Andrew Bartlett
2015-Oct-11 21:34 UTC
[Samba] invalid value 'netbios backup domain controller'
On Sun, 2015-10-11 at 19:17 +0100, Rowland Penny wrote:> On 11/10/15 19:01, Ken Bass wrote: > > On 10/11/2015 01:02 PM, Rowland Penny wrote: > > > On 11/10/15 17:10, Ken Bass wrote: > > > > I have been having issues with my Centos 7 Samba4 setup. Not > > > > sure if > > > > it is related to a recent samba package/version update, but > > > > things > > > > are no longer very stable. > > > > While looking at the logs, I see the following message on my > > > > BDC. > > > > > > > > WARNING: Ignoring invalid value 'netbios backup domain > > > > controller' > > > > for parameter 'server role'> > > > This worked before and is consistent with the man page for the > > > > smb.conf file, so I am confused.And rightfully so. I do apologise for the incorrect documentation, the correct string is: "classic backup domain controller" Sadly the description of 'samba3 style' or 'nt4-like' domain controllers as 'classic' really didn't catch on in our community.> > > > My PDC is listed as 'classic primary domain controller' which > > > > does > > > > not generate an error message. > > > > > > > > > > Does it work if you remove or comment out the line? > > > > It appears it works both with and without the line. I was just > > unsure > > why it is reporting a warning when the manual says it is valid. > > My security is set to 'user' (rather than domain). > > > > As far as my comment about things not as being very stable, I have > > a > > script that was modifying smb.conf and restarting the smb/nmb tasks > > every night. It seems like sometimes the restart would work, other > > times it fails (with BACKTRACE and core dumps). While looking at > > the > > logs, I saw the WARNING. > > > > > > back on-list > > So, it works if the line isn't there, but it still works if the line > is > there and it throws an error > > Pretty obvious cure, don't have the line in smb.conf, you do not need > it. The only place it is required is on an AD DC and the smb.conf for > this is created for you. > > I am also intrigued, why are you modifying smb.conf and restarting > samba > every night? most people set it once and then leave it alone. > > This is for Andrew Bartlett: > > This is the second time something like this has come up, are you now > prepared to accept the patch to remove the mention of 'server role' > from > the example smb.conf, because I would now like to propose a patch for > the smb.conf manpage, something along the lines of 'Do not set server > role manually, it is not required and could cause problems'The issue here is incorrect documentation. We should accept the options described in the documentation, and we should encouage users to configure Samba with the server role parameter. The old combination of 'security, domain logons and domain master' while pervasive is even more confusing. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Rowland Penny
2015-Oct-12 07:05 UTC
[Samba] invalid value 'netbios backup domain controller'
On 11/10/15 22:34, Andrew Bartlett wrote:> On Sun, 2015-10-11 at 19:17 +0100, Rowland Penny wrote: >> On 11/10/15 19:01, Ken Bass wrote: >>> On 10/11/2015 01:02 PM, Rowland Penny wrote: >>>> On 11/10/15 17:10, Ken Bass wrote: >>>>> I have been having issues with my Centos 7 Samba4 setup. Not >>>>> sure if >>>>> it is related to a recent samba package/version update, but >>>>> things >>>>> are no longer very stable. >>>>> While looking at the logs, I see the following message on my >>>>> BDC. >>>>> >>>>> WARNING: Ignoring invalid value 'netbios backup domain >>>>> controller' >>>>> for parameter 'server role' >>>>> This worked before and is consistent with the man page for the >>>>> smb.conf file, so I am confused. > And rightfully so. I do apologise for the incorrect documentation, the > correct string is: "classic backup domain controller" > > Sadly the description of 'samba3 style' or 'nt4-like' domain > controllers as 'classic' really didn't catch on in our community. > >>>>> My PDC is listed as 'classic primary domain controller' which >>>>> does >>>>> not generate an error message. >>>>> >>>> Does it work if you remove or comment out the line? >>> It appears it works both with and without the line. I was just >>> unsure >>> why it is reporting a warning when the manual says it is valid. >>> My security is set to 'user' (rather than domain). >>> >>> As far as my comment about things not as being very stable, I have >>> a >>> script that was modifying smb.conf and restarting the smb/nmb tasks >>> every night. It seems like sometimes the restart would work, other >>> times it fails (with BACKTRACE and core dumps). While looking at >>> the >>> logs, I saw the WARNING. >>> >>> >> back on-list >> >> So, it works if the line isn't there, but it still works if the line >> is >> there and it throws an error >> >> Pretty obvious cure, don't have the line in smb.conf, you do not need >> it. The only place it is required is on an AD DC and the smb.conf for >> this is created for you. >> >> I am also intrigued, why are you modifying smb.conf and restarting >> samba >> every night? most people set it once and then leave it alone. >> >> This is for Andrew Bartlett: >> >> This is the second time something like this has come up, are you now >> prepared to accept the patch to remove the mention of 'server role' >> from >> the example smb.conf, because I would now like to propose a patch for >> the smb.conf manpage, something along the lines of 'Do not set server >> role manually, it is not required and could cause problems' > The issue here is incorrect documentation. We should accept the > options described in the documentation, and we should encouage users to > configure Samba with the server role parameter. The old combination of > 'security, domain logons and domain master' while pervasive is even > more confusing. > > Andrew Bartlett >OK Andrew, the smb.conf manpage is wrong, but adding the server role anywhere but on a DC (where it is added for you) isn't really needed and it seems to be causing more problems than it helps. Just because you think using the 'old' way is confusing doesn't make it so, with all those howtos out there, to now start telling people to start using the server role line and not use the 'old' way will cause nothing but confusion. I am not saying that samba should stop using the server role, what I am saying is that samba should stop going out of its way to make sysadmins use it. Rowland
