Rowland penny
2016-Apr-02 20:05 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On 02/04/16 20:59, Sonic wrote:> On Sat, Apr 2, 2016 at 2:34 PM, Rowland penny <rpenny at samba.org> wrote: >> On debian there is a script called samba in /etc/init.d , it starts smbd & >> nmbd *or* samba, if it doesn't find 'server role = active directory domain >> controller' in smb.conf , it doesn't try to start the samba deamon. > Odd that they do that when in the default mode (using systemd). > Apparently makes for more backward compatibility. However, the > systemctl start and stop commands still work for nmbd and smbd (of > course, as running the samba init file calls systemctl). > > As I compiled Samba from source it was certainly easier to write the > service files then attempting the complexity of the init files.I compile Samba myself and I use init files, I would rather have them than the bloat systemd comes with. They are not complex if you understand bash and are a lot easier to understand than all that systemd comes with. A rabid systemd hater Rowland
Sonic
2016-Apr-02 21:11 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On Sat, Apr 2, 2016 at 4:05 PM, Rowland penny <rpenny at samba.org> wrote:> I compile Samba myself and I use init files, I would rather have them than > the bloat systemd comes with. They are not complex if you understand bash > and are a lot easier to understand than all that systemd comes with.At first I felt the same way but the service files are starting to seem simpler. Yes, the shell scripts are quite readable but also a bit unwieldly when compared to the systemd service files. After working with them for a while, I'd rather edit the service files. Compare... My systemd service files (nmbd, smbd, ad) 39 lines including white space ========================================================[Unit] Description=Samba SMB/CIFS server After=network.target nmbd.service [Service] Type=forking PIDFile=/usr/local/samba/var/run/smbd.pid LimitNOFILE=16384 ExecStart=/usr/local/samba/sbin/smbd -D ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ============================[Unit] Description=Samba NetBIOS name server After=network.target [Service] Type=forking PIDFile=/usr/local/samba/var/run/nmbd.pid ExecStart=/usr/local/samba/sbin/nmbd -D ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ============================[Unit] Description=Samba AD server After=network.target [Service] Type=forking PIDFile=/usr/local/samba/var/run/samba.pid LimitNOFILE=16384 EnvironmentFile=-/usr/local/samba/etc/conf.d/samba ExecStart=/usr/local/samba/sbin/samba $SAMBAOPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target ======================================================== Now Debian's init scripts (samba, samba-ad-dc, nmbd, smbd) almost 250 lines including white space ========================================================#!/bin/sh ### BEGIN INIT INFO # Provides: samba # Required-Start: # Required-Stop: # Default-Start: # Default-Stop: # Short-Description: ensure Samba daemons are started (nmbd and smbd) ### END INIT INFO set -e # start nmbd, smbd and samba-ad-dc unconditionally # the init scripts themselves check if they are needed or not case $1 in start) /etc/init.d/nmbd start /etc/init.d/smbd start /etc/init.d/samba-ad-dc start ;; stop) /etc/init.d/samba-ad-dc stop /etc/init.d/smbd stop /etc/init.d/nmbd stop ;; reload) /etc/init.d/smbd reload ;; restart|force-reload) /etc/init.d/nmbd "$1" /etc/init.d/smbd "$1" /etc/init.d/samba-ad-dc "$1" ;; status) status=0 NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null || true` SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1 || true` if [ "$SERVER_ROLE" != "active directory domain controller" ]; then if [ "$NMBD_DISABLED" != "Yes" ]; then /etc/init.d/nmbd status || status=$? fi /etc/init.d/smbd status || status=$? else /etc/init.d/samba-ad-dc status || status=$? fi exit $status ;; *) echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload|status}" exit 