[Samba] smbd fails to start after upgrade to version 4.11.6

Roy Eastwood spindles7 at gmail.com
Tue Feb 4 21:26:06 UTC 2020


Hi Loius, 

 
> Roy,
> 
> Im still wondering what your problem might be/where its coming from.
> But we know it's interface/network related, only thing is Samba should not coredump.
> 
> So i had a good look below to see where im missing what.
> And i dont see much to work with.
> 
> I have 2 possible options where, where a problem might be.
> 
> 1) samba start before network is online.
> A possible workaround is add in all the samba services :
> smbd.service nmbd.service winbind.service [Unit] Wants=network-online.target After=network-online.target
> 
> systemctl edit smbd
> systemctl edit nmbd
> systemctl edit winbind
> 
> But, i dont think its that, because here (my setup) and Rowland its pi are all working fine.

Tried the above, still the same.

> 
> ( based on : open_sockets_smbd: No sockets available to bind to. ) And google is also telling, most probely due to starting and no
> network up.
> 
> And/or, if your using the /etc/network/interfaces file, run this.
> https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh
> Run it like this :
> bash setup-systemd-networkd.sh member
> Verify the files, and try to replace /etc/network/interfaces.
> 
> It creates the needes systemd networking files, they are places in the folder where you run it.
> It does NOT change anything, it shows what todo with the files.
> 
> It also might be an interface name thingy,, as Kris Lou mentions.
> So run it and whats in the generated files.
OK, here is the generated lan-member-dev-eth0.network file:
#
# This setup is for a Domain MEMBER server.
# IPV4 only.
[Match]
Name=eth0

[Network]
DHCP=no
DNSSEC=allow-downgrade
DNSSECNegativeTrustAnchors=lan
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no
LLMNR=no

# make use of systemd resolved and its setup, setup the 'search dnsdomain.tld.'
Domains=samdom.org

# lets make use of systemd-timedate and timesyncd for the member servers.
NTP=192.168.2.240 192.168.2.4 

# DNS resolvers (its safe to mix IPv4 and IPv6)
# Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns.
# If you use systemd-resolved stub (caching) dns, use 127.0.0.53 (only)
# Defaults to the AD-DC servers found in the dns.
DNS=192.168.2.240 192.168.2.4 

# IPv4 gateway and primary IP address.
Gateway=192.168.2.1
Address=192.168.2.51/24

(note instructions have the name of the file wrong - it gave it as lan-dev-eth0.network but it's actually called
lan-member-dev-eth0.network)

I implemented the changes per the instructions, and the result of timedatectl status:
root at pi4b:~# timedatectl status
               Local time: Tue 2020-02-04 20:49:50 GMT
           Universal time: Tue 2020-02-04 20:49:50 UTC
                 RTC time: n/a
                Time zone: Europe/London (GMT, +0000)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no
(was running chrony, which I disabled)

The result of networkctl status
root at pi4b:~# networkctl status
●        State: routable
       Address: 192.168.2.51 on eth0
       Gateway: 192.168.2.1 on eth0
           DNS: 192.168.2.240
                192.168.2.4
Search Domains: samdom.org
           NTP: 192.168.2.240
                192.168.2.4

The result of networkctl status eth0
root at pi4b:~# networkctl status eth0
● 2: eth0
       Link File: n/a
    Network File: /etc/systemd/network/lan-member-dev-eth0.network
            Type: ether
           State: routable (configured)
            Path: platform-fd580000.genet
          Driver: bcmgenet
      HW Address: dc:a6:32:17:3c:86
         Address: 192.168.2.51
         Gateway: 192.168.2.1
             DNS: 192.168.2.240
                  192.168.2.4
  Search Domains: samdom.org
             NTP: 192.168.2.240
                  192.168.2.4
    Connected To: n/a on port 38:2c:4a:72:cd:4e

At this point, I re-enabled the two lines in smb.conf:
	bind interfaces only = yes
	interfaces = lo eth0
and re-booted the pi.

