[Samba] Showstopper problem: Winbindd no longer starting

Alex Crow acrow at integrafin.co.uk
Wed Mar 16 13:16:27 UTC 2016 

Hi,

I'm running a samba CTDB setup using default Centos 7.2 repos, fully 
up-to-date. This is in pre-production so this is quite a nasty problem.

Everything was running fine, including after a package update 1-2 days 
ago. However, this morning I can't get winbind started, CTDB times it 
out. I've taken the clustering=yes line out of smb.conf, and run winbind 
at dedug level from the console. I get this:

Processing section "[global]"
doing parameter max protocol = SMB2
doing parameter host msdfs = yes
doing parameter workgroup = IFA_NET
doing parameter netbios name = LIZARDCLUSTER
doing parameter private dir = /mfs/ctdb/private
doing parameter security = DOMAIN
doing parameter passdb backend = tdbsam
doing parameter username map = /etc/samba/smbusers
doing parameter syslog = 0
doing parameter log file = /var/log/samba/%m
doing parameter max log size = 1048576
doing parameter log level = 1
doing parameter name resolve order = wins lmhosts bcast hosts
doing parameter time server = no
doing parameter show add printer wizard = Yes
doing parameter ldap ssl = no
doing parameter guest account = nobody
doing parameter map to guest = bad user
doing parameter require strong key = false
doing parameter winbind sealed pipes = false
doing parameter client signing = off
doing parameter client ldap sasl wrapping = plain
doing parameter idmap config IFA_NET : backend = nss
doing parameter idmap config IFA_NET : range = 500-9999
doing parameter idmap config LIZARDCLUSTER : backend = rid
doing parameter idmap config LIZARDCLUSTER : range = 100000-120000
doing parameter idmap config LIZARDCLUSTER : base_rid = 1000
doing parameter idmap config BUILTIN : backend = rid
doing parameter idmap config BUILTIN : range = 130000-140000
doing parameter idmap config BUILTIN : base_rid = 1000
doing parameter idmap config * : backend = ldap
doing parameter idmap config * : range = 10000-20000
doing parameter idmap config * : ldap_url = "ldap://granite.ifa.net 
ldap://millstone.ifa.net ldap://basalt.ifa.net"
doing parameter idmap config * : ldap_base_dn = ou=idmap,dc=ifa,dc=net
doing parameter idmap config * : ldap_user_dn = cn=manager,dc=ifa,dc=net
doing parameter winbind nested groups = yes
doing parameter winbind trusted domains only = yes
doing parameter winbind use default domain = no
doing parameter allow trusted domains = yes
doing parameter map acl inherit = Yes
doing parameter ea support = Yes
doing parameter wins server = 192.168.20.137
doing parameter nt acl support = yes
doing parameter domain master = no
doing parameter preferred master = no
doing parameter wide links = yes
doing parameter unix extensions = no
doing parameter logon home = ""
doing parameter logon path = ""
doing parameter max stat cache size = 1024
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface enp4s0f0 ip=172.16.25.202 bcast=172.16.31.255 
netmask=255.255.248.0
added interface bond0 ip=172.16.40.15 bcast=172.16.40.255 
netmask=255.255.255.0
added interface bond1 ip=172.16.41.202 bcast=172.16.41.255 
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="LIZARDCLUSTER"
added interface enp4s0f0 ip=172.16.25.202 bcast=172.16.31.255 
netmask=255.255.248.0
added interface bond0 ip=172.16.40.15 bcast=172.16.40.255 
netmask=255.255.255.0
added interface bond1 ip=172.16.41.202 bcast=172.16.41.255 
netmask=255.255.255.0
fcntl_lock 9 6 0 1 1
fcntl_lock: Lock call successful
TimeInit: Serverzone is 0
initialize_winbindd_cache: clearing cache and re-creating with version 
number 2
check lock order 2 for /var/lib/samba/serverid.tdb
lock order:  1:<none> 2:/var/lib/samba/serverid.tdb 3:<none>
Locking key E856000000000000FFFF
Allocated locked data 0x0x7feca51c44c0
Unlocking key E856000000000000FFFF
release lock order 2 for /var/lib/samba/serverid.tdb
lock order:  1:<none> 2:<none> 3:<none>
Registering messaging pointer for type 33 - private_data=(nil)
Registering messaging pointer for type 13 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1029 - private_data=(nil)
Registering messaging pointer for type 1036 - private_data=(nil)
Registering messaging pointer for type 1035 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1032 - private_data=(nil)
Registering messaging pointer for type 1033 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Overriding messaging pointer for type 1 - private_data=(nil)
wcache_tdc_add_domain: Adding domain BUILTIN ((null)), SID S-1-5-32, 
flags = 0x0, attributes = 0x0, type = 0x0
pack_tdc_domains: Packing 1 trusted domains
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
idmap config BUILTIN : range = 130000-140000
Added domain BUILTIN (null) S-1-5-32
wcache_tdc_add_domain: Adding domain LIZARDCLUSTER ((null)), SID 
S-1-5-21-2564830566-656494877-1601369975, flags = 0x0, attributes = 0x0, 
type = 0x0
pack_tdc_domains: Packing 2 trusted domains
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
pack_tdc_domains: Packing domain LIZARDCLUSTER (UNKNOWN)
idmap config LIZARDCLUSTER : range = 100000-120000
Added domain LIZARDCLUSTER (null) S-1-5-21-2564830566-656494877-1601369975
wcache_tdc_add_domain: Adding domain IFA_NET ((null)), SID 
S-1-5-21-1852240-805525997-1232828436, flags = 0x0, attributes = 0x0, 
type = 0x0
pack_tdc_domains: Packing 3 trusted domains
pack_tdc_domains: Packing domain BUILTIN (UNKNOWN)
pack_tdc_domains: Packing domain LIZARDCLUSTER (UNKNOWN)
pack_tdc_domains: Packing domain IFA_NET (UNKNOWN)
idmap config IFA_NET : range = 500-9999
Added domain IFA_NET (null) S-1-5-21-1852240-805525997-1232828436
*set_domain_online_request: called for domain IFA_NET**
**set_domain_online_request: domain IFA_NET was globally offline.

*What is this saying? This is a production domain (NT-style, not AD) and 
is certainly online as otherwise I'd have 300 angry users. The smb.conf 
has not changed for at least a week.

[root at metamora ~]# winbindd -V
Version 4.2.3
[root at metamora ~]# smbd -V
Version 4.2.3

Can anyone help me get this back on its feet?

Many thanks,

Alex

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).

More information about the samba mailing list