thr3ads.net - samba - [Samba] security=domain fails after upgr. to 4.9, winbind doesn't help [Nov 2019]

If this information is useful, please help other people find it:
Share via:

Frank Steiner

2019-Nov-28 22:32 UTC

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

Rowland penny via samba wrote:
> So your server doesn't seem to be able to find winbindd, are you sure
it
> is running ?
> 
> What does this show:
> 
> ps ax | grep '[w]inbind'
> 
> What OS is this ?
It's SuSE Linux Enterprise 15sp1. winbindd is definitely running, I showed
that in the first mail in the output of "rcwinbind status", there you
can see
the processes in the cgroup.

Just checked it again: restarted winbindd, then smbd, then tried the
connection. Afterwards you can see in the systemd journal that winbindd
was running when smbd failed to find it:

server2 /root# journalctl | grep winbind
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,  0]
../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Nov 28 23:25:20 server2 winbindd[30973]:   initialize_winbindd_cache: clearing
cache and re-creating with version number 2
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,  0]
../lib/util/become_daemon.c:138(daemon_ready)
Nov 28 23:25:20 server2 winbindd[30973]:   daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections
Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,  0]
../source3/libsmb/namequery.c:78(saf_store)
Nov 28 23:25:20 server2 winbindd[30975]:   saf_store: refusing to store 0 length
domain or servername!
Nov 28 23:25:36 server2 smbd[31001]: [2019/11/28 23:25:36.075480,  0]
../source3/auth/auth_winbind.c:122(check_winbind_security)
Nov 28 23:25:36 server2 smbd[31001]:   check_winbind_security: winbindd not
running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS



Processes are indeed still there:

server2 /root# pgrep -f -a winbindd
30973 /usr/sbin/winbindd --foreground --no-process-group
30975 /usr/sbin/winbindd --foreground --no-process-group



And winbind service looks healthy:

server2 /root# rcwinbind status
* winbind.service - Samba Winbind Daemon
     Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; vendor
preset: disabled)
     Active: active (running) since Thu 2019-11-28 23:25:20 CET; 2min 49s ago
   Main PID: 30973 (winbindd)
     Status: "winbindd: ready to serve connections..."
      Tasks: 2 (limit: 4915)
     CGroup: /system.slice/winbind.service
             |-30973 /usr/sbin/winbindd --foreground --no-process-group
             `-30975 /usr/sbin/winbindd --foreground --no-process-group

Nov 28 23:25:19 server2 systemd[1]: Starting Samba Winbind Daemon...
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,  0]
../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
Nov 28 23:25:20 server2 winbindd[30973]:   initialize_winbindd_cache: clearing
cache and re-creating with version number 2
Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,  0]
../lib/util/become_daemon.c:138(daemon_ready)
Nov 28 23:25:20 server2 winbindd[30973]:   daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections
Nov 28 23:25:20 server2 systemd[1]: Started Samba Winbind Daemon.
Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,  0]
../source3/libsmb/namequery.c:78(saf_store)
Nov 28 23:25:20 server2 winbindd[30975]:   saf_store: refusing to store 0 length
domain or servername!