1 ;; esac ============================#! /bin/sh ### BEGIN INIT INFO # Provides: samba-ad-dc # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start Samba daemons for the AD DC ### END INIT INFO # # Start/stops the Samba daemon (samba). # Adapted from the Samba 3 packages. # PIDDIR=/var/run/samba SAMBAPID=$PIDDIR/samba.pid # clear conflicting settings from the environment unset TMPDIR # See if the daemon and the config file are there test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0 . /lib/lsb/init-functions case "$1" in start) SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` if [ "$SERVER_ROLE" != "active directory domain controller" ]; then exit 0 fi if init_is_upstart; then exit 1 fi # CVE-2013-4475 KEYFILE=/var/lib/samba/private/tls/key.pem if [ -e $KEYFILE ] then KEYPERMS=`stat -c %a $KEYFILE` if [ "$KEYPERMS" != "600" ] then echo "wrong permission on $KEYFILE, must be 600" echo "samba will not start (CVE-2013-4475)" echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." exit 1 fi fi log_daemon_msg "Starting Samba AD DC daemon" "samba" # Make sure we have our PIDDIR, even if it's on a tmpfs install -o root -g root -m 755 -d $PIDDIR if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba -- -D; then log_end_msg 1 exit 1 fi log_end_msg 0 ;; stop) if init_is_upstart; then exit 0 fi log_daemon_msg "Stopping Samba AD DC daemon" "samba" start-stop-daemon --stop --quiet --pidfile $SAMBAPID # Wait a little and remove stale PID file sleep 1 if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null then # Stale PID file (samba was succesfully stopped), # remove it (should be removed by samba itself IMHO.) rm -f $SAMBAPID fi log_end_msg 0 ;; restart|force-reload) if init_is_upstart; then exit 1 fi $0 stop sleep 1 $0 start ;; status) status_of_proc -p $SAMBAPID /usr/sbin/samba samba exit $? ;; *) echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 ============================#!/bin/sh ### BEGIN INIT INFO # Provides: nmbd # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # X-Start-Before: smbd # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start Samba NetBIOS nameserver (nmbd) ### END INIT INFO PIDDIR=/var/run/samba NMBDPID=$PIDDIR/nmbd.pid # clear conflicting settings from the environment unset TMPDIR # See if the daemons are there test -x /usr/sbin/nmbd || exit 0 . /lib/lsb/init-functions case $1 in start) if init_is_upstart; then exit 1 fi SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` if [ "$SERVER_ROLE" = "active directory domain controller" ]; then exit 0 fi if [ -n `which testparm` ] then NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null` fi if [ "$NMBD_DISABLED" != Yes ]; then log_daemon_msg "Starting NetBIOS name server" nmbd # Make sure we have our PIDDIR, even if it's on a tmpfs install -o root -g root -m 755 -d $PIDDIR if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd -- -D then log_end_msg 1 exit 1 fi log_end_msg 0 fi ;; stop) if init_is_upstart; then exit 0 fi log_daemon_msg "Stopping NetBIOS name server" nmbd start-stop-daemon --stop --quiet --pidfile $NMBDPID # Wait a little and remove stale PID file sleep 1 if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null then # Stale PID file (nmbd was succesfully stopped), # remove it (should be removed by nmbd itself IMHO.) rm -f $NMBDPID fi log_end_msg 0 ;; restart|force-reload) if init_is_upstart; then exit 1 fi $0 stop sleep 1 $0 start ;; status) status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd exit $? ;; *) echo "Usage: /etc/init.d/nmbd {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 ============================#!