[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

Stefan G. Weichinger lists at xunil.at
Thu Nov 24 08:46:59 UTC 2022 

Am 24.11.22 um 09:33 schrieb Michael Tokarev:
> 24.11.2022 11:12, Stefan G. Weichinger wrote:
> ..
> 
>> # wbinfo -t
>> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> 
> So your wbinfo can't contact you winbindd running on the same host.
> I just checked the strace of wbinfo, knowing nothing about how it
> works internally.  It only makes connections to /run/samba/winbindd/pipe,
> a local unix-domain socket which is created by winbindd.
> 
> So winbindd is not running on this host.

Hm, I see it in ps:

# ps axf | egrep "winbindd"
    5281 pts/0    S+     0:00          \_ grep -E winbindd
    5153 ?        S      0:00  |   \_ samba: task[winbindd] pre-fork master
    5159 ?        Ss     0:00  |           \_ /usr/sbin/winbindd -D 
--option=server role check:inhibit=yes --foreground
    5186 ?        S      0:00  |               \_ winbindd: domain child 
[ARBEITSGRUPPE]


   And this is consistent with what
> you've seen before, when one winbindd process hasn't been starting,
> logging an error of some sort.  Is it the same error message now?
> It's been in your message with Date: Tue, 22 Nov 2022 14:07:23 +0100.
> 
> And at Tue, 22 Nov 2022 13:23:06 +0100:
> [2022/11/22 13:19:27.912603,  5] 
> ../../source3/winbindd/winbindd_dual_srv.c:72(_wbint_InitConnection)
>    _wbint_InitConnection: ARBEITSGRUPPE returning without initialization 
> online = 1
> 
> this seem to be about ARBEITSGRUPPE, not about idmap part, but let's
> see..

increased loglevel to 5 for winbind, yes, that gives me


[2022/11/24 09:38:06.993207,  5] 
../../source3/winbindd/winbindd_dual_srv.c:72(_wbint_InitConnection)
   _wbint_InitConnection: ARBEITSGRUPPE returning without initialization 
online = 1


in log.wb-ARBEITSGRUPPE


> It's better to see *current* situation and *current* error messages
> instead of assuming it's the same as on another machine.
> 
> Is there anything interesting in /var/log/samba/log.winbindd-idmap?
> You had idmap process failing, that's the log of it.
> 
> You can also try stopping samba-ad-dc and run winbindd manually:
> 
>   /usr/sbin/winbindd -D --option="server role check:inhibit=yes" 
> --foreground --debug=10

(it's --debuglevel=10 ... just for someone googling this later)

did that, it terminates with

[2022/11/24 09:44:14.866713,  0, pid=5290, effective(0, 0), real(0, 0)] 
../../lib/util/become_daemon.c:119(exit_daemon)
   exit_daemon: daemon failed to start: Failed to create session, error 
code 1

above that nothing special, just reading config and binding to eno1 and lo

> If not, here's a hammer debugging tool:
> 
> systemctl stop samba-ad-dc
> apt install strace   # if not installed already)
> strace -ff -o /tmp/trc /usr/sbin/winbindd -D --option="server role 
> check:inhibit=yes" --foreground
> (and hit Ctrl+C to stop it).
> 
> and maybe take a look at /tmp/trc.* or make them available for download
> somewhere?
> 
> it will show what exactly your winbindd is doing, how it is failing.
> It *MIGHT* show sensitive data, but should actually not, provided
> there's no other activity on this host (samba is not running) which
> is asking for sensitive winbindd data.  The important info should
> be at the

I will try that hammer in a moment, after sending this.

> This is one thing to fix first: why winbindd refuses to start.
> 
> idmap child does not open any inet conenctions, it does not use DNS,
> it just manages idmap caches and queries. It is one of the simpler
> daemons, to mean, it should not depend on any network-related stuff.
> 
> The other thing - errors on another DC - is next.
> 
> Thanks,
> 
> /mjt

More information about the samba mailing list