[Samba] winbindd not starting cleanly when Centos 7 boots

Rowland Penny rowlandpenny241155 at gmail.com
Fri Sep 11 17:58:53 UTC 2015 

On 11/09/15 18:21, Jim Long wrote:
> On Fri, Sep 11, 2015 at 07:43:40AM +0100, Rowland Penny wrote:
>> On 10/09/15 23:31, Jim Long wrote:
>>> On Fri, Sep 11, 2015 at 09:34:57AM +1200, Brady, Mike wrote:
>>>> Hi Jim
>>>>
>>>> There should only be one, but there may be multiple threads.  Use "ps
>>>> fauxwww".  Partial output from one of my DCs.
>>>>
>>>> root      1217  0.0  3.7 573208 37832 ?        Ss   Sep07   0:01
>>>> /usr/sbin/samba -D
>>>> root      1918  0.0  3.3 573208 33664 ?        S    Sep07   0:00  \_
>>>> /usr/sbin/samba -D
>>>> root      1921  0.0  3.8 612900 38868 ?        Ss   Sep07   0:20  |   \_
>>>> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>>>> root      1920  0.1  3.9 579892 39872 ?        S    Sep07   9:46  \_
>>>> /usr/sbin/samba -D
>>>> root      1924  0.0  3.5 577360 36068 ?        S    Sep07   0:05  \_
>>>> /usr/sbin/samba -D
>>>> root      1926  0.0  3.2 573208 33532 ?        S    Sep07   0:00  \_
>>>> /usr/sbin/samba -D
>>>> root      1927  0.0  3.8 575720 38684 ?        S    Sep07   0:18  \_
>>>> /usr/sbin/samba -D
>>>> root      1930  0.0  3.4 573208 34992 ?        S    Sep07   0:08  \_
>>>> /usr/sbin/samba -D
>>>> root      1934  0.0  3.7 579456 38064 ?        S    Sep07   0:07  \_
>>>> /usr/sbin/samba -D
>>>> root      1936  0.1  3.7 582016 38232 ?        S    Sep07   5:40  \_
>>>> /usr/sbin/samba -D
>>>> root      1937  0.0  3.3 573208 33652 ?        S    Sep07   0:00  \_
>>>> /usr/sbin/samba -D
>>>> root      1942  0.0  3.7 582788 38172 ?        Ss   Sep07   0:18  |   \_
>>>> /usr/sbin/winbindd -D --option=server role check:inhibit=yes
>>>> --foreground
>>>> root      2007  0.0  3.6 598548 36672 ?        S    Sep07   0:34  |
>>>>     \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes
>>>> --foreground
>>>> root     12871  0.0  3.5 599088 36516 ?        S    Sep07   0:00  |
>>>>     \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes
>>>> --foreground
>>>> root     12872  0.0  3.4 582788 34696 ?        S    Sep07   0:00  |
>>>>     \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes
>>>> --foreground
>>>> root      1940  0.0  3.4 573208 34744 ?        S    Sep07   0:00  \_
>>>> /usr/sbin/samba -D
>>>> root      1941  0.0  4.5 577360 46040 ?        S    Sep07   1:52  \_
>>>> /usr/sbin/samba -D
>>>> root      1943  0.0  3.4 573208 34772 ?        S    Sep07   0:19  \_
>>>> /usr/sbin/samba -D
>>>>
>>>>
>>>> Is this on a DC or member server?  On a DC you do not need to start
>>>> winbindd.  The samba process will do this for you.
>>> This is on a member server.  It is not serving any Samba shares, just
>>> using winbindd for user and group enumeration/authentication.
>>>
>>>
>>> Jim
>>>
>> Something looks very odd with the log fragments you posted, can you post
>> your smb.conf.
>>
>> Rowland
> [global]
> #--authconfig--start-line--
>
> # Generated by authconfig on 2015/08/20 12:32:39
> # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
> # Any modification may be deleted or altered by authconfig in future
>
>     workgroup = MYDOM
>     password server = ad1.admcs.mydom.org ad2.admcs.mydom.org
>     realm = ACTIV.DIR.MYDOM.EDU
>     security = ads
> #   idmap config * : range = 16777216-33554431
>     idmap uid = 10000001-19999999
>     idmap gid = 10000001-19999999
>     template homedir = /home/%U
>     template shell = /bin/bash
>     kerberos method = secrets only
>     winbind use default domain = true
>     winbind offline logon = false
>
> #--authconfig--end-line--
>     server string = love-g5
>     load printers = yes
>     log file = /var/log/samba/log.%m
>     log level = 5
>     max log size = 1500
>     passdb backend = tdbsam
>     local master = no
>     wins server = 10.160.248.80 10.160.248.83
>     dns proxy = no
>     winbind enum users = no
>     winbind enum groups = no
>     winbind nested groups = yes
>     winbind cache time = 60000
>     deadtime = 480
>     socket options = TCP_NODELAY
>     idmap backend = tdb
>     idmap config MYDOM : backend     = rid
>     idmap config MYDOM : range       = 70000 - 10000000
>     unix extensions = no
>     case sensitive = no
>
>

That is a seriously screwed up smb.conf, do you by any chance have sssd 
installed and is it running ?

I would change your smb.conf to this:

[global]
    workgroup = MYDOM
    security = ads
    realm = ACTIV.DIR.MYDOM.EDU # <-- make sure this is the same realm 
as the AD DC
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    server string = love-g5
    winbind enum users = no
    winbind enum groups = no
    winbind use default domain = true
    winbind nested groups = yes
    winbind cache time = 60000
    winbind refresh tickets = Yes
    idmap config * : backend = tdb
    idmap config * : range = 16777216-33554431
    idmap config MYDOM : backend = rid
    idmap config MYDOM : range = 70000-10000000
    template homedir = /home/%U
    template shell = /bin/bash
    log file = /var/log/samba/log.%m
    log level = 5
    max log size = 1500
    local master = no
    dns proxy = no
    deadtime = 480
    unix extensions = no

This should work with winbind

Rowland

More information about the samba mailing list