/bin/sh ### BEGIN INIT INFO # Provides: smbd # Required-Start: $network $local_fs $remote_fs # Required-Stop: $network $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Should-Start: slapd cups # Should-Stop: slapd cups # Short-Description: start Samba SMB/CIFS daemon (smbd) ### END INIT INFO PIDDIR=/var/run/samba SMBDPID=$PIDDIR/smbd.pid # clear conflicting settings from the environment unset TMPDIR # See if the daemons are there test -x /usr/sbin/smbd || exit 0 . /lib/lsb/init-functions case $1 in start) if init_is_upstart; then exit 1 fi SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1` if [ "$SERVER_ROLE" = "active directory domain controller" ]; then exit 0 fi log_daemon_msg "Starting SMB/CIFS daemon" smbd # Make sure we have our PIDDIR, even if it's on a tmpfs install -o root -g root -m 755 -d $PIDDIR if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D; then log_end_msg 1 exit 1 fi log_end_msg 0 ;; stop) if init_is_upstart; then exit 0 fi log_daemon_msg "Stopping SMB/CIFS daemon" smbd start-stop-daemon --stop --quiet --pidfile $SMBDPID # Wait a little and remove stale PID file sleep 1 if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null then # Stale PID file, remove it (should be removed by # smbd itself IMHO). rm -f $SMBDPID fi log_end_msg 0 ;; reload) log_daemon_msg "Reloading /etc/samba/smb.conf" smbd start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID log_end_msg 0 ;; restart|force-reload) if init_is_upstart; then exit 1 fi $0 stop sleep 1 $0 start ;; status) status_of_proc -p $SMBDPID /usr/sbin/smbd smbd exit $? ;; *) echo "Usage: /etc/init.d/smbd {start|stop|reload|restart|force-reload|status}" exit 1 ;; esac exit 0 =========================================================
Rowland penny
2016-Apr-03 07:26 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On 02/04/16 22:11, Sonic wrote:> On Sat, Apr 2, 2016 at 4:05 PM, Rowland penny <rpenny at samba.org> wrote: >> I compile Samba myself and I use init files, I would rather have them than >> the bloat systemd comes with. They are not complex if you understand bash >> and are a lot easier to understand than all that systemd comes with. > At first I felt the same way but the service files are starting to > seem simpler. Yes, the shell scripts are quite readable but also a bit > unwieldly when compared to the systemd service files. After working > with them for a while, I'd rather edit the service files. > > Compare... > My systemd service files (nmbd, smbd, ad) > 39 lines including white space > ============================> ============================> [Unit] > Description=Samba SMB/CIFS server > After=network.target nmbd.service > > [Service] > Type=forking > PIDFile=/usr/local/samba/var/run/smbd.pid > LimitNOFILE=16384 > ExecStart=/usr/local/samba/sbin/smbd -D > ExecReload=/bin/kill -HUP $MAINPID > > [Install] > WantedBy=multi-user.target > ============================> [Unit] > Description=Samba NetBIOS name server > After=network.target > > [Service] > Type=forking > PIDFile=/usr/local/samba/var/run/nmbd.pid > ExecStart=/usr/local/samba/sbin/nmbd -D > ExecReload=/bin/kill -HUP $MAINPID > > [Install] > WantedBy=multi-user.target > ============================> [Unit] > Description=Samba AD server > After=network.target > > [Service] > Type=forking > PIDFile=/usr/local/samba/var/run/samba.pid > LimitNOFILE=16384 > EnvironmentFile=-/usr/local/samba/etc/conf.d/samba > ExecStart=/usr/local/samba/sbin/samba $SAMBAOPTIONS > ExecReload=/bin/kill -HUP $MAINPID > > [Install] > WantedBy=multi-user.target > ============================> ============================> > Now Debian's init scripts (samba, samba-ad-dc, nmbd, smbd) > almost 250 lines including white space > ============================> ============================> #!