[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
Norbert Hanke
norbert.hanke at gmx.ch
Wed Sep 1 08:15:06 UTC 2021
On 01.09.2021 09:48, L.P.H. van Belle via samba wrote:
> Gooe morning,
>
> I'll CC Alexander Bokovoy in this on, i think he can tell us more on this.
> Before this ends up in a bloodbath ;-)
>
> No, joking her, but i think these guys can tell us.
>
> Rowland, Why do you think that we should not set Type.
> SystemD cant deteriming what type of program is running.
>
> Type must be set and if its not set, type is "simple" ( as Roy also noticed )
> If type is simple, it just used /etc/init.d/samba start/stop
>
> But simple is wrong, just because it wont catch errors when starting up..
> Quote: systemctl start command lines for simple services will report
> success even if the service's binary cannot be invoked successfully
>
> All i can say is, the Samba team is using "notify" some time.
> And only somehere in Samba 4.12/4.13 NotifyAccess= is removed from
> all service files in the samba sources.
>
> And after this CVE fix in systemd, its not correct anymore in my opionion
> If NotifyAccess= isnt defined, then NotifyAccess=main and
> main isnt correct for samba-ad-dc, because of the extra processes starting.
>
> I dont know how its exact implemeted in samba, i leave that to the devs.
>
> And lets keek the focus on this that it ONLY involves samba-ad-dc.service
>
> So NotifyAccess=all was removed in this commit
> https://gitlab.com/thctlo1/samba/-/commit/d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc
> Which was correct at that time, but things changed.
>
> Lets wait what Alexander or Andreas can tell us on this.
>
>
> So far,
>
> Greetz,
>
> Louis
>
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland Penny via samba
>> Verzonden: dinsdag 31 augustus 2021 22:50
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification
>> message from PID 27448, but reception only permitted for main
>> PID 27410
>>
>> On Tue, 2021-08-31 at 21:18 +0100, Roy Eastwood via samba wrote:
>>> I agree, now works. Which leaves the WiKi incorrect as it still
>>> recommends Type=forking etc. I assume this should be updated to
>>> (adapted for self-compiled version)?:
>>>
>> I am going to throw a hand grenade in here, after reading 'man
>> systemd.service , I now think that 'Type' shouldn't be set at all!
>>
>> With this samba-ad-dc.service file:
>>
>> [Unit]
>> Description=Samba AD Daemon
>> Documentation=man:samba(8) man:samba(7) man:smb.conf(5)
>> Wants=network-online.target
>> After=network.target network-online.target
>>
>> [Service]
>> PIDFile=/run/samba/samba.pid
>> LimitNOFILE=16384
>> EnvironmentFile=-/etc/default/samba
>> ExecStart=/usr/sbin/samba --foreground --no-process-group
>> $SAMBAOPTIONS
>> ExecReload=/bin/kill -HUP $MAINPID
>>
>>
>> [Install]
>> WantedBy=multi-user.target
>>
>> Results in this:
>>
>> ??? samba-ad-dc.service - Samba AD Daemon
>> Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled;
>> vendor preset: enabled)
>> Active: active (running) since Tue 2021-08-31 21:38:06 BST; 8s ago
>> Docs: man:samba(8)
>> man:samba(7)
>> man:smb.conf(5)
>> Main PID: 15307 (samba)
>> Tasks: 57 (limit: 4915)
>> CGroup: /system.slice/samba-ad-dc.service
>> ??????15307 samba: root process
>> ??????15309 samba: tfork waiter process(15310)
>> ??????15310 samba: task[s3fs] pre-fork master
>> ??????15311 samba: tfork waiter process(15313)
>> ??????15312 samba: tfork waiter process(15314)
>> ??????15313 samba: task[rpc] pre-fork master
>> ??????15314 /usr/sbin/smbd -D --option=server role
>> check:inhibit=yes --foreground
>> ??????15315 samba: tfork waiter process(15316)
>> ??????15316 samba: task[nbt] pre-fork master
>> ??????15317 samba: tfork waiter process(15319)
>> ??????15318 samba: tfork waiter process(15320)
>> ??????15319 samba: task[rpc] pre-forked worker(0)
>> ??????15320 samba: task[wrepl] pre-fork master
>> ??????15321 samba: tfork waiter process(15325)
>> ??????15322 samba: tfork waiter process(15323)
>> ??????15323 samba: task[ldap] pre-fork master
>> ??????15324 samba: tfork waiter process(15326)
>> ??????15325 samba: task[rpc] pre-forked worker(1)
>> ??????15326 samba: task[cldap] pre-fork master
>> ??????15327 samba: tfork waiter process(15330)
>> ??????15328 samba: tfork waiter process(15329)
>> ??????15329 samba: task[rpc] pre-forked worker(2)
>> ??????15330 samba: task[kdc] pre-fork master
>> ??????15331 samba: tfork waiter process(15334)
>> ??????15332 samba: tfork waiter process(15333)
>> ??????15333 samba: task[drepl] pre-fork master
>> ??????15334 samba: task[rpc] pre-forked worker(3)
>> ??????15335 samba: tfork waiter process(15338)
>> ??????15336 samba: tfork waiter process(15337)
>> ??????15337 samba: task[kdc] pre-forked worker(0)
>> ??????15338 samba: task[winbindd] pre-fork master
>> ??????15339 samba: tfork waiter process(15342)
