[Samba] winbindd crashing -- how to auto-heal?
Jamie Jackson
jamiejaxon at gmail.com
Mon Sep 3 14:47:42 UTC 2018
On Mon, Sep 3, 2018 at 10:35 AM Jamie Jackson <jamiejaxon at gmail.com> wrote:
>
>
> On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Sun, 2 Sep 2018 22:37:05 -0400
>> Jamie Jackson via samba <samba at lists.samba.org> wrote:
>>
>> > Thanks for the workaround, Luca. I might end up going with:
>> >
>> > #!/bin/bash
>> > getent group | grep -q 'Domain Users' && exit 0
>> > echo "restarting winbind"
>> > sudo systemctl restart winbind
>> >
>> >
>> > Rowland, it crashed again. Here's some info. Please let me know if I
>> > should provide more:
>> > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f
>> >
>>
>> The last few lines of the log are these:
>>
>> [2018/09/01 23:19:27.748555, 3, pid=9795]
>> ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid)
>> msrpc_name_to_sid: name=REDACTED\ROOT
>> [2018/09/01 23:19:27.748585, 3, pid=9795]
>> ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid)
>> name_to_sid [rpc] REDACTED\ROOT for domain REDACTED
>> [2018/09/01 23:20:28.475336, 0, pid=9795]
>> ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
>> Got sig[15] terminate (is_parent=0)
>>
>> It looks like you ran you script/commands on Sun Sep 2 21:35:39 EDT
>> 2018
>>
>> To my eye, there is nothing really wrong, there certainly isn't any
>> evidence of a crash, the only evidence that I can see is that winbind
>> has exited.
>>
>> So I went back to the info you posted earlier, at that time I
>> concentrated on the smb.conf, this time I looked a lot more closely at
>> this:
>>
>> $ ps -aux | grep '\(samba\|smb\|winbind\)'
>> root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16
>> /usr/sbin/winbindd --foreground --no-process-group
>> root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01
>> /usr/sbin/winbindd --foreground --no-process-group
>> root 12857 0.0 0.0 406020 964 ? S Aug31 0:03
>> /usr/sbin/winbindd --foreground --no-process-group
>> root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00
>> /usr/sbin/winbindd --foreground --no-process-group
>> root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00
>> /usr/sbin/winbindd --foreground --no-process-group
>>
>> If I run the same command on a Unix domain member, I get this:
>>
>> root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03
>> /usr/sbin/winbindd
>> root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10
>> /usr/sbin/winbindd
>> root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00
>> /usr/sbin/smbd -D
>> root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00
>> /usr/sbin/smbd -D
>> root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00
>> /usr/sbin/smbd -D
>> root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00
>> /usr/sbin/winbindd
>> root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00
>> /usr/sbin/winbindd
>> root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01
>> /usr/sbin/winbindd
>>
>> So, from that, can I ask these questions:
>>
>> Why isn't 'smbd' running ?
>>
>
> I didn't set this up, but I assume the sysadmins didn't run it because
> they, like Luca, probably assumed that smbd was for server functionality
> (to provide services to clients), whereas, AFAIK, our hosts only act as
> clients. Could you explain how smbd fits into this when the hosts are
> consuming remote services (but presumably not providing any)?
>
>
>> Is 'nmbd' running ?
>>
>
> Doesn't look like it:
>
> [jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep
> '\(smb\|samba\|sssd\|winbind\|nmb\)'
> ● nmb.service
> not-found inactive dead
> nmb.service
> winbind.service
> loaded active running Samba
> Winbind Daemon
>
>
>> Why aren't you running 'winbind' as a daemon ?
>>
>
> No clue, but here's what I found in systemd:
>
> [jamie.jackson at rwhudxdkrdev ~]$ cat
> /usr/lib/systemd/system/winbind.service
> [Unit]
> Description=Samba Winbind Daemon
> After=syslog.target network.target nmb.service
>
> [Service]
> Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
> Type=notify
> NotifyAccess=all
> PIDFile=/run/winbindd.pid
> EnvironmentFile=-/etc/sysconfig/samba
> ExecStart=/usr/sbin/winbindd --foreground --no-process-group
> "$WINBINDOPTIONS"
> ExecReload=/usr/bin/kill -HUP $MAINPID
> LimitCORE=infinity
>
> [Install]
> WantedBy=multi-user.target
>
>
FYI, I just checked, and on a stock RHEL 7.5 box, with samba-winbind
installed, the above is what you get. (The file above is stock.)
> Why do feel you don't need a process group for winbind ?
>>
>
> I'm not the implementor (but I can pass your questions on to that group).
> However, if I were to guess: The implementors probably aren't trying to be
> creative or contrary. I figure they probably found a solution that seemed
> to (mostly) work--maybe many years ago--and they might not know exactly how
> to implement AD integration in RHEL according to best practice.
>
> At this point, it might make more sense to throw out the current
> configuration (since I'm gleaning from your questions that it's unorthodox)
> and start fresh, but let's see what your impressions are after the latest
> bits of info above.
>
>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list