On 12/10/15 09:05, Rowland Penny wrote:> On 11/10/15 22:34, Andrew Bartlett wrote: >> On Sun, 2015-10-11 at 19:17 +0100, Rowland Penny wrote: >>> On 11/10/15 19:01, Ken Bass wrote: >>>> On 10/11/2015 01:02 PM, Rowland Penny wrote: >>>>> On 11/10/15 17:10, Ken Bass wrote: >>>>>> I have been having issues with my Centos 7 Samba4 setup. Not >>>>>> sure if >>>>>> it is related to a recent samba package/version update, but >>>>>> things >>>>>> are no longer very stable. >>>>>> While looking at the logs, I see the following message on my >>>>>> BDC. >>>>>> >>>>>> WARNING: Ignoring invalid value 'netbios backup domain >>>>>> controller' >>>>>> for parameter 'server role' >>>>>> This worked before and is consistent with the man page for the >>>>>> smb.conf file, so I am confused. >> And rightfully so. I do apologise for the incorrect documentation, the >> correct string is: "classic backup domain controller" >> >> Sadly the description of 'samba3 style' or 'nt4-like' domain >> controllers as 'classic' really didn't catch on in our community. >> >>>>>> My PDC is listed as 'classic primary domain controller' which >>>>>> does >>>>>> not generate an error message. >>>>>> >>>>> Does it work if you remove or comment out the line? >>>> It appears it works both with and without the line. I was just >>>> unsure >>>> why it is reporting a warning when the manual says it is valid. >>>> My security is set to 'user' (rather than domain). >>>> >>>> As far as my comment about things not as being very stable, I have >>>> a >>>> script that was modifying smb.conf and restarting the smb/nmb tasks >>>> every night. It seems like sometimes the restart would work, other >>>> times it fails (with BACKTRACE and core dumps). While looking at >>>> the >>>> logs, I saw the WARNING. >>>> >>>> >>> back on-list >>> >>> So, it works if the line isn't there, but it still works if the line >>> is >>> there and it throws an error >>> >>> Pretty obvious cure, don't have the line in smb.conf, you do not need >>> it. The only place it is required is on an AD DC and the smb.conf for >>> this is created for you. >>> >>> I am also intrigued, why are you modifying smb.conf and restarting >>> samba >>> every night? most people set it once and then leave it alone. >>> >>> This is for Andrew Bartlett: >>> >>> This is the second time something like this has come up, are you now >>> prepared to accept the patch to remove the mention of 'server role' >>> from >>> the example smb.conf, because I would now like to propose a patch for >>> the smb.conf manpage, something along the lines of 'Do not set server >>> role manually, it is not required and could cause problems' >> The issue here is incorrect documentation. We should accept the >> options described in the documentation, and we should encouage users to >> configure Samba with the server role parameter. The old combination of >> 'security, domain logons and domain mast er' while pervasive is even >> more confusing. >> >> Andrew Bartlett >> > > OK Andrew, the smb.conf manpage is wrong, but adding the server role > anywhere but on a DC (where it is added for you) isn't really needed > and it seems to be causing more problems than it helps. > Just because you think using the 'old' way is confusing doesn't make > it so, with all those howtos out there, to now start telling people to > start using the server role line and not use the 'old' way will cause > nothing but confusion. > I am not saying that samba should stop using the server role, what I > am saying is that samba should stop going out of its way to make > sysadmins use it. > > Rowland > >So you are recommending lowering the clarity of samba configuration?. You wish to keep looking at the smb.conf which users post here guess that which they wish to achieve?
Marc Muehlfeld
2015-Oct-12 19:12 UTC
[Samba] PATCH: Fix example of server role parameter in smb.conf manpage (WAS: invalid value 'netbios backup domain controller')
Hello Andrew, while reading your and Rowlands discussion about recommending or not the 'server role' parameter on other machines than DCs, I saw, that the smb.conf manpage example says> Example: server role = DOMAIN CONTROLLERHowever, correct is> Example: server role = ACTIVE DIRECTORY DOMAIN CONTROLLERAttached a fix. Please review and push, if OK. Thanks. Regards, Marc
Rowland Penny
2015-Oct-12 20:11 UTC
[Samba] PATCH: Fix example of server role parameter in smb.conf manpage (WAS: invalid value 'netbios backup domain controller')
On 12/10/15 20:12, Marc Muehlfeld wrote:> Hello Andrew, > > while reading your and Rowlands discussion about recommending or not the > 'server role' parameter on other machines than DCs, I saw, that the > smb.conf manpage example says > >> Example: server role = DOMAIN CONTROLLER > However, correct is > >> Example: server role = ACTIVE DIRECTORY DOMAIN CONTROLLER > > Attached a fix. Please review and push, if OK. > Thanks. > > > Regards, > MarcEr, you missed the main one, 'netbios backup domain controller' is really 'classic backup domain controller', according to Andrew Rowland
Marc Muehlfeld
2015-Oct-12 20:56 UTC
[Samba] PATCH: Fixes for server role parameter in smb.conf manpage (WAS: invalid value 'netbios backup domain controller')
Am 12.10.2015 um 22:11 schrieb Rowland Penny:> Er, you missed the main one, 'netbios backup domain controller' is > really 'classic backup domain controller', according to AndrewNew patch attached. Regards, Marc -------------- next part --------------