Still the same L smbd fails as systemctl status smbd shows:
root at pi4b:~# systemctl status smbd
● smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
   Active: failed (Result: core-dump) since Tue 2020-02-04 20:32:52 GMT; 22min ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
  Process: 493 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
  Process: 495 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=dumped, signal=ABRT)
 Main PID: 495 (code=dumped, signal=ABRT)
   Status: "smbd: ready to serve connections..."

Feb 04 20:32:51 pi4b smbd[495]:   open_sockets_smbd: No sockets available to bind to.
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.952387,  0] ../../source3/lib/util.c:824(smb_panic_s3)
Feb 04 20:32:51 pi4b smbd[495]:   PANIC (pid 495): open_sockets_smbd() failed
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953028,  0] ../../lib/util/fault.c:265(log_stack_trace)
Feb 04 20:32:51 pi4b smbd[495]:   BACKTRACE: 0 stack frames:
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953292,  0] ../../source3/lib/dumpcore.c:315(dump_core)
Feb 04 20:32:51 pi4b smbd[495]:   dumping core in /var/log/samba/cores/smbd
Feb 04 20:32:51 pi4b smbd[495]:
Feb 04 20:32:51 pi4b systemd[1]: smbd.service: Main process exited, code=dumped, status=6/ABRT
Feb 04 20:32:52 pi4b systemd[1]: smbd.service: Failed with result 'core-dump'.

> 
> 2) something is corrupt in samba database.
> Lets hope not..
So do I...
> 
> A check on the script, and based on the output you sended before.
> Just to make the thread complete, so i have a backlog of it.
> (Todo, make better output of errors or functions with empty values.)
> 
> > >
> > >I would try and fix it first, can you download and run
> > Louis's script:
> > >https://github.com/thctlo/samba4/blob/master/samba-collect-de
> bug-info.sh
> > >Sanitise the output and post the output into a reply to this.
> > >
> > >Rowland
> >
> > OK:
> > root at pi4b:~/scripts# ./samba-collect-debug-info.sh Please wait,
> > collecting debug info.
> >
> > Password for Administrator at SAMDOM.ORG:
> > grep: : No such file or directory
> 
> Around line 144 in the script, which means its just not running.
> 
> > Load smb config files from /etc/samba/smb.conf Loaded services file
> > OK.
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > The debug info about your system can be found in this file:
> > /tmp/samba-debug-info.txt
> > --------------------  /tmp/samba-debug-info.txt ----------------
> > Collected config  --- 2020-01-29-20:20 -----------
> >
> > Hostname: pi4b
> > DNS Domain: samdom.org
> > FQDN: pi4b.samdom.org
> > ipaddress: 192.168.2.51
> >
> > -----------
> >
> > Kerberos SRV _kerberos._tcp.samdom.org record verified ok, sample
> > output:
> > Server:		192.168.2.240
> > Address:	192.168.2.240#53
> >
> > _kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
> > _kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.
> 
> 2 AD-DC's are detected.
> Can you verify these with
> dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' ) 
Yes:
dig -x $(host pi-dc.samdom.org| awk '{ print $NF }' )

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 91bfcfed9ef46a69b34989825e39d6f6ba0f2712ec8869cd (good)
;; QUESTION SECTION:
;4.2.168.192.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600    IN      SOA     tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600

;; Query time: 5 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:41:12 GMT 2020
;; MSG SIZE  rcvd: 150

> dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
root at pi4b:~# dig -x $(host tiger-db.samdom.org| awk '{ print $NF }' )

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.240
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34146
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a3f680e54e3e81ee6c73adda5e39d772d9dceedb83ef6bb2 (good)
;; QUESTION SECTION:
;240.2.168.192.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600    IN      SOA     tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600

