On Wed, 13 Jun 2018 11:12:43 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote:> Hi, > > > I was just investigating the winbind execution issue : > > > This is what happens when winbind is started by samba > > > > [root at dmzrodc ~]# winbindd -D --option=server role check:inhibit=yes > --foreground -S -d 10 Error setting option 'server'Try it like this: winbindd -D --option='server role check:inhibit=yes' --foreground -S -d 10> [root at dmzrodc ~]# winbindd -V > Version 4.8.2-SerNet-RedHat-10.el7Good, at least you haven't got something strange going on, like a rogue winbindd version installed ;-) Rowland
Here it is. It talks about homes share but I think we don't care ? Final error is not explicit to me.. Maybe you? INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 winbindd version 4.8.2-SerNet-RedHat-10.el7 started. Copyright Andrew Tridgell and the Samba Team 1992-2018 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 Processing section "[global]" doing parameter netbios name = DMZRODC doing parameter realm = ADS.MYDOMAIN.BE doing parameter server role = active directory domain controller doing parameter workgroup = MYDOMAIN doing parameter log level = 10 pm_process() returned Yes lp_servicenumber: couldn't find homes messaging_dgm_ref: messaging_dgm_init returned Succès messaging_dgm_ref: unique = 11509548009454711159 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) Registering messaging pointer for type 51 - private_data=(nil) messaging_init_internal: my id: 13124 lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 Processing section "[global]" doing parameter netbios name = DMZRODC doing parameter realm = ADS.MYDOMAIN.BE doing parameter server role = active directory domain controller doing parameter workgroup = MYDOMAIN doing parameter log level = 10 pm_process() returned Yes lp_servicenumber: couldn't find homes added interface eth0 ip=192.168.19.5 bcast=192.168.19.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="DMZRODC" added interface eth0 ip=192.168.19.5 bcast=192.168.19.255 netmask=255.255.255.0 exit_daemon: STATUS=daemon failed to start: Failed to create session, error code 1 ----- Mail original ----- De: "Rowland Penny via samba" <samba at lists.samba.org> À: samba at lists.samba.org Envoyé: Mercredi 13 Juin 2018 11:19:31 Objet : Re: [Samba] Samba 4.8 RODC not working On Wed, 13 Jun 2018 11:12:43 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote:> Hi, > > > I was just investigating the winbind execution issue : > > > This is what happens when winbind is started by samba > > > > [root at dmzrodc ~]# winbindd -D --option=server role check:inhibit=yes > --foreground -S -d 10 Error setting option 'server'Try it like this: winbindd -D --option='server role check:inhibit=yes' --foreground -S -d 10> [root at dmzrodc ~]# winbindd -V > Version 4.8.2-SerNet-RedHat-10.el7Good, at least you haven't got something strange going on, like a rogue winbindd version installed ;-) Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- www.it-optics.com Gaëtan SLONGO | Head of Infrastructure Department Boulevard Initialis, 28 - 7000 Mons, BELGIUM Company : +32 (0)65 84 23 85 Direct : +32 (0)65 32 85 88 Fax : +32 (0)65 84 66 76 Skype ID : gslongo.pro GPG Key : gslongo-gpg_key.asc - Please consider your environmental responsibility before printing this e-mail -
On Wed, 13 Jun 2018 11:33:48 +0200 (CEST) Gaetan SLONGO <gslongo at it-optics.com> wrote:> > > > > Here it is. It talks about homes share but I think we don't care ? > Final error is not explicit to me.. Maybe you? > > > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > winbindd version 4.8.2-SerNet-RedHat-10.el7 started. > Copyright Andrew Tridgell and the Samba Team 1992-2018 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > Processing section "[global]" > doing parameter netbios name = DMZRODC > doing parameter realm = ADS.MYDOMAIN.BE > doing parameter server role = active directory domain controller > doing parameter workgroup = MYDOMAIN > doing parameter log level = 10 > pm_process() returned Yes > lp_servicenumber: couldn't find homes > messaging_dgm_ref: messaging_dgm_init returned Succès > messaging_dgm_ref: unique = 11509548009454711159 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > Registering messaging pointer for type 51 - private_data=(nil) > messaging_init_internal: my id: 13124 > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > (16384) INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > auth_audit: 10 > auth_json_audit: 10 > kerberos: 10 > drs_repl: 10 > smb2: 10 > smb2_credits: 10 > Processing section "[global]" > doing parameter netbios name = DMZRODC > doing parameter realm = ADS.MYDOMAIN.BE > doing parameter server role = active directory domain controller > doing parameter workgroup = MYDOMAIN > doing parameter log level = 10 > pm_process() returned Yes > lp_servicenumber: couldn't find homes > added interface eth0 ip=192.168.19.5 bcast=192.168.19.255 > netmask=255.255.255.0 Netbios name list:- > my_netbios_names[0]="DMZRODC" > added interface eth0 ip=192.168.19.5 bcast=192.168.19.255 > netmask=255.255.255.0 exit_daemon: STATUS=daemon failed to start: > Failed to create session, error code 1 > >Not that it helps, but I have now notice why you want the RODC, you want to do something stupid like putting it into a DMZ zone. This is not recommended, it is a security risk. If you must do this, then do you have a share in smb.conf called '[homes]', if so, remove the trailing 's' i.e. make it '[home]' and read the wiki. Running out of ideas now, except, can you ping a DC from the RODC ? Rowland
Andrew Bartlett
2018-Jun-13 10:37 UTC
[Samba] setsid() failure when starting winbindd/smbd (was: Re: Samba 4.8 RODC not working)
On Wed, 2018-06-13 at 11:33 +0200, Gaetan SLONGO via samba wrote:> exit_daemon: STATUS=daemon failed to start: Failed to create session, error code 1This is the issue. On my system EPERM is errno 1. The call failing is setsid(). It lists this: ERRORS EPERM The process group ID of any process equals the PID of the calling process. Thus, in particular, setsid() fails if the calling process is already a process group leader. This was so clearly not expected to fail that we didn't even convert the error number to a string, so I don't think that is the entire story. Just to rule things out, are you running under Are you running under some kind of jail/selinux/security subsystem/apparmor/ulimit? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba