[Samba] smbd fails to start after upgrade to version 4.11.6
Roy Eastwood
spindles7 at gmail.com
Tue Feb 4 21:26:06 UTC 2020
Hi Loius,
> Roy,
>
> Im still wondering what your problem might be/where its coming from.
> But we know it's interface/network related, only thing is Samba should not coredump.
>
> So i had a good look below to see where im missing what.
> And i dont see much to work with.
>
> I have 2 possible options where, where a problem might be.
>
> 1) samba start before network is online.
> A possible workaround is add in all the samba services :
> smbd.service nmbd.service winbind.service [Unit] Wants=network-online.target After=network-online.target
>
> systemctl edit smbd
> systemctl edit nmbd
> systemctl edit winbind
>
> But, i dont think its that, because here (my setup) and Rowland its pi are all working fine.
Tried the above, still the same.
>
> ( based on : open_sockets_smbd: No sockets available to bind to. ) And google is also telling, most probely due to starting and no
> network up.
>
> And/or, if your using the /etc/network/interfaces file, run this.
> https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh
> Run it like this :
> bash setup-systemd-networkd.sh member
> Verify the files, and try to replace /etc/network/interfaces.
>
> It creates the needes systemd networking files, they are places in the folder where you run it.
> It does NOT change anything, it shows what todo with the files.
>
> It also might be an interface name thingy,, as Kris Lou mentions.
> So run it and whats in the generated files.
OK, here is the generated lan-member-dev-eth0.network file:
#
# This setup is for a Domain MEMBER server.
# IPV4 only.
[Match]
Name=eth0
[Network]
DHCP=no
DNSSEC=allow-downgrade
DNSSECNegativeTrustAnchors=lan
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no
LLMNR=no
# make use of systemd resolved and its setup, setup the 'search dnsdomain.tld.'
Domains=samdom.org
# lets make use of systemd-timedate and timesyncd for the member servers.
NTP=192.168.2.240 192.168.2.4
# DNS resolvers (its safe to mix IPv4 and IPv6)
# Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns.
# If you use systemd-resolved stub (caching) dns, use 127.0.0.53 (only)
# Defaults to the AD-DC servers found in the dns.
DNS=192.168.2.240 192.168.2.4
# IPv4 gateway and primary IP address.
Gateway=192.168.2.1
Address=192.168.2.51/24
(note instructions have the name of the file wrong - it gave it as lan-dev-eth0.network but it's actually called
lan-member-dev-eth0.network)
I implemented the changes per the instructions, and the result of timedatectl status:
root at pi4b:~# timedatectl status
Local time: Tue 2020-02-04 20:49:50 GMT
Universal time: Tue 2020-02-04 20:49:50 UTC
RTC time: n/a
Time zone: Europe/London (GMT, +0000)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no
(was running chrony, which I disabled)
The result of networkctl status
root at pi4b:~# networkctl status
● State: routable
Address: 192.168.2.51 on eth0
Gateway: 192.168.2.1 on eth0
DNS: 192.168.2.240
192.168.2.4
Search Domains: samdom.org
NTP: 192.168.2.240
192.168.2.4
The result of networkctl status eth0
root at pi4b:~# networkctl status eth0
● 2: eth0
Link File: n/a
Network File: /etc/systemd/network/lan-member-dev-eth0.network
Type: ether
State: routable (configured)
Path: platform-fd580000.genet
Driver: bcmgenet
HW Address: dc:a6:32:17:3c:86
Address: 192.168.2.51
Gateway: 192.168.2.1
DNS: 192.168.2.240
192.168.2.4
Search Domains: samdom.org
NTP: 192.168.2.240
192.168.2.4
Connected To: n/a on port 38:2c:4a:72:cd:4e
At this point, I re-enabled the two lines in smb.conf:
bind interfaces only = yes
interfaces = lo eth0
and re-booted the pi.
Still the same L smbd fails as systemctl status smbd shows:
root at pi4b:~# systemctl status smbd
● smbd.service - Samba SMB Daemon
Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled)
Active: failed (Result: core-dump) since Tue 2020-02-04 20:32:52 GMT; 22min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Process: 493 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status=0/SUCCESS)
Process: 495 ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS (code=dumped, signal=ABRT)
Main PID: 495 (code=dumped, signal=ABRT)
Status: "smbd: ready to serve connections..."
Feb 04 20:32:51 pi4b smbd[495]: open_sockets_smbd: No sockets available to bind to.
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.952387, 0] ../../source3/lib/util.c:824(smb_panic_s3)
Feb 04 20:32:51 pi4b smbd[495]: PANIC (pid 495): open_sockets_smbd() failed
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953028, 0] ../../lib/util/fault.c:265(log_stack_trace)
Feb 04 20:32:51 pi4b smbd[495]: BACKTRACE: 0 stack frames:
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953292, 0] ../../source3/lib/dumpcore.c:315(dump_core)
Feb 04 20:32:51 pi4b smbd[495]: dumping core in /var/log/samba/cores/smbd
Feb 04 20:32:51 pi4b smbd[495]:
Feb 04 20:32:51 pi4b systemd[1]: smbd.service: Main process exited, code=dumped, status=6/ABRT
Feb 04 20:32:52 pi4b systemd[1]: smbd.service: Failed with result 'core-dump'.
