[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help
Rowland penny
rpenny at samba.org
Fri Nov 29 08:26:45 UTC 2019
On 28/11/2019 22:32, Frank Steiner wrote:
> Rowland penny via samba wrote:
>
>> So your server doesn't seem to be able to find winbindd, are you sure it
>> is running ?
>>
>> What does this show:
>>
>> ps ax | grep '[w]inbind'
>>
>> What OS is this ?
>
> It's SuSE Linux Enterprise 15sp1. winbindd is definitely running, I
> showed
> that in the first mail in the output of "rcwinbind status", there you
> can see
> the processes in the cgroup.
>
> Just checked it again: restarted winbindd, then smbd, then tried the
> connection. Afterwards you can see in the systemd journal that winbindd
> was running when smbd failed to find it:
>
> server2 /root# journalctl | grep winbind
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,
> 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
> Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache:
> clearing cache and re-creating with version number 2
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Nov 28 23:25:20 server2 winbindd[30973]: daemon_ready: STATUS=daemon
> 'winbindd' finished starting up and ready to serve connections
> Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,
> 0] ../source3/libsmb/namequery.c:78(saf_store)
> Nov 28 23:25:20 server2 winbindd[30975]: saf_store: refusing to
> store 0 length domain or servername!
> Nov 28 23:25:36 server2 smbd[31001]: [2019/11/28 23:25:36.075480, 0]
> ../source3/auth/auth_winbind.c:122(check_winbind_security)
> Nov 28 23:25:36 server2 smbd[31001]: check_winbind_security:
> winbindd not running - but required as domain member:
> NT_STATUS_NO_LOGON_SERVERS
>
>
>
> Processes are indeed still there:
>
> server2 /root# pgrep -f -a winbindd
> 30973 /usr/sbin/winbindd --foreground --no-process-group
> 30975 /usr/sbin/winbindd --foreground --no-process-group
>
>
>
> And winbind service looks healthy:
>
> server2 /root# rcwinbind status
> * winbind.service - Samba Winbind Daemon
> Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled;
> vendor preset: disabled)
> Active: active (running) since Thu 2019-11-28 23:25:20 CET; 2min
> 49s ago
> Main PID: 30973 (winbindd)
> Status: "winbindd: ready to serve connections..."
> Tasks: 2 (limit: 4915)
> CGroup: /system.slice/winbind.service
> |-30973 /usr/sbin/winbindd --foreground --no-process-group
> `-30975 /usr/sbin/winbindd --foreground --no-process-group
>
> Nov 28 23:25:19 server2 systemd[1]: Starting Samba Winbind Daemon...
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,
> 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
> Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache:
> clearing cache and re-creating with version number 2
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Nov 28 23:25:20 server2 winbindd[30973]: daemon_ready: STATUS=daemon
> 'winbindd' finished starting up and ready to serve connections
> Nov 28 23:25:20 server2 systemd[1]: Started Samba Winbind Daemon.
> Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,
> 0] ../source3/libsmb/namequery.c:78(saf_store)
> Nov 28 23:25:20 server2 winbindd[30975]: saf_store: refusing to
> store 0 length domain or servername!
>
>
>
> I've no idea why smbd doesn't see it :-(
>
> cu,
> Frank
>
>
Could it be Selinux or Apparmor (not sure which SLES uses) stopping smbd
contacting winbindd ?
Could the SLES Samba packages be wrong ?
Have you tried starting smbd and then winbind ?
Rowland
More information about the samba
mailing list