 7ms ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
  Process: 21438 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=255)
 Main PID: 21438 (code=exited, status=255)

Dec 03 14:39:25 debian9test systemd[1]: Starting Samba SMB Daemon...
Dec 03 14:39:26 debian9test systemd[1]: smbd.service: Main process exited, code=exited, status=255/n/a
Dec 03 14:39:26 debian9test systemd[1]: Failed to start Samba SMB Daemon.
Dec 03 14:39:26 debian9test systemd[1]: smbd.service: Unit entered failed state.
Dec 03 14:39:26 debian9test systemd[1]: smbd.service: Failed with result 'exit-code'.
dpkg: error processing package samba (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for libc-bin (2.27-8) ...
Processing triggers for initramfs-tools (0.130) ...
Processing triggers for systemd (232-25+deb9u6) ...
Errors were encountered while processing:
 samba
E: Sub-process /usr/bin/dpkg returned an error code (1)


If you test as followed. 

First you install samba 
Everything works fine. 

Now install winbind, it looks fine, but now restart both services, or reboot the server. 
And it fails due to  the same problems as at install. 


> 
> > 
> > Should we enable the tdb backend by default these days, and if thats
> > the case, should this not be one of the new defaults in smb.conf? So
> > @Andreas Hasenack, the install you tried, can you add only 
> the line :
> > idmap config * : backend = tdb And rerun the install. 
> 
> Louis, have you tried a fresh install with your 4.9.3 packages ?
> you now, by default, get the two '*' domain lines
> 
Ow, yes, "my" packages work fine now. So not worried about this at all.
There are good 2 workarounds that work and (running) domain members or ad-dc servers are not effected. 

Affected: any new install as standalone where you install winbind also.

> 
> > 
> > 
> > >> is this maybe the relevant change? Using the presence of 
> a running
> > >> winbind to make this decision of where to allocate the BUILTIN
> > >> guests group, instead of settings smb.conf?
> 
> I think this may be a side affect of the changes made in 
> 4.8.0, where a
> domain member now requires a running winbind. Could it be, that on a
> standalone server, because 'Guest' isn't mapped by smbd (because it
> doesn't have the required settings), it tries to get this 
> info from the running winbind and fails because it isn't a domain member.
> 
> Rowland
> 

I totaly agree with Rowland, thats also what i think. 
He is just better in explaining it.  ;-) 


Greetz, 

Louis

More information about the samba-technical mailing list