;; Query time: 3 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:43:16 GMT 2020
;; MSG SIZE  rcvd: 152
> host $(hostname -d)
root at pi4b:~# host $(hostname -d)
samdom.org has address 192.168.2.4
samdom.org has address 192.168.2.240
> 
> > Samba is not being run as a DC or a Unix domain member.
> 
> Line 157-159 so, because samba isnt running the script error on these parts.
> 
> Just to make sure its not coming from fault DNS records.
> 
> >
> > -----------
> >        Checking file: /etc/os-release
> >
> > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> > NAME="Raspbian GNU/Linux"
> > VERSION_ID="10"
> > VERSION="10 (buster)"
> > VERSION_CODENAME=buster
> > ID=raspbian
> > ID_LIKE=debian
> > HOME_URL="http://www.raspbian.org/"
> > SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> >
> > -----------
> >
> >
> > This computer is running Debian 10.2 armv7l
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> > group default qlen 1000
> >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >     inet 127.0.0.1/8 scope host lo
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> > group default qlen 1000
> >     link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
> > default qlen 1000
> >     link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> >
> > -----------
> >        Checking file: /etc/hosts
> >
> > 127.0.0.1	localhost
> > ::1		localhost ip6-localhost ip6-loopback
> > ff02::1		ip6-allnodes
> > ff02::2		ip6-allrouters
> >
> > 192.168.2.51	pi4b.samdom.org	pi4b
> >
> > -----------
> >
> >        Checking file: /etc/resolv.conf
> >
> > search samdom.org
> > nameserver 192.168.2.240
> > nameserver 192.168.2.4
> >
> > -----------
> >
> >        Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > 	default_realm = samdom.org
> > 	dns_lookup_realm = false
> > 	dns_lookup_kdc = true
> >
> > -----------
> I cant see it but UPPERCASE SAMDOM.ORG in REALM dnsdomains.tld REALMS.TLD It just prevents small errors in combination with
> othere software.

Yes, can confirm that the realm was in UPPERCASE - the copy sent to the list was sanitised and got changed to lowercase in the
process.
> 
> 
> >
> >        Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> > installed, try:
> > # `info libc "Name Service Switch"' for information about this file.
> >
> > passwd:         files winbind
> > group:          files winbind
> > shadow:         files
> > gshadow:        files
> >
> > hosts:          files mdns4_minimal [NOTFOUND=return] dns
> > networks:       files
> >
> > protocols:      db files
> > services:       db files
> > ethers:         db files
> > rpc:            db files
> >
> > netgroup:       nis
> >
> > -----------
> >
> >     Warning,  does not exist
> 
> This is around line 300.
> Where i think the " " is the missing file and this is
> Or : Check_file_exists "${SMBCONF}"  which whould be strange.
> So i think its :
> This line in the script.
> Check_file_exists /etc/idmapd.conf
> Can you check that, its just to make sure where i need to add parts in the script.
The file exists:
root at pi4b:~# ls -l /etc/idmapd.conf
-rw-r--r-- 1 root root 206 Apr  6  2019 /etc/idmapd.conf

Interestingly, I just re-ran your script and it ran OK this time, including smb.conf and user.map.     Obviously something changed -
perhaps all these tweaks changed something?

