[Samba] smbd fails to start after upgrade to version 4.11.6

L.P.H. van Belle belle at bazuin.nl
Tue Feb 4 09:25:27 UTC 2020


Roy, 

Im still wondering what your problem might be/where its coming from. 
But we know it's interface/network related, only thing is Samba should not coredump. 

So i had a good look below to see where im missing what. 
And i dont see much to work with. 

I have 2 possible options where, where a problem might be.

1) samba start before network is online. 
A possible workaround is add in all the samba services : 
smbd.service nmbd.service winbind.service
[Unit]
Wants=network-online.target
After=network-online.target

systemctl edit smbd
systemctl edit nmbd
systemctl edit winbind

But, i dont think its that, because here (my setup) and Rowland its pi are all working fine. 

( based on : open_sockets_smbd: No sockets available to bind to. ) 
And google is also telling, most probely due to starting and no network up. 

And/or, if your using the /etc/network/interfaces file, run this. 
https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh 
Run it like this : 
bash setup-systemd-networkd.sh member
Verify the files, and try to replace /etc/network/interfaces. 

It creates the needes systemd networking files, they are places in the folder where you run it.
It does NOT change anything, it shows what todo with the files. 

It also might be an interface name thingy,, as Kris Lou mentions. 
So run it and whats in the generated files. 

2) something is corrupt in samba database. 
Lets hope not.. 

A check on the script, and based on the output you sended before. 
Just to make the thread complete, so i have a backlog of it. 
(Todo, make better output of errors or functions with empty values.)

> >
> >I would try and fix it first, can you download and run 
> Louis's script:
> >https://github.com/thctlo/samba4/blob/master/samba-collect-de
bug-info.sh
> >Sanitise the output and post the output into a reply to this.
> >
> >Rowland
> 
> OK:
> root at pi4b:~/scripts# ./samba-collect-debug-info.sh
> Please wait, collecting debug info.
> 
> Password for Administrator at SAMDOM.ORG:
> grep: : No such file or directory

Around line 144 in the script, which means its just not running. 

> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> 
> The debug info about your system can be found in this file:
> /tmp/samba-debug-info.txt
> --------------------  /tmp/samba-debug-info.txt ----------------
> Collected config  --- 2020-01-29-20:20 -----------
> 
> Hostname: pi4b
> DNS Domain: samdom.org
> FQDN: pi4b.samdom.org
> ipaddress: 192.168.2.51 
> 
> -----------
>  
> Kerberos SRV _kerberos._tcp.samdom.org record verified ok, 
> sample output: 
> Server:		192.168.2.240
> Address:	192.168.2.240#53
> 
> _kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
> _kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.

2 AD-DC's are detected. 
Can you verify these with 
dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' )
dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
host $(hostname -d)

> Samba is not being run as a DC or a Unix domain member.

Line 157-159 so, because samba isnt running the script error on these parts. 

Just to make sure its not coming from fault DNS records. 

> 
> -----------
>        Checking file: /etc/os-release
> 
> PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> 
> -----------
> 
> 
> This computer is running Debian 10.2 armv7l
> 
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state 
> UNKNOWN group
> default qlen 1000
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq 
> state UP group
> default qlen 1000
>     link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state 
> DOWN group default
> qlen 1000
>     link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> 
> -----------
>        Checking file: /etc/hosts
> 
> 127.0.0.1	localhost
> ::1		localhost ip6-localhost ip6-loopback
> ff02::1		ip6-allnodes
> ff02::2		ip6-allrouters
> 
> 192.168.2.51	pi4b.samdom.org	pi4b
> 
> -----------
> 
>        Checking file: /etc/resolv.conf
> 
> search samdom.org
> nameserver 192.168.2.240
> nameserver 192.168.2.4
> 
> -----------
> 
>        Checking file: /etc/krb5.conf
> 
> [libdefaults]
> 	default_realm = samdom.org
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
> 
> -----------
I cant see it but UPPERCASE SAMDOM.ORG in REALM
dnsdomains.tld
REALMS.TLD 
It just prevents small errors in combination with othere software. 


> 
>        Checking file: /etc/nsswitch.conf
> 
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> gshadow:        files
> 
> hosts:          files mdns4_minimal [NOTFOUND=return] dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> -----------
> 
>     Warning,  does not exist

This is around line 300. 
Where i think the " " is the missing file and this is 
Or : Check_file_exists "${SMBCONF}"  which whould be strange. 
So i think its : 
This line in the script. 
Check_file_exists /etc/idmapd.conf
Can you check that, its just to make sure where i need to add parts in the script. 


