[Samba] winbindd crashing -- how to auto-heal?
Jamie Jackson
jamiejaxon at gmail.com
Mon Sep 3 14:35:38 UTC 2018
On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Sun, 2 Sep 2018 22:37:05 -0400
> Jamie Jackson via samba <samba at lists.samba.org> wrote:
>
> > Thanks for the workaround, Luca. I might end up going with:
> >
> > #!/bin/bash
> > getent group | grep -q 'Domain Users' && exit 0
> > echo "restarting winbind"
> > sudo systemctl restart winbind
> >
> >
> > Rowland, it crashed again. Here's some info. Please let me know if I
> > should provide more:
> > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f
> >
>
> The last few lines of the log are these:
>
> [2018/09/01 23:19:27.748555, 3, pid=9795]
> ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid)
> msrpc_name_to_sid: name=REDACTED\ROOT
> [2018/09/01 23:19:27.748585, 3, pid=9795]
> ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid)
> name_to_sid [rpc] REDACTED\ROOT for domain REDACTED
> [2018/09/01 23:20:28.475336, 0, pid=9795]
> ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
> Got sig[15] terminate (is_parent=0)
>
> It looks like you ran you script/commands on Sun Sep 2 21:35:39 EDT
> 2018
>
> To my eye, there is nothing really wrong, there certainly isn't any
> evidence of a crash, the only evidence that I can see is that winbind
> has exited.
>
> So I went back to the info you posted earlier, at that time I
> concentrated on the smb.conf, this time I looked a lot more closely at
> this:
>
> $ ps -aux | grep '\(samba\|smb\|winbind\)'
> root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16
> /usr/sbin/winbindd --foreground --no-process-group
> root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01
> /usr/sbin/winbindd --foreground --no-process-group
> root 12857 0.0 0.0 406020 964 ? S Aug31 0:03
> /usr/sbin/winbindd --foreground --no-process-group
> root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00
> /usr/sbin/winbindd --foreground --no-process-group
> root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00
> /usr/sbin/winbindd --foreground --no-process-group
>
> If I run the same command on a Unix domain member, I get this:
>
> root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03
> /usr/sbin/winbindd
> root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10
> /usr/sbin/winbindd
> root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00
> /usr/sbin/smbd -D
> root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00
> /usr/sbin/smbd -D
> root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00
> /usr/sbin/smbd -D
> root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00
> /usr/sbin/winbindd
> root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00
> /usr/sbin/winbindd
> root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01
> /usr/sbin/winbindd
>
> So, from that, can I ask these questions:
>
> Why isn't 'smbd' running ?
>
I didn't set this up, but I assume the sysadmins didn't run it because
they, like Luca, probably assumed that smbd was for server functionality
(to provide services to clients), whereas, AFAIK, our hosts only act as
clients. Could you explain how smbd fits into this when the hosts are
consuming remote services (but presumably not providing any)?
> Is 'nmbd' running ?
>
Doesn't look like it:
[jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep
'\(smb\|samba\|sssd\|winbind\|nmb\)'
● nmb.service
not-found inactive dead
nmb.service
winbind.service
loaded active running Samba
Winbind Daemon
> Why aren't you running 'winbind' as a daemon ?
>
No clue, but here's what I found in systemd:
[jamie.jackson at rwhudxdkrdev ~]$ cat /usr/lib/systemd/system/winbind.service
[Unit]
Description=Samba Winbind Daemon
After=syslog.target network.target nmb.service
[Service]
Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
Type=notify
NotifyAccess=all
PIDFile=/run/winbindd.pid
EnvironmentFile=-/etc/sysconfig/samba
ExecStart=/usr/sbin/winbindd --foreground --no-process-group
"$WINBINDOPTIONS"
ExecReload=/usr/bin/kill -HUP $MAINPID
LimitCORE=infinity
[Install]
WantedBy=multi-user.target
> Why do feel you don't need a process group for winbind ?
>
I'm not the implementor (but I can pass your questions on to that group).
However, if I were to guess: The implementors probably aren't trying to be
creative or contrary. I figure they probably found a solution that seemed
to (mostly) work--maybe many years ago--and they might not know exactly how
to implement AD integration in RHEL according to best practice.
At this point, it might make more sense to throw out the current
configuration (since I'm gleaning from your questions that it's unorthodox)
and start fresh, but let's see what your impressions are after the latest
bits of info above.
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list