I've no idea why smbd doesn't see it :-(

cu,
Frank


-- 
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

-- 
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

Rowland penny

2019-Nov-29 08:26 UTC

head link

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

On 28/11/2019 22:32, Frank Steiner wrote:> Rowland penny via samba wrote:
>
>> So your server doesn't seem to be able to find winbindd, are you
sure it
>> is running ?
>>
>> What does this show:
>>
>> ps ax | grep '[w]inbind'
>>
>> What OS is this ?
>
> It's SuSE Linux Enterprise 15sp1. winbindd is definitely running, I 
> showed
> that in the first mail in the output of "rcwinbind status", there
you
> can see
> the processes in the cgroup.
>
> Just checked it again: restarted winbindd, then smbd, then tried the
> connection. Afterwards you can see in the systemd journal that winbindd
> was running when smbd failed to find it:
>
> server2 /root# journalctl | grep winbind
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,? 
> 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
> Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache: 
> clearing cache and re-creating with version number 2
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,? 
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Nov 28 23:25:20 server2 winbindd[30973]:?? daemon_ready: STATUS=daemon 
> 'winbindd' finished starting up and ready to serve connections
> Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,? 
> 0] ../source3/libsmb/namequery.c:78(saf_store)
> Nov 28 23:25:20 server2 winbindd[30975]:?? saf_store: refusing to 
> store 0 length domain or servername!
> Nov 28 23:25:36 server2 smbd[31001]: [2019/11/28 23:25:36.075480, 0] 
> ../source3/auth/auth_winbind.c:122(check_winbind_security)
> Nov 28 23:25:36 server2 smbd[31001]:?? check_winbind_security: 
> winbindd not running - but required as domain member: 
> NT_STATUS_NO_LOGON_SERVERS
>
>
>
> Processes are indeed still there:
>
> server2 /root# pgrep -f -a winbindd
> 30973 /usr/sbin/winbindd --foreground --no-process-group
> 30975 /usr/sbin/winbindd --foreground --no-process-group
>
>
>
> And winbind service looks healthy:
>
> server2 /root# rcwinbind status
> * winbind.service - Samba Winbind Daemon
> ??? Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; 
> vendor preset: disabled)
> ??? Active: active (running) since Thu 2019-11-28 23:25:20 CET; 2min 
> 49s ago
> ? Main PID: 30973 (winbindd)
> ??? Status: "winbindd: ready to serve connections..."
> ???? Tasks: 2 (limit: 4915)
> ??? CGroup: /system.slice/winbind.service
> ??????????? |-30973 /usr/sbin/winbindd --foreground --no-process-group
> ??????????? `-30975 /usr/sbin/winbindd --foreground --no-process-group
>
> Nov 28 23:25:19 server2 systemd[1]: Starting Samba Winbind Daemon...
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.041238,? 
> 0] ../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
> Nov 28 23:25:20 server2 winbindd[30973]: initialize_winbindd_cache: 
> clearing cache and re-creating with version number 2
> Nov 28 23:25:20 server2 winbindd[30973]: [2019/11/28 23:25:20.050649,? 
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Nov 28 23:25:20 server2 winbindd[30973]:?? daemon_ready: STATUS=daemon 
> 'winbindd' finished starting up and ready to serve connections
> Nov 28 23:25:20 server2 systemd[1]: Started Samba Winbind Daemon.
> Nov 28 23:25:20 server2 winbindd[30975]: [2019/11/28 23:25:20.118423,? 
> 0] ../source3/libsmb/namequery.c:78(saf_store)
> Nov 28 23:25:20 server2 winbindd[30975]:?? saf_store: refusing to 
> store 0 length domain or servername!
>
>
>
> I've no idea why smbd doesn't see it :-(
>
> cu,
> Frank
>
>Could it be Selinux or Apparmor (not sure which SLES uses) stopping smbd 
contacting winbindd ?

Could the SLES Samba packages be wrong ?

Have you tried starting smbd and then winbind ?

Rowland

Frank Steiner

2019-Nov-29 09:04 UTC

head link

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

Hi Rowland,

thanks for all your input!

Rowland penny via samba wrote:
> Could it be Selinux or Apparmor (not sure which SLES uses) stopping smbd
> contacting winbindd ?
No, none of these is running on our systems.
  > Could the SLES Samba packages be wrong ?
Yes, that's a possibility. I opened a SR with SUSE support, but they
usually take some time to analyse and propose a solution. I asked here
because I thought there might be an obvious mis-configuration that
I did and that expers on this list would immediately see :-) But
if that's not then I guess an error in the SuSE packages is likely.
  > Have you tried starting smbd and then winbind ?
Yes, in all combinations and restarts etc. Nothing helped :-(


-- 
Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

Possibly Parallel Threads

Search for more seemingly similar threads

samba - Nov 2019 - security=domain fails after upgr. to 4.9, winbind doesn't help

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

Possibly Parallel Threads