[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410

L.P.H. van Belle belle at bazuin.nl
Tue Aug 31 07:39:26 UTC 2021 

Hai Roy, 

Thanks for the feedback, much apriciated. 
Im looking where what has changed, because this is one that hardly changed. 

I suspect the security fix on systemd has something todo with it. 
( see ) 
https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt 

I also saw a recent that abused the Type=notify(-all) 

Is suspect its same in the official debian packages, checking that in few min. 

So far, 

Greetz, 
Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roy 
> Eastwood via samba
> Verzonden: maandag 30 augustus 2021 20:50
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification 
> message from PID 27448, but reception only permitted for main 
> PID 27410
> 
> On 30 August 2021 13:09 L.P.H. van Belle wrote:
> > Already on it.
> > 
> > Quick (and dirty) fix is :
> > 
> > sed -i 's/Type=notify/Type=Fork/g' 
/usr/lib/systemd/system/samba-ad-dc.service
> > systemctl daemon-reload
> > systemctl restart samba-ad-dc
> > 
> > 
> > A "better" override fix.. I personaly use this, i try to 
> "not" touch the original supplied files.
> > 
> > systemctl edit samba-ad-dc.service
> > [Unit]
> > # Start bind9 always before samba-ad-dc starts (in case of 
> bind9_dlz)
> > After=network.target network-online.target bind9.service
> > 
> > [Service]
> > # Temp fix ad-dc : reception only permitted for main PID
> > Type=Fork
> > 
> > 
> > Save
> > systemctl daemon-reload
> > systemctl restart samba-ad-dc
> > 
> > New versions soon.
> > Greetz,
> > 
> > Louis
> 
> Thanks Louis.    I took your approach.   Using the supplied 
> samba-ad-dc.service file I created a file /etc/defaults/samba 
> containing:
> SAMBAOPTIONS="--no-process-group --daemon"
> 
> and using "systemctl edit samba-ad-dc", I  entered the following:
> [Unit]
> After=network.target remote-fs.target nss-lookup.target named.service
> [Service]
> Type=forking
> ExecStart=
> ExecStart=/usr/sbin/samba $SAMBAOPTIONS
> 
> Note that in Bullseye, bind9 service is now the named 
> service.    Also I had to use "forking" rather than "fork" 
> and I had to have an empty ExecStart line otherwise it 
> complains about multiple ExecStart lines.  I also had to 
> remove the option "--foreground" from the ExecStart line 
> otherwise the service will not start.
> 
> After all that the service starts OK without complaining!
> 
> Regards,
> Roy
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list