[Samba] smbd fails to start after upgrade to version 4.11.6

Roy Eastwood spindles7 at gmail.com
Wed Jan 29 20:52:30 UTC 2020

On 29 January 2020 20:02 Rowland penny via samba wrote:
>On 29/01/2020 19:43, Roy Eastwood via samba wrote:
>> On 29 January 2020 18:09 Rowland penny wrote:
>>> On 29/01/2020 18:01, Roy Eastwood via samba wrote:
> [..snip..]
>Is this using Raspbian ?

>Problem with going down the leave then rejoin path is, what if it 
>doesn't work, you are no further forward.
>I would try and fix it first, can you download and run Louis's script:
>Sanitise the output and post the output into a reply to this.

root at pi4b:~/scripts# ./samba-collect-debug-info.sh
Please wait, collecting debug info.

Password for Administrator at SAMDOM.ORG:
grep: : No such file or directory
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.

The debug info about your system can be found in this file:
--------------------  /tmp/samba-debug-info.txt ----------------
Collected config  --- 2020-01-29-20:20 -----------

Hostname: pi4b
DNS Domain: samdom.org
FQDN: pi4b.samdom.org

Kerberos SRV _kerberos._tcp.samdom.org record verified ok, sample output: 

_kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
_kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.
Samba is not being run as a DC or a Unix domain member.

       Checking file: /etc/os-release

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION="10 (buster)"


This computer is running Debian 10.2 armv7l

running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000
    link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
qlen 1000
    link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff

       Checking file: /etc/hosts	localhost
::1		localhost ip6-localhost ip6-loopback
ff02::1		ip6-allnodes
ff02::2		ip6-allrouters	pi4b.samdom.org	pi4b


       Checking file: /etc/resolv.conf

search samdom.org


       Checking file: /etc/krb5.conf

	default_realm = samdom.org
	dns_lookup_realm = false
	dns_lookup_kdc = true


       Checking file: /etc/nsswitch.conf

# /etc/nsswitch.conf
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         files winbind
group:          files winbind
shadow:         files
gshadow:        files

hosts:          files mdns4_minimal [NOTFOUND=return] dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


    Warning,  does not exist


Installed packages:
ii  acl                                   2.2.53-4
armhf        access control list - utilities
ii  attr                                  1:2.4.48-4
armhf        utilities for manipulating filesystem extended attributes
ii  fonts-quicksand                       0.2016-2
all          sans-serif font with round attributes
ii  krb5-config                           2.6
all          Configuration files for Kerberos Version 5
ii  krb5-user                             1.17-3
armhf        basic programs to authenticate using MIT Kerberos
ii  libacl1:armhf                         2.2.53-4
armhf        access control list - shared library
ii  libattr1:armhf                        1:2.4.48-4
armhf        extended attribute handling - shared library
ii  libgssapi-krb5-2:armhf                1.17-3
armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii  libkrb5-3:armhf                       1.17-3
armhf        MIT Kerberos runtime libraries
ii  libkrb5support0:armhf                 1.17-3
armhf        MIT Kerberos runtime libraries - Support library
ii  libnss-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
armhf        Samba nameservice integration plugins
ii  libpam-krb5:armhf                     4.8-2
armhf        PAM module for MIT Kerberos
ii  libpam-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
armhf        Windows domain authentication integration plugin
ii  libsmbclient:armhf                    2:4.11.6+dfsg-0.1raspbian1
armhf        shared library for communication with SMB/CIFS servers
ii  libwbclient0:armhf                    2:4.11.6+dfsg-0.1raspbian1
armhf        Samba winbind client library
ii  node-tweetnacl                        0.14.5+dfsg-3
all          Port of TweetNaCl cryptographic library to JavaScript
ii  python3-samba                         2:4.11.6+dfsg-0.1raspbian1
armhf        Python 3 bindings for Samba
ii  samba                                 2:4.11.6+dfsg-0.1raspbian1
armhf        SMB/CIFS file, print, and login server for Unix
ii  samba-common                          2:4.11.6+dfsg-0.1raspbian1
all          common files used by both the Samba server and client
ii  samba-common-bin                      2:4.11.6+dfsg-0.1raspbian1
armhf        Samba common files used by both the server and the client
ii  samba-dsdb-modules:armhf              2:4.11.6+dfsg-0.1raspbian1
armhf        Samba Directory Services Database
ii  samba-libs:armhf                      2:4.11.6+dfsg-0.1raspbian1
armhf        Samba core libraries
ii  samba-vfs-modules:armhf               2:4.11.6+dfsg-0.1raspbian1
armhf        Samba Virtual FileSystem plugins
ii  smbclient                             2:4.11.6+dfsg-0.1raspbian1
armhf        command-line SMB/CIFS clients for Unix
ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
armhf        Samba plugin for VLC
ii  winbind                               2:4.11.6+dfsg-0.1raspbian1
armhf        service to resolve user and group information from Windows NT


Louis' script failed to print out smb.conf (even though it exists at
/etc/samba/smb.conf) and user.map, so here they are:
---------- smb.conf -----------

	netbios name = pi4b
	security = ADS
	workgroup = SAMDOM
	realm = SAMDOM.ORG

	# disable smb1
	client min protocol = smb2_02
	server min protocol = smb2_02

	log file = /var/log/samba/%m.log
	log level = 1

	# to prevent "Address family not supported by protocol" messages
	bind interfaces only = yes
	interfaces = lo eth0

	dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab
	winbind refresh tickets = yes

	winbind use default domain = yes

	# Default idmap config used for BUILTIN and local accounts/groups
	idmap config * : backend = tdb
	idmap config * : range = 2000-9999

	# idmap config for domain samdom
	idmap config SAMDOM:backend = rid
	idmap config SAMDOM:range = 10000-99999

	# next two lines for testing only - comment-out once working ok
#	winbind enum users = yes
#	winbind enum groups = yes

	template shell = /bin/bash
#	template homedir = /srv/samba/users/%U

	vfs objects = acl_xattr
	map acl inherit = yes
	store dos attributes = yes
	username map = /etc/samba/user.map

	# for backup images made by Macrium Reflect
	path = /srv/samba/images
	read only = no
	acl_xattr:ignore system acl = yes

	path = /srv/samba/downloads
	read only = no
	acl_xattr:ignore system acl = yes

---------------user.map --------------------
!root = SAMDOM\Administrator SAMDOM\administrator Administrator

Thanks in advance for any clues!


More information about the samba mailing list