>> ??????15340 samba: tfork waiter process(15343)
>> ??????15341 samba: tfork waiter process(15348)
>> ??????15342 samba: task[kdc] pre-forked worker(1)
>> ??????15343 samba: task[ntp_signd] pre-fork master
>> ??????15344 samba: tfork waiter process(15346)
>> ??????15345 samba: tfork waiter process(15349)
>> ??????15346 samba: task[kcc] pre-fork master
>> ??????15347 samba: tfork waiter process(15350)
>> ??????15348 /usr/sbin/winbindd -D --option=server role
>> check:inhibit=yes --foreground
>> ??????15349 samba: task[kdc] pre-forked worker(2)
>> ??????15350 samba: task[dnsupdate] pre-fork master
>> ??????15351 samba: tfork waiter process(15352)
>> ??????15352 samba: task[kdc] pre-forked worker(3)
>> ??????15359 /usr/sbin/smbd -D --option=server role
>> check:inhibit=yes --foreground
>> ??????15360 /usr/sbin/smbd -D --option=server role
>> check:inhibit=yes --foreground
>> ??????15361 /usr/sbin/smbd -D --option=server role
>> check:inhibit=yes --foreground
>> ??????15363 winbindd: domain child [SAMDOM]
>> ??????15364 samba: tfork waiter process(15365)
>> ??????15365 samba: task[ldap] pre-forked worker(0)
>> ??????15366 samba: tfork waiter process(15367)
>> ??????15367 samba: task[ldap] pre-forked worker(1)
>> ??????15368 samba: tfork waiter process(15369)
>> ??????15369 samba: task[ldap] pre-forked worker(2)
>> ??????15370 samba: tfork waiter process(15371)
>> ??????15371 samba: task[ldap] pre-forked worker(3)
>>
>> Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 21:38:07.380345, 0]
>> ../../source4/samba/server.c:920(binary_smbd_main)
>> Aug 31 21:38:07 rpidc2 samba[15307]: binary_smbd_main: samba: using
>> 'prefork' process model
>> Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 21:38:07.609089, 0]
>> ../../lib/util/become_daemon.c:136(daemon_ready)
>> Aug 31 21:38:07 rpidc2 samba[15307]: daemon_ready: daemon 'samba'
>> finished starting up and ready to serve connections
>> Aug 31 21:38:08 rpidc2 smbd[15314]: [2021/08/31 21:38:08.245451, 0]
>> ../../lib/util/become_daemon.c:136(daemon_ready)
>> Aug 31 21:38:08 rpidc2 smbd[15314]: daemon_ready: daemon 'smbd'
>> finished starting up and ready to serve connections
>> Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31
>> 21:38:08.338432, 0]
>> ../../source3/winbindd/winbindd_cache.c:3206(initialize_winbin
>> dd_cache)
>> Aug 31 21:38:08 rpidc2 winbindd[15348]: initialize_winbindd_cache:
>> clearing cache and re-creating with version number 2
>> Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31
>> 21:38:08.343985, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
>> Aug 31 21:38:08 rpidc2 winbindd[15348]: daemon_ready: daemon
>> 'winbindd' finished starting up and ready to serve connections
>>
>> And 'pstree' shows this:
>>
>> systemd?????????agetty
>>
>> ??????samba?????????tfork(15310)?????????s3fs[master]?????????
>> tfork(15314)?????????smbd?????????c
>> leanupd
>> ??? ???
>> ??????l
>> pqd
>> ??? ???
>> ??????s
>> mbd-notifyd
>> ???
>> ??????tfork(15313)?????????rpc[master]?????????tfork(15319)???
> ??????rpc(0)
>> ??? ???
>> ??????tfork(15325)?????????rpc(1)
>> ??? ???
>> ??????tfork(15329)?????????rpc(2)
>> ??? ???
>> ??????tfork(15334)?????????rpc(3)
>> ??? ??????tfork(15316)?????????nbt[master]
>> ??? ??????tfork(15320)?????????wrepl[master]
>> ???
>> ??????tfork(15323)?????????ldap[master]?????????tfork(15365)??
> ???????ldap(0)
>> ??? ???
>> ??????tfork(15367)?????????ldap(1)
>> ??? ???
>> ??????tfork(15369)?????????ldap(2)
>> ??? ???
>> ??????tfork(15371)?????????ldap(3)
>> ??? ??????tfork(15326)?????????cldap[master]
>> ???
>> ??????tfork(15330)?????????kdc[master]?????????tfork(15337)???
> ??????kdc(0)
>> ??? ???
>> ??????tfork(15342)?????????kdc(1)
>> ??? ???
>> ??????tfork(15349)?????????kdc(2)
>> ??? ???
>> ??????tfork(15352)?????????kdc(3)
>> ??? ??????tfork(15333)?????????drepl[master]
>> ???
>> ??????tfork(15338)?????????winbindd[master?????????tfork(15348
> )?????????winbi
>> ndd?????????winbindd
>> ??? ??????tfork(15343)?????????ntp_signd[master]
>> ??? ??????tfork(15346)?????????kcc[master]
>> ??? ??????tfork(15350)?????????dnsupdate[master]
>>
>> It is all working for myself.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
Type=forking works for me with the samba domain controller, ever since,
on debian buster, both raspbian and "native" arm64.
build samba with
./configure --with-shared-modules='!vfs_snapper' --with-systemd
--systemd-install-services
and use service description
> more /etc/systemd/system/samba-ad-dc.service
[Unit]
Description=Samba Active Directory Domain Controller
Documentation=man:samba(8) man:samba(7) man:smb.conf(5)
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/samba/var/run/samba.pid
LimitNOFILE=16384
ExecStart=/usr/local/samba/sbin/samba -D
ExecReload=/bin/kill -HUP $MAINPID
[Install]
WantedBy=multi-user.target
More information about the samba
mailing list