/bin/sh > > ### BEGIN INIT INFO > # Provides: samba > # Required-Start: > # Required-Stop: > # Default-Start: > # Default-Stop: > # Short-Description: ensure Samba daemons are started (nmbd and smbd) > ### END INIT INFO > > set -e > > # start nmbd, smbd and samba-ad-dc unconditionally > # the init scripts themselves check if they are needed or not > case $1 in > start) > /etc/init.d/nmbd start > /etc/init.d/smbd start > /etc/init.d/samba-ad-dc start > ;; > stop) > /etc/init.d/samba-ad-dc stop > /etc/init.d/smbd stop > /etc/init.d/nmbd stop > ;; > reload) > /etc/init.d/smbd reload > ;; > restart|force-reload) > /etc/init.d/nmbd "$1" > /etc/init.d/smbd "$1" > /etc/init.d/samba-ad-dc "$1" > ;; > status) > status=0 > NMBD_DISABLED=`testparm -s --parameter-name='disable > netbios' 2>/dev/null || true` > SERVER_ROLE=`samba-tool testparm > --parameter-name="server role" 2>/dev/null | tail -1 || true` > if [ "$SERVER_ROLE" != "active directory domain > controller" ]; then > if [ "$NMBD_DISABLED" != "Yes" ]; then > /etc/init.d/nmbd status || status=$? > fi > /etc/init.d/smbd status || status=$? > else > /etc/init.d/samba-ad-dc status || status=$? > fi > exit $status > ;; > *) > echo "Usage: /etc/init.d/samba > {start|stop|reload|restart|force-reload|status}" > exit 1 > ;; > esac > ============================> #! /bin/sh > > ### BEGIN INIT INFO > # Provides: samba-ad-dc > # Required-Start: $network $local_fs $remote_fs > # Required-Stop: $network $local_fs $remote_fs > # Default-Start: 2 3 4 5 > # Default-Stop: 0 1 6 > # Short-Description: start Samba daemons for the AD DC > ### END INIT INFO > > # > # Start/stops the Samba daemon (samba). > # Adapted from the Samba 3 packages. > # > > PIDDIR=/var/run/samba > SAMBAPID=$PIDDIR/samba.pid > > # clear conflicting settings from the environment > unset TMPDIR > > # See if the daemon and the config file are there > test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0 > > . /lib/lsb/init-functions > > case "$1" in > start) > SERVER_ROLE=`samba-tool testparm > --parameter-name="server role" 2>/dev/null | tail -1` > if [ "$SERVER_ROLE" != "active directory domain > controller" ]; then > exit 0 > fi > > if init_is_upstart; then > exit 1 > fi > > # CVE-2013-4475 > KEYFILE=/var/lib/samba/private/tls/key.pem > if [ -e $KEYFILE ] > then > KEYPERMS=`stat -c %a $KEYFILE` > if [ "$KEYPERMS" != "600" ] > then > echo "wrong permission > on $KEYFILE, must be 600" > echo "samba will not > start (CVE-2013-4475)" > echo "Removing all tls > .pem files will cause an auto-regeneration with the correct > permissions." > exit 1 > fi > fi > > log_daemon_msg "Starting Samba AD DC daemon" "samba" > # Make sure we have our PIDDIR, even if it's on a tmpfs > install -o root -g root -m 755 -d $PIDDIR > > if ! start-stop-daemon --start --quiet --oknodo --exec > /usr/sbin/samba -- -D; then > log_end_msg 1 > exit 1 > fi > > log_end_msg 0 > ;; > stop) > if init_is_upstart; then > exit 0 > fi > log_daemon_msg "Stopping Samba AD DC daemon" "samba" > > start-stop-daemon --stop --quiet --pidfile $SAMBAPID > # Wait a little and remove stale PID file > sleep 1 > if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null > then > # Stale PID file (samba was succesfully stopped), > # remove it (should be removed by samba itself IMHO.) > rm -f $SAMBAPID > fi > > log_end_msg 0 > > ;; > restart|force-reload) > if init_is_upstart; then > exit 1 > fi > $0 stop > sleep 1 > $0 start > ;; > status) > status_of_proc -p $SAMBAPID /usr/sbin/samba samba > exit $? > ;; > *) > echo "Usage: /etc/init.d/samba-ad-dc > {start|stop|restart|force-reload|status}" > exit 1 > ;; > esac > > exit 0 > ============================> #!/bin/sh > > ### BEGIN INIT INFO > # Provides: nmbd > # Required-Start: $network $local_fs $remote_fs > # Required-Stop: $network $local_fs $remote_fs > # X-Start-Before: smbd > # Default-Start: 2 3 4 5 > # Default-Stop: 0 1 6 > # Short-Description: start Samba NetBIOS nameserver (nmbd) > ### END INIT INFO > > > PIDDIR=/var/run/samba > NMBDPID=$PIDDIR/nmbd.pid > > # clear conflicting settings from the environment > unset TMPDIR > > # See if the daemons are there > test -x /usr/sbin/nmbd || exit 0 > > . /lib/lsb/init-functions > > case $1 in > start) > if init_is_upstart; then > exit 1 > fi > SERVER_ROLE=`samba-tool testparm > --parameter-name="server role" 2>/dev/null | tail -1` > if [ "$SERVER_ROLE" = "active directory domain > controller" ]; then > exit 0 > fi > > if [ -n `which testparm` ] > then > NMBD_DISABLED=`testparm -s > --parameter-name='disable