[Samba] Error after update from 4.3.11 to 4.3.13

Andrea Venturoli ml at netfence.it
Fri Dec 30 19:57:36 UTC 2016 

Hello.

I'm running a few sites where the AD DC is a FreeBSD jail.

Due to the recent CVEs, I upgraded one of them from 4.3.11 to 4.3.13 and 
suddenly I run into problems.

I don't know whether this matters, but the upgrade involved replacing 
openldap-client with openldap-sasl-client.



Anyway, after the new binaries were in place, Samba would not start.
Relevant part of the logs (I can provide full logs if anyone is interested):

> [2016/12/29 09:58:46.789078,  0] ../source4/smbd/server.c:371(binary_smbd_main)
>   samba version 4.3.13 started.
> ...
> [2016/12/29 09:58:47.084368,  0] ../source4/rpc_server/dcerpc_server.c:1664(dcesrv_init_context)
>   dcesrv_init_context: failed to find endpoint server = 'spoolss'
> [2016/12/29 09:58:47.084430,  0] ../source4/smbd/service_task.c:35(task_server_terminate)
>   task_server_terminate: [Failed to startup dcerpc server task]
> [2016/12/29 09:58:47.085806,  2] ../source4/lib/socket/interface.c:277(interpret_interface)
>   interpret_interface: Adding interface 10.1.2.34/24
> [2016/12/29 09:58:47.085830,  3] ../source4/lib/socket/interface.c:86(add_interface)
>   add_interface: not adding duplicate interface 10.1.2.34
> [2016/12/29 09:58:47.085883,  0] ../source4/nbt_server/interfaces.c:228(nbtd_add_socket)
>   Failed to bind to 10.1.2.34:137 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
> [2016/12/29 09:58:47.085993,  0] ../source4/smbd/service_task.c:35(task_server_terminate)
>   task_server_terminate: [nbtd failed to setup interfaces]
> [2016/12/29 09:58:47.086946,  0] ../source4/smbd/server.c:210(samba_terminate)
>   samba_terminate: Failed to startup dcerpc server task
> [2016/12/29 09:58:47.088478,  0] ../source4/smbd/server.c:210(samba_terminate)
>   samba_terminate: nbtd failed to setup interfaces
> [2016/12/29 09:58:47.092845,  2] ../source4/lib/socket/interface.c:277(interpret_interface)
>   interpret_interface: Adding interface 10.1.2.34/24
> [2016/12/29 09:58:47.092903,  3] ../source4/lib/socket/interface.c:86(add_interface)
>   add_interface: not adding duplicate interface 10.1.2.34
> [2016/12/29 09:58:47.105897,  0] ../source4/smbd/service.c:98(server_service_startup)
>   Failed to start service 'smb' - NT_STATUS_INVALID_SYSTEM_SERVICE
> [2016/12/29 09:58:47.105999,  0] ../lib/util/become_daemon.c:111(exit_daemon)
>   STATUS=daemon failed to start: Samba failed to start services, error code -1073741796
> [2016/12/29 09:58:47.106655,  2] ../source4/lib/socket/interface.c:277(interpret_interface)
>   interpret_interface: Adding interface 10.1.2.34/24
> [2016/12/29 09:58:47.106677,  3] ../source4/lib/socket/interface.c:86(add_interface)
>   add_interface: not adding duplicate interface 10.1.2.34
> ...
>   interpret_interface: Adding interface 10.1.2.34/24
> [2016/12/29 09:58:47.131287,  3] ../source4/lib/socket/interface.c:86(add_interface)
>   add_interface: not adding duplicate interface 10.1.2.34
> ...
> [2016/12/29 09:58:47.418766,  2] ../source4/lib/socket/interface.c:277(interpret_interface)
>   interpret_interface: Adding interface 10.1.2.34/24
> [2016/12/29 09:58:47.418793,  3] ../source4/lib/socket/interface.c:86(add_interface)
>   add_interface: not adding duplicate interface 10.1.2.34




I pinpointed the problem to the following lines in smb4.conf:

> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns, smb
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, spoolss, winreg, srvsvc

I don't remember where these came from, surely some HOWTO.
In any case, replacing them with the default ones (below), solved:

> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver



Since this installation only acts as DC and does not serve files (apart 
from SYSVOL), I don't think the removal of service smb in favour of s3fs 
will change anything. Is this correct?

I'm a little more worried about the removal of the dcerpc endpoints 
(i.e. spoolss, winreg and srvsvc). Are these required from some 
functionality? Everything seems to work for day to day use, but should I 
expect something weird in non-routine tasks (like adding a new domain 
member)?




Also, I can comment the second line (dcerpc endpoint servers) and 
everything will still work; this is not true if I comment the first line 
(server services). This puzzles me, since that value is deemed as the 
default in the man page. Is the man page outdated? What else?



I hope to sort everything out, before I go around and upgrade other sites.

Thanks in advance to anyone who will reply.

  bye
	av.

More information about the samba mailing list