>
> 2) something is corrupt in samba database.
> Lets hope not..
So do I...
>
> A check on the script, and based on the output you sended before.
> Just to make the thread complete, so i have a backlog of it.
> (Todo, make better output of errors or functions with empty values.)
>
> > >
> > >I would try and fix it first, can you download and run
> > Louis's script:
> > >https://github.com/thctlo/samba4/blob/master/samba-collect-de
> bug-info.sh
> > >Sanitise the output and post the output into a reply to this.
> > >
> > >Rowland
> >
> > OK:
> > root at pi4b:~/scripts# ./samba-collect-debug-info.sh Please wait,
> > collecting debug info.
> >
> > Password for Administrator at SAMDOM.ORG:
> > grep: : No such file or directory
>
> Around line 144 in the script, which means its just not running.
>
> > Load smb config files from /etc/samba/smb.conf Loaded services file
> > OK.
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > The debug info about your system can be found in this file:
> > /tmp/samba-debug-info.txt
> > -------------------- /tmp/samba-debug-info.txt ----------------
> > Collected config --- 2020-01-29-20:20 -----------
> >
> > Hostname: pi4b
> > DNS Domain: samdom.org
> > FQDN: pi4b.samdom.org
> > ipaddress: 192.168.2.51
> >
> > -----------
> >
> > Kerberos SRV _kerberos._tcp.samdom.org record verified ok, sample
> > output:
> > Server: 192.168.2.240
> > Address: 192.168.2.240#53
> >
> > _kerberos._tcp.samdom.org service = 0 100 88 pi-dc.samdom.org.
> > _kerberos._tcp.samdom.org service = 0 100 88 tiger-db.samdom.org.
>
> 2 AD-DC's are detected.
> Can you verify these with
> dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' )
Yes:
dig -x $(host pi-dc.samdom.org| awk '{ print $NF }' )
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 91bfcfed9ef46a69b34989825e39d6f6ba0f2712ec8869cd (good)
;; QUESTION SECTION:
;4.2.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600 IN SOA tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600
;; Query time: 5 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:41:12 GMT 2020
;; MSG SIZE rcvd: 150
> dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
root at pi4b:~# dig -x $(host tiger-db.samdom.org| awk '{ print $NF }' )
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.240
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34146
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a3f680e54e3e81ee6c73adda5e39d772d9dceedb83ef6bb2 (good)
;; QUESTION SECTION:
;240.2.168.192.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600 IN SOA tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600
;; Query time: 3 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:43:16 GMT 2020
;; MSG SIZE rcvd: 152
> host $(hostname -d)
root at pi4b:~# host $(hostname -d)
samdom.org has address 192.168.2.4
samdom.org has address 192.168.2.240
>
> > Samba is not being run as a DC or a Unix domain member.
>
> Line 157-159 so, because samba isnt running the script error on these parts.
>
> Just to make sure its not coming from fault DNS records.
>
> >
> > -----------
> > Checking file: /etc/os-release
> >
> > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> > NAME="Raspbian GNU/Linux"
> > VERSION_ID="10"
> > VERSION="10 (buster)"
> > VERSION_CODENAME=buster
> > ID=raspbian
> > ID_LIKE=debian
> > HOME_URL="http://www.raspbian.org/"
> > SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> >
> > -----------
> >
> >
> > This computer is running Debian 10.2 armv7l
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> > group default qlen 1000
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 scope host lo
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
> > group default qlen 1000
> > link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
> > inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group
> > default qlen 1000
> > link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> >
> > -----------
> > Checking file: /etc/hosts
> >
> > 127.0.0.1 localhost
> > ::1 localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> >
> > 192.168.2.51 pi4b.samdom.org pi4b
> >
> > -----------
> >
> > Checking file: /etc/resolv.conf
> >
> > search samdom.org
> > nameserver 192.168.2.240
> > nameserver 192.168.2.4
> >
> > -----------
> >
> > Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > default_realm = samdom.org
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> > -----------
> I cant see it but UPPERCASE SAMDOM.ORG in REALM dnsdomains.tld REALMS.TLD It just prevents small errors in combination with
> othere software.
Yes, can confirm that the realm was in UPPERCASE - the copy sent to the list was sanitised and got changed to lowercase in the
process.
>
>
> >
> > Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> > installed, try:
> > # `info libc "Name Service Switch"' for information about this file.
> >
> > passwd: files winbind
> > group: files winbind
> > shadow: files
> > gshadow: files
> >
> > hosts: files mdns4_minimal [NOTFOUND=return] dns
> > networks: files
> >
> > protocols: db files
> > services: db files
> > ethers: db files
> > rpc: db files
> >
> > netgroup: nis
> >
> > -----------
> >
> > Warning, does not exist
>
> This is around line 300.
> Where i think the " " is the missing file and this is
> Or : Check_file_exists "${SMBCONF}" which whould be strange.