netbios' 2>/dev/null` > fi > if [ "$NMBD_DISABLED" != Yes ]; then > log_daemon_msg "Starting NetBIOS name server" nmbd > # Make sure we have our PIDDIR, even if it's on a tmpfs > install -o root -g root -m 755 -d $PIDDIR > > if ! start-stop-daemon --start --quiet > --oknodo --exec /usr/sbin/nmbd -- -D > then > log_end_msg 1 > exit 1 > fi > log_end_msg 0 > fi > > ;; > stop) > if init_is_upstart; then > exit 0 > fi > > log_daemon_msg "Stopping NetBIOS name server" nmbd > > start-stop-daemon --stop --quiet --pidfile $NMBDPID > # Wait a little and remove stale PID file > sleep 1 > if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null > then > # Stale PID file (nmbd was succesfully stopped), > # remove it (should be removed by nmbd itself IMHO.) > rm -f $NMBDPID > fi > > log_end_msg 0 > > ;; > restart|force-reload) > if init_is_upstart; then > exit 1 > fi > $0 stop > sleep 1 > $0 start > ;; > status) > status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd > exit $? > ;; > *) > echo "Usage: /etc/init.d/nmbd > {start|stop|restart|force-reload|status}" > exit 1 > ;; > esac > > exit 0 > ============================> #!/bin/sh > > ### BEGIN INIT INFO > # Provides: smbd > # Required-Start: $network $local_fs $remote_fs > # Required-Stop: $network $local_fs $remote_fs > # Default-Start: 2 3 4 5 > # Default-Stop: 0 1 6 > # Should-Start: slapd cups > # Should-Stop: slapd cups > # Short-Description: start Samba SMB/CIFS daemon (smbd) > ### END INIT INFO > > > PIDDIR=/var/run/samba > SMBDPID=$PIDDIR/smbd.pid > > # clear conflicting settings from the environment > unset TMPDIR > > # See if the daemons are there > test -x /usr/sbin/smbd || exit 0 > > . /lib/lsb/init-functions > > case $1 in > start) > if init_is_upstart; then > exit 1 > fi > SERVER_ROLE=`samba-tool testparm > --parameter-name="server role" 2>/dev/null | tail -1` > if [ "$SERVER_ROLE" = "active directory domain > controller" ]; then > exit 0 > fi > > log_daemon_msg "Starting SMB/CIFS daemon" smbd > # Make sure we have our PIDDIR, even if it's on a tmpfs > install -o root -g root -m 755 -d $PIDDIR > > if ! start-stop-daemon --start --quiet --oknodo --exec > /usr/sbin/smbd -- -D; then > log_end_msg 1 > exit 1 > fi > > log_end_msg 0 > ;; > stop) > if init_is_upstart; then > exit 0 > fi > > log_daemon_msg "Stopping SMB/CIFS daemon" smbd > > start-stop-daemon --stop --quiet --pidfile $SMBDPID > # Wait a little and remove stale PID file > sleep 1 > if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null > then > # Stale PID file, remove it (should be removed by > # smbd itself IMHO). > rm -f $SMBDPID > fi > > log_end_msg 0 > > ;; > reload) > log_daemon_msg "Reloading /etc/samba/smb.conf" smbd > > start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID > > log_end_msg 0 > ;; > restart|force-reload) > if init_is_upstart; then > exit 1 > fi > $0 stop > sleep 1 > $0 start > ;; > status) > status_of_proc -p $SMBDPID /usr/sbin/smbd smbd > exit $? > ;; > *) > echo "Usage: /etc/init.d/smbd > {start|stop|reload|restart|force-reload|status}" > exit 1 > ;; > esac > > exit 0 > ============================> ============================OK, the systemd startup scripts are shorter, big deal, all that has happened is what was in an easy readable bash script is now in a compiled binary. Systemd might have been ok if it had stuck to being a replacement for init scripts, but it seems every time you turn around it has dragged in something else, su, network etc etc. If I wanted to use windows, I would. You will never get me to accept systemd as it is, I will move to one of the BSDs if I have to, so I suggest we leave it here, before someone gets upset. Rowland
Apparently Analagous Threads
- Samba documentation feedback: installation guide for AD join
- CTDB: Failed to connect client socket to daemon.
- Question Wiki Setup a Samba Active Directory Domain Controller
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
- ctdb event script 50.samba does not start smbd