[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Rowland penny
rpenny at samba.org
Sun Apr 3 07:26:05 UTC 2016
On 02/04/16 22:11, Sonic wrote:
> On Sat, Apr 2, 2016 at 4:05 PM, Rowland penny <rpenny at samba.org> wrote:
>> I compile Samba myself and I use init files, I would rather have them than
>> the bloat systemd comes with. They are not complex if you understand bash
>> and are a lot easier to understand than all that systemd comes with.
> At first I felt the same way but the service files are starting to
> seem simpler. Yes, the shell scripts are quite readable but also a bit
> unwieldly when compared to the systemd service files. After working
> with them for a while, I'd rather edit the service files.
>
> Compare...
> My systemd service files (nmbd, smbd, ad)
> 39 lines including white space
> =============================
> =============================
> [Unit]
> Description=Samba SMB/CIFS server
> After=network.target nmbd.service
>
> [Service]
> Type=forking
> PIDFile=/usr/local/samba/var/run/smbd.pid
> LimitNOFILE=16384
> ExecStart=/usr/local/samba/sbin/smbd -D
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> WantedBy=multi-user.target
> =============================
> [Unit]
> Description=Samba NetBIOS name server
> After=network.target
>
> [Service]
> Type=forking
> PIDFile=/usr/local/samba/var/run/nmbd.pid
> ExecStart=/usr/local/samba/sbin/nmbd -D
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> WantedBy=multi-user.target
> =============================
> [Unit]
> Description=Samba AD server
> After=network.target
>
> [Service]
> Type=forking
> PIDFile=/usr/local/samba/var/run/samba.pid
> LimitNOFILE=16384
> EnvironmentFile=-/usr/local/samba/etc/conf.d/samba
> ExecStart=/usr/local/samba/sbin/samba $SAMBAOPTIONS
> ExecReload=/bin/kill -HUP $MAINPID
>
> [Install]
> WantedBy=multi-user.target
> =============================
> =============================
>
> Now Debian's init scripts (samba, samba-ad-dc, nmbd, smbd)
> almost 250 lines including white space
> =============================
> =============================
> #!/bin/sh
>
> ### BEGIN INIT INFO
> # Provides: samba
> # Required-Start:
> # Required-Stop:
> # Default-Start:
> # Default-Stop:
> # Short-Description: ensure Samba daemons are started (nmbd and smbd)
> ### END INIT INFO
>
> set -e
>
> # start nmbd, smbd and samba-ad-dc unconditionally
> # the init scripts themselves check if they are needed or not
> case $1 in
> start)
> /etc/init.d/nmbd start
> /etc/init.d/smbd start
> /etc/init.d/samba-ad-dc start
> ;;
> stop)
> /etc/init.d/samba-ad-dc stop
> /etc/init.d/smbd stop
> /etc/init.d/nmbd stop
> ;;
> reload)
> /etc/init.d/smbd reload
> ;;
> restart|force-reload)
> /etc/init.d/nmbd "$1"
> /etc/init.d/smbd "$1"
> /etc/init.d/samba-ad-dc "$1"
> ;;
> status)
> status=0
> NMBD_DISABLED=`testparm -s --parameter-name='disable
> netbios' 2>/dev/null || true`
> SERVER_ROLE=`samba-tool testparm
> --parameter-name="server role" 2>/dev/null | tail -1 || true`
> if [ "$SERVER_ROLE" != "active directory domain
> controller" ]; then
> if [ "$NMBD_DISABLED" != "Yes" ]; then
> /etc/init.d/nmbd status || status=$?
> fi
> /etc/init.d/smbd status || status=$?
> else
> /etc/init.d/samba-ad-dc status || status=$?
> fi
> exit $status
> ;;
> *)
> echo "Usage: /etc/init.d/samba
> {start|stop|reload|restart|force-reload|status}"
> exit 1
> ;;
> esac
> =============================
> #! /bin/sh
>
> ### BEGIN INIT INFO
> # Provides: samba-ad-dc
> # Required-Start: $network $local_fs $remote_fs
> # Required-Stop: $network $local_fs $remote_fs
> # Default-Start: 2 3 4 5
> # Default-Stop: 0 1 6
> # Short-Description: start Samba daemons for the AD DC
> ### END INIT INFO
>
> #
> # Start/stops the Samba daemon (samba).