> So i think its :
> This line in the script.
> Check_file_exists /etc/idmapd.conf
> Can you check that, its just to make sure where i need to add parts in the script.
The file exists:
root at pi4b:~# ls -l /etc/idmapd.conf
-rw-r--r-- 1 root root 206 Apr 6 2019 /etc/idmapd.conf
Interestingly, I just re-ran your script and it ran OK this time, including smb.conf and user.map. Obviously something changed -
perhaps all these tweaks changed something?
>
>
> >
> > -----------
> >
> >
> > Installed packages:
> > ii acl 2.2.53-4
> > armhf access control list - utilities
> > ii attr 1:2.4.48-4
> > armhf utilities for manipulating filesystem extended attributes
> > ii fonts-quicksand 0.2016-2
> > all sans-serif font with round attributes
> > ii krb5-config 2.6
> > all Configuration files for Kerberos Version 5
> > ii krb5-user 1.17-3
> > armhf basic programs to authenticate using MIT Kerberos
> > ii libacl1:armhf 2.2.53-4
> > armhf access control list - shared library
> > ii libattr1:armhf 1:2.4.48-4
> > armhf extended attribute handling - shared library
> > ii libgssapi-krb5-2:armhf 1.17-3
> > armhf MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> > ii libkrb5-3:armhf 1.17-3
> > armhf MIT Kerberos runtime libraries
> > ii libkrb5support0:armhf 1.17-3
> > armhf MIT Kerberos runtime libraries - Support library
> > ii libnss-winbind:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba nameservice integration plugins
> > ii libpam-krb5:armhf 4.8-2
> > armhf PAM module for MIT Kerberos
> > ii libpam-winbind:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Windows domain authentication integration plugin
> > ii libsmbclient:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf shared library for communication with SMB/CIFS servers
> > ii libwbclient0:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba winbind client library
> > ii node-tweetnacl 0.14.5+dfsg-3
> > all Port of TweetNaCl cryptographic library to JavaScript
> > ii python3-samba 2:4.11.6+dfsg-0.1raspbian1
> > armhf Python 3 bindings for Samba
> > ii samba 2:4.11.6+dfsg-0.1raspbian1
> > armhf SMB/CIFS file, print, and login server for Unix
> > ii samba-common 2:4.11.6+dfsg-0.1raspbian1
> > all common files used by both the Samba server and client
> > ii samba-common-bin 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba common files used by both the server and the client
> > ii samba-dsdb-modules:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba Directory Services Database
> > ii samba-libs:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba core libraries
> > ii samba-vfs-modules:armhf 2:4.11.6+dfsg-0.1raspbian1
> > armhf Samba Virtual FileSystem plugins
> > ii smbclient 2:4.11.6+dfsg-0.1raspbian1
> > armhf command-line SMB/CIFS clients for Unix
> > ii vlc-plugin-samba:armhf 3.0.8-0+deb10u1+rpt7
> > armhf Samba plugin for VLC
> > ii winbind 2:4.11.6+dfsg-0.1raspbian1
> > armhf service to resolve user and group information
> > from Windows NT
> > servers
> >
> > -----------
> >
> > Louis' script failed to print out smb.conf (even though it exists at
> > /etc/samba/smb.conf) and user.map, so here they are:
> > ---------- smb.conf -----------
> > [global]
> >
> > netbios name = pi4b
> > security = ADS
> > workgroup = SAMDOM
> > realm = SAMDOM.ORG
> >
> > # disable smb1
> > client min protocol = smb2_02
> > server min protocol = smb2_02
> >
> > log file = /var/log/samba/%m.log
> > log level = 1
> >
> > # to prevent "Address family not supported by protocol" messages
> > (ipv6)
> > bind interfaces only = yes
> > interfaces = lo eth0
> >
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > winbind refresh tickets = yes
> >
> > winbind use default domain = yes
> >
> > # Default idmap config used for BUILTIN and local
> > accounts/groups
> > idmap config * : backend = tdb
> > idmap config * : range = 2000-9999
> >
> > # idmap config for domain samdom
> > idmap config SAMDOM:backend = rid
> > idmap config SAMDOM:range = 10000-99999
> >
> > # next two lines for testing only - comment-out once working ok
> > # winbind enum users = yes
> > # winbind enum groups = yes
> >
> > template shell = /bin/bash
> > # template homedir = /srv/samba/users/%U
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> > username map = /etc/samba/user.map
> >
> > [images]
> > # for backup images made by Macrium Reflect
> > path = /srv/samba/images
> > read only = no
> > acl_xattr:ignore system acl = yes
> >
> > [downloads]
> > path = /srv/samba/downloads
> > read only = no
> > acl_xattr:ignore system acl = yes
> >
> > ---------------user.map --------------------
> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> > administrator
> >
> > Thanks in advance for any clues!
> >
> > Roy
Incidentally, I tried putting those two lines into smb.conf on pi-dc (also a Raspberry Pi but model 3) and it too caused smbd to
fail. So it's something specific to pi's
Thanks again, hope the above helps.
Roy
More information about the samba
mailing list