[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help
Frank Steiner
fsteiner-mail1 at bio.ifi.lmu.de
Thu Nov 28 22:32:04 UTC 2019
Rowland penny via samba wrote:
> So your server doesn't seem to be able to find winbindd, are you sure it
> is running ?
>
> What does this show:
>
> ps ax | grep '[w]inbind'
>
> What OS is this ?
It's SuSE Linux Enterprise 15sp1. winbindd is definitely running, I showed
that in the first mail in the output of "rcwinbind status", there you can see
the processes in the cgroup.
Just checked it again: restarted winbindd, then smbd, then tried the
connection. Afterwards you can see in the systemd journal that winbindd
was running when smbd failed to find it:
server2 /root# journalctl | grep winbind
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238, 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Nov 28 23:25:20 server2 winbindd[30973]: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423, 0] ../source3/libsmb/namequery.c:78(saf_store)
Nov 28 23:25:20 server2 winbindd[30975]: saf_store: refusing to store 0 length domain or servername!
Nov 28 23:25:36 server2 smbd[31001]: [2019/11/28 23:25:36.075480, 0] ../source3/auth/auth_winbind.c:122(check_winbind_security)
Nov 28 23:25:36 server2 smbd[31001]: check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS
Processes are indeed still there:
server2 /root# pgrep -f -a winbindd
30973 /usr/sbin/winbindd --foreground --no-process-group
30975 /usr/sbin/winbindd --foreground --no-process-group
And winbind service looks healthy:
server2 /root# rcwinbind status
* winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2019-11-28 23:25:20 CET; 2min 49s ago
Main PID: 30973 (winbindd)
Status: "winbindd: ready to serve connections..."
Tasks: 2 (limit: 4915)
CGroup: /system.slice/winbind.service
|-30973 /usr/sbin/winbindd --foreground --no-process-group
`-30975 /usr/sbin/winbindd --foreground --no-process-group
Nov 28 23:25:19 server2 systemd[1]: Starting Samba Winbind Daemon...
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238, 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649, 0] ../lib/util/become_daemon.c:138(daemon_ready)
Nov 28 23:25:20 server2 winbindd[30973]: daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Nov 28 23:25:20 server2 systemd[1]: Started Samba Winbind Daemon.
Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423, 0] ../source3/libsmb/namequery.c:78(saf_store)
Nov 28 23:25:20 server2 winbindd[30975]: saf_store: refusing to store 0 length domain or servername!
I've no idea why smbd doesn't see it :-(
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
More information about the samba
mailing list