> # Adapted from the Samba 3 packages.
> #
>
> PIDDIR=/var/run/samba
> SAMBAPID=$PIDDIR/samba.pid
>
> # clear conflicting settings from the environment
> unset TMPDIR
>
> # See if the daemon and the config file are there
> test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0
>
> . /lib/lsb/init-functions
>
> case "$1" in
> start)
> SERVER_ROLE=`samba-tool testparm
> --parameter-name="server role" 2>/dev/null | tail -1`
> if [ "$SERVER_ROLE" != "active directory domain
> controller" ]; then
> exit 0
> fi
>
> if init_is_upstart; then
> exit 1
> fi
>
> # CVE-2013-4475
> KEYFILE=/var/lib/samba/private/tls/key.pem
> if [ -e $KEYFILE ]
> then
> KEYPERMS=`stat -c %a $KEYFILE`
> if [ "$KEYPERMS" != "600" ]
> then
> echo "wrong permission
> on $KEYFILE, must be 600"
> echo "samba will not
> start (CVE-2013-4475)"
> echo "Removing all tls
> .pem files will cause an auto-regeneration with the correct
> permissions."
> exit 1
> fi
> fi
>
> log_daemon_msg "Starting Samba AD DC daemon" "samba"
> # Make sure we have our PIDDIR, even if it's on a tmpfs
> install -o root -g root -m 755 -d $PIDDIR
>
> if ! start-stop-daemon --start --quiet --oknodo --exec
> /usr/sbin/samba -- -D; then
> log_end_msg 1
> exit 1
> fi
>
> log_end_msg 0
> ;;
> stop)
> if init_is_upstart; then
> exit 0
> fi
> log_daemon_msg "Stopping Samba AD DC daemon" "samba"
>
> start-stop-daemon --stop --quiet --pidfile $SAMBAPID
> # Wait a little and remove stale PID file
> sleep 1
> if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
> then
> # Stale PID file (samba was succesfully stopped),
> # remove it (should be removed by samba itself IMHO.)
> rm -f $SAMBAPID
> fi
>
> log_end_msg 0
>
> ;;
> restart|force-reload)
> if init_is_upstart; then
> exit 1
> fi
> $0 stop
> sleep 1
> $0 start
> ;;
> status)
> status_of_proc -p $SAMBAPID /usr/sbin/samba samba
> exit $?
> ;;
> *)
> echo "Usage: /etc/init.d/samba-ad-dc
> {start|stop|restart|force-reload|status}"
> exit 1
> ;;
> esac
>
> exit 0
> =============================
> #!/bin/sh
>
> ### BEGIN INIT INFO
> # Provides: nmbd
> # Required-Start: $network $local_fs $remote_fs
> # Required-Stop: $network $local_fs $remote_fs
> # X-Start-Before: smbd
> # Default-Start: 2 3 4 5
> # Default-Stop: 0 1 6
> # Short-Description: start Samba NetBIOS nameserver (nmbd)
> ### END INIT INFO
>
>
> PIDDIR=/var/run/samba
> NMBDPID=$PIDDIR/nmbd.pid
>
> # clear conflicting settings from the environment
> unset TMPDIR
>
> # See if the daemons are there
> test -x /usr/sbin/nmbd || exit 0
>
> . /lib/lsb/init-functions
>
> case $1 in
> start)
> if init_is_upstart; then
> exit 1
> fi
> SERVER_ROLE=`samba-tool testparm
> --parameter-name="server role" 2>/dev/null | tail -1`
> if [ "$SERVER_ROLE" = "active directory domain
> controller" ]; then
> exit 0
> fi
>
> if [ -n `which testparm` ]
> then
> NMBD_DISABLED=`testparm -s
> --parameter-name='disable netbios' 2>/dev/null`
> fi
> if [ "$NMBD_DISABLED" != Yes ]; then
> log_daemon_msg "Starting NetBIOS name server" nmbd
> # Make sure we have our PIDDIR, even if it's on a tmpfs
> install -o root -g root -m 755 -d $PIDDIR
>
> if ! start-stop-daemon --start --quiet
> --oknodo --exec /usr/sbin/nmbd -- -D
> then
> log_end_msg 1
> exit 1
> fi
> log_end_msg 0
> fi
>
> ;;
> stop)
> if init_is_upstart; then
> exit 0
> fi
>
> log_daemon_msg "Stopping NetBIOS name server" nmbd
>
> start-stop-daemon --stop --quiet --pidfile $NMBDPID
> # Wait a little and remove stale PID file
> sleep 1
> if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
> then
> # Stale PID file (nmbd was succesfully stopped),
> # remove it (should be removed by nmbd itself IMHO.)