> 
> 
> >
> > -----------
> >
> >
> > Installed packages:
> > ii  acl                                   2.2.53-4
> > armhf        access control list - utilities
> > ii  attr                                  1:2.4.48-4
> > armhf        utilities for manipulating filesystem extended attributes
> > ii  fonts-quicksand                       0.2016-2
> > all          sans-serif font with round attributes
> > ii  krb5-config                           2.6
> > all          Configuration files for Kerberos Version 5
> > ii  krb5-user                             1.17-3
> > armhf        basic programs to authenticate using MIT Kerberos
> > ii  libacl1:armhf                         2.2.53-4
> > armhf        access control list - shared library
> > ii  libattr1:armhf                        1:2.4.48-4
> > armhf        extended attribute handling - shared library
> > ii  libgssapi-krb5-2:armhf                1.17-3
> > armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> > ii  libkrb5-3:armhf                       1.17-3
> > armhf        MIT Kerberos runtime libraries
> > ii  libkrb5support0:armhf                 1.17-3
> > armhf        MIT Kerberos runtime libraries - Support library
> > ii  libnss-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba nameservice integration plugins
> > ii  libpam-krb5:armhf                     4.8-2
> > armhf        PAM module for MIT Kerberos
> > ii  libpam-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> > armhf        Windows domain authentication integration plugin
> > ii  libsmbclient:armhf                    2:4.11.6+dfsg-0.1raspbian1
> > armhf        shared library for communication with SMB/CIFS servers
> > ii  libwbclient0:armhf                    2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba winbind client library
> > ii  node-tweetnacl                        0.14.5+dfsg-3
> > all          Port of TweetNaCl cryptographic library to JavaScript
> > ii  python3-samba                         2:4.11.6+dfsg-0.1raspbian1
> > armhf        Python 3 bindings for Samba
> > ii  samba                                 2:4.11.6+dfsg-0.1raspbian1
> > armhf        SMB/CIFS file, print, and login server for Unix
> > ii  samba-common                          2:4.11.6+dfsg-0.1raspbian1
> > all          common files used by both the Samba server and client
> > ii  samba-common-bin                      2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba common files used by both the server and the client
> > ii  samba-dsdb-modules:armhf              2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba Directory Services Database
> > ii  samba-libs:armhf                      2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba core libraries
> > ii  samba-vfs-modules:armhf               2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba Virtual FileSystem plugins
> > ii  smbclient                             2:4.11.6+dfsg-0.1raspbian1
> > armhf        command-line SMB/CIFS clients for Unix
> > ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
> > armhf        Samba plugin for VLC
> > ii  winbind                               2:4.11.6+dfsg-0.1raspbian1
> > armhf        service to resolve user and group information
> > from Windows NT
> > servers
> >
> > -----------
> >
> > Louis' script failed to print out smb.conf (even though it exists at
> > /etc/samba/smb.conf) and user.map, so here they are:
> > ---------- smb.conf -----------
> > [global]
> >
> > 	netbios name = pi4b
> > 	security = ADS
> > 	workgroup = SAMDOM
> > 	realm = SAMDOM.ORG
> >
> > 	# disable smb1
> > 	client min protocol = smb2_02
> > 	server min protocol = smb2_02
> >
> > 	log file = /var/log/samba/%m.log
> > 	log level = 1
> >
> > 	# to prevent "Address family not supported by protocol" messages
> > (ipv6)
> > 	bind interfaces only = yes
> > 	interfaces = lo eth0
> >
> > 	dedicated keytab file = /etc/krb5.keytab
> > 	kerberos method = secrets and keytab
> > 	winbind refresh tickets = yes
> >
> > 	winbind use default domain = yes
> >
> > 	# Default idmap config used for BUILTIN and local
> > accounts/groups
> > 	idmap config * : backend = tdb
> > 	idmap config * : range = 2000-9999
> >
> > 	# idmap config for domain samdom
> > 	idmap config SAMDOM:backend = rid
> > 	idmap config SAMDOM:range = 10000-99999
> >
> > 	# next two lines for testing only - comment-out once working ok
> > #	winbind enum users = yes
> > #	winbind enum groups = yes
> >
> > 	template shell = /bin/bash
> > #	template homedir = /srv/samba/users/%U
> >
> > 	vfs objects = acl_xattr
> > 	map acl inherit = yes
> > 	store dos attributes = yes
> > 	username map = /etc/samba/user.map
> >
> > [images]
> > 	# for backup images made by Macrium Reflect
> > 	path = /srv/samba/images
> > 	read only = no
> > 	acl_xattr:ignore system acl = yes
> >
> > [downloads]
> > 	path = /srv/samba/downloads
> > 	read only = no
> > 	acl_xattr:ignore system acl = yes
> >
> > ---------------user.map --------------------
> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> > administrator
> >
> > Thanks in advance for any clues!
> >
> > Roy

Incidentally, I tried putting those two lines into smb.conf on pi-dc (also a Raspberry Pi but model 3) and it too caused smbd to
fail.   So it's something specific to pi's

Thanks again, hope the above helps.
Roy




More information about the samba mailing list