> 
> -----------
> 
> 
> Installed packages:
> ii  acl                                   2.2.53-4
> armhf        access control list - utilities
> ii  attr                                  1:2.4.48-4
> armhf        utilities for manipulating filesystem extended attributes
> ii  fonts-quicksand                       0.2016-2
> all          sans-serif font with round attributes
> ii  krb5-config                           2.6
> all          Configuration files for Kerberos Version 5
> ii  krb5-user                             1.17-3
> armhf        basic programs to authenticate using MIT Kerberos
> ii  libacl1:armhf                         2.2.53-4
> armhf        access control list - shared library
> ii  libattr1:armhf                        1:2.4.48-4
> armhf        extended attribute handling - shared library
> ii  libgssapi-krb5-2:armhf                1.17-3
> armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-3:armhf                       1.17-3
> armhf        MIT Kerberos runtime libraries
> ii  libkrb5support0:armhf                 1.17-3
> armhf        MIT Kerberos runtime libraries - Support library
> ii  libnss-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba nameservice integration plugins
> ii  libpam-krb5:armhf                     4.8-2
> armhf        PAM module for MIT Kerberos
> ii  libpam-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> armhf        Windows domain authentication integration plugin
> ii  libsmbclient:armhf                    2:4.11.6+dfsg-0.1raspbian1
> armhf        shared library for communication with SMB/CIFS servers
> ii  libwbclient0:armhf                    2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba winbind client library
> ii  node-tweetnacl                        0.14.5+dfsg-3
> all          Port of TweetNaCl cryptographic library to JavaScript
> ii  python3-samba                         2:4.11.6+dfsg-0.1raspbian1
> armhf        Python 3 bindings for Samba
> ii  samba                                 2:4.11.6+dfsg-0.1raspbian1
> armhf        SMB/CIFS file, print, and login server for Unix
> ii  samba-common                          2:4.11.6+dfsg-0.1raspbian1
> all          common files used by both the Samba server and client
> ii  samba-common-bin                      2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba common files used by both the server and the client
> ii  samba-dsdb-modules:armhf              2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba Directory Services Database
> ii  samba-libs:armhf                      2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba core libraries
> ii  samba-vfs-modules:armhf               2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba Virtual FileSystem plugins
> ii  smbclient                             2:4.11.6+dfsg-0.1raspbian1
> armhf        command-line SMB/CIFS clients for Unix
> ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
> armhf        Samba plugin for VLC
> ii  winbind                               2:4.11.6+dfsg-0.1raspbian1
> armhf        service to resolve user and group information 
> from Windows NT
> servers
> 
> -----------
> 
> Louis' script failed to print out smb.conf (even though it exists at
> /etc/samba/smb.conf) and user.map, so here they are:
> ---------- smb.conf -----------
> [global]
> 
> 	netbios name = pi4b
> 	security = ADS
> 	workgroup = SAMDOM
> 	realm = SAMDOM.ORG
> 
> 	# disable smb1
> 	client min protocol = smb2_02
> 	server min protocol = smb2_02
> 
> 	log file = /var/log/samba/%m.log
> 	log level = 1
> 
> 	# to prevent "Address family not supported by protocol" messages
> (ipv6)
> 	bind interfaces only = yes
> 	interfaces = lo eth0
> 
> 	dedicated keytab file = /etc/krb5.keytab
> 	kerberos method = secrets and keytab
> 	winbind refresh tickets = yes
> 
> 	winbind use default domain = yes
> 
> 	# Default idmap config used for BUILTIN and local 
> accounts/groups
> 	idmap config * : backend = tdb
> 	idmap config * : range = 2000-9999
> 
> 	# idmap config for domain samdom
> 	idmap config SAMDOM:backend = rid
> 	idmap config SAMDOM:range = 10000-99999
> 
> 	# next two lines for testing only - comment-out once working ok
> #	winbind enum users = yes
> #	winbind enum groups = yes
> 
> 	template shell = /bin/bash
> #	template homedir = /srv/samba/users/%U
> 
> 	vfs objects = acl_xattr
> 	map acl inherit = yes
> 	store dos attributes = yes
> 	username map = /etc/samba/user.map
> 
> [images]
> 	# for backup images made by Macrium Reflect
> 	path = /srv/samba/images
> 	read only = no
> 	acl_xattr:ignore system acl = yes
> 
> [downloads]
> 	path = /srv/samba/downloads
> 	read only = no
> 	acl_xattr:ignore system acl = yes
> 
> ---------------user.map --------------------
> !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> administrator
> 
> Thanks in advance for any clues!
> 
> Roy
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list