[Samba] accidentally upgraded DC to 4.17.3 ... didn't work
Stefan G. Weichinger
lists at xunil.at
Thu Nov 24 08:46:59 UTC 2022
Am 24.11.22 um 09:33 schrieb Michael Tokarev:
> 24.11.2022 11:12, Stefan G. Weichinger wrote:
> ..
>
>> # wbinfo -t
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
>
> So your wbinfo can't contact you winbindd running on the same host.
> I just checked the strace of wbinfo, knowing nothing about how it
> works internally. It only makes connections to /run/samba/winbindd/pipe,
> a local unix-domain socket which is created by winbindd.
>
> So winbindd is not running on this host.
Hm, I see it in ps:
# ps axf | egrep "winbindd"
5281 pts/0 S+ 0:00 \_ grep -E winbindd
5153 ? S 0:00 | \_ samba: task[winbindd] pre-fork master
5159 ? Ss 0:00 | \_ /usr/sbin/winbindd -D
--option=server role check:inhibit=yes --foreground
5186 ? S 0:00 | \_ winbindd: domain child
[ARBEITSGRUPPE]
And this is consistent with what
> you've seen before, when one winbindd process hasn't been starting,
> logging an error of some sort. Is it the same error message now?
> It's been in your message with Date: Tue, 22 Nov 2022 14:07:23 +0100.
>
> And at Tue, 22 Nov 2022 13:23:06 +0100:
> [2022/11/22 13:19:27.912603, 5]
> ../../source3/winbindd/winbindd_dual_srv.c:72(_wbint_InitConnection)
> _wbint_InitConnection: ARBEITSGRUPPE returning without initialization
> online = 1
>
> this seem to be about ARBEITSGRUPPE, not about idmap part, but let's
> see..
increased loglevel to 5 for winbind, yes, that gives me
[2022/11/24 09:38:06.993207, 5]
../../source3/winbindd/winbindd_dual_srv.c:72(_wbint_InitConnection)
_wbint_InitConnection: ARBEITSGRUPPE returning without initialization
online = 1
in log.wb-ARBEITSGRUPPE
> It's better to see *current* situation and *current* error messages
> instead of assuming it's the same as on another machine.
>
> Is there anything interesting in /var/log/samba/log.winbindd-idmap?
> You had idmap process failing, that's the log of it.
>
> You can also try stopping samba-ad-dc and run winbindd manually:
>
> /usr/sbin/winbindd -D --option="server role check:inhibit=yes"
> --foreground --debug=10
(it's --debuglevel=10 ... just for someone googling this later)
did that, it terminates with
[2022/11/24 09:44:14.866713, 0, pid=5290, effective(0, 0), real(0, 0)]
../../lib/util/become_daemon.c:119(exit_daemon)
exit_daemon: daemon failed to start: Failed to create session, error
code 1
above that nothing special, just reading config and binding to eno1 and lo
> If not, here's a hammer debugging tool:
>
> systemctl stop samba-ad-dc
> apt install strace # if not installed already)
> strace -ff -o /tmp/trc /usr/sbin/winbindd -D --option="server role
> check:inhibit=yes" --foreground
> (and hit Ctrl+C to stop it).
>
> and maybe take a look at /tmp/trc.* or make them available for download
> somewhere?
>
> it will show what exactly your winbindd is doing, how it is failing.
> It *MIGHT* show sensitive data, but should actually not, provided
> there's no other activity on this host (samba is not running) which
> is asking for sensitive winbindd data. The important info should
> be at the
I will try that hammer in a moment, after sending this.
> This is one thing to fix first: why winbindd refuses to start.
>
> idmap child does not open any inet conenctions, it does not use DNS,
> it just manages idmap caches and queries. It is one of the simpler
> daemons, to mean, it should not depend on any network-related stuff.
>
> The other thing - errors on another DC - is next.
>
> Thanks,
>
> /mjt
More information about the samba
mailing list