> rm -f $NMBDPID
> fi
>
> log_end_msg 0
>
> ;;
> restart|force-reload)
> if init_is_upstart; then
> exit 1
> fi
> $0 stop
> sleep 1
> $0 start
> ;;
> status)
> status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd
> exit $?
> ;;
> *)
> echo "Usage: /etc/init.d/nmbd
> {start|stop|restart|force-reload|status}"
> exit 1
> ;;
> esac
>
> exit 0
> =============================
> #!/bin/sh
>
> ### BEGIN INIT INFO
> # Provides: smbd
> # Required-Start: $network $local_fs $remote_fs
> # Required-Stop: $network $local_fs $remote_fs
> # Default-Start: 2 3 4 5
> # Default-Stop: 0 1 6
> # Should-Start: slapd cups
> # Should-Stop: slapd cups
> # Short-Description: start Samba SMB/CIFS daemon (smbd)
> ### END INIT INFO
>
>
> PIDDIR=/var/run/samba
> SMBDPID=$PIDDIR/smbd.pid
>
> # clear conflicting settings from the environment
> unset TMPDIR
>
> # See if the daemons are there
> test -x /usr/sbin/smbd || exit 0
>
> . /lib/lsb/init-functions
>
> case $1 in
> start)
> if init_is_upstart; then
> exit 1
> fi
> SERVER_ROLE=`samba-tool testparm
> --parameter-name="server role" 2>/dev/null | tail -1`
> if [ "$SERVER_ROLE" = "active directory domain
> controller" ]; then
> exit 0
> fi
>
> log_daemon_msg "Starting SMB/CIFS daemon" smbd
> # Make sure we have our PIDDIR, even if it's on a tmpfs
> install -o root -g root -m 755 -d $PIDDIR
>
> if ! start-stop-daemon --start --quiet --oknodo --exec
> /usr/sbin/smbd -- -D; then
> log_end_msg 1
> exit 1
> fi
>
> log_end_msg 0
> ;;
> stop)
> if init_is_upstart; then
> exit 0
> fi
>
> log_daemon_msg "Stopping SMB/CIFS daemon" smbd
>
> start-stop-daemon --stop --quiet --pidfile $SMBDPID
> # Wait a little and remove stale PID file
> sleep 1
> if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
> then
> # Stale PID file, remove it (should be removed by
> # smbd itself IMHO).
> rm -f $SMBDPID
> fi
>
> log_end_msg 0
>
> ;;
> reload)
> log_daemon_msg "Reloading /etc/samba/smb.conf" smbd
>
> start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID
>
> log_end_msg 0
> ;;
> restart|force-reload)
> if init_is_upstart; then
> exit 1
> fi
> $0 stop
> sleep 1
> $0 start
> ;;
> status)
> status_of_proc -p $SMBDPID /usr/sbin/smbd smbd
> exit $?
> ;;
> *)
> echo "Usage: /etc/init.d/smbd
> {start|stop|reload|restart|force-reload|status}"
> exit 1
> ;;
> esac
>
> exit 0
> =============================
> =============================
OK, the systemd startup scripts are shorter, big deal, all that has
happened is what was in an easy readable bash script is now in a
compiled binary.
Systemd might have been ok if it had stuck to being a replacement for
init scripts, but it seems every time you turn around it has dragged in
something else, su, network etc etc. If I wanted to use windows, I would.
You will never get me to accept systemd as it is, I will move to one of
the BSDs if I have to, so I suggest we leave it here, before someone
gets upset.
Rowland
More information about the samba
mailing list