samba - Feb 2020 - smbd fails to start after upgrade to version 4.11.6

Roy, 

Im still wondering what your problem might be/where its coming from. 
But we know it's interface/network related, only thing is Samba should not
coredump.

So i had a good look below to see where im missing what. 
And i dont see much to work with. 

I have 2 possible options where, where a problem might be.

1) samba start before network is online. 
A possible workaround is add in all the samba services : 
smbd.service nmbd.service winbind.service
[Unit]
Wants=network-online.target
After=network-online.target

systemctl edit smbd
systemctl edit nmbd
systemctl edit winbind

But, i dont think its that, because here (my setup) and Rowland its pi are all
working fine.

( based on : open_sockets_smbd: No sockets available to bind to. ) 
And google is also telling, most probely due to starting and no network up. 

And/or, if your using the /etc/network/interfaces file, run this. 
https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh
Run it like this : 
bash setup-systemd-networkd.sh member
Verify the files, and try to replace /etc/network/interfaces. 

It creates the needes systemd networking files, they are places in the folder
where you run it.
It does NOT change anything, it shows what todo with the files. 

It also might be an interface name thingy,, as Kris Lou mentions. 
So run it and whats in the generated files. 

2) something is corrupt in samba database. 
Lets hope not.. 

A check on the script, and based on the output you sended before. 
Just to make the thread complete, so i have a backlog of it. 
(Todo, make better output of errors or functions with empty values.)
> >
> >I would try and fix it first, can you download and run 
> Louis's script:
> >https://github.com/thctlo/samba4/blob/master/samba-collect-de
bug-info.sh
> >Sanitise the output and post the output into a reply to this.
> >
> >Rowland
> 
> OK:
> root at pi4b:~/scripts# ./samba-collect-debug-info.sh
> Please wait, collecting debug info.
> 
> Password for Administrator at SAMDOM.ORG:
> grep: : No such file or directory
Around line 144 in the script, which means its just not running. 
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> 
> The debug info about your system can be found in this file:
> /tmp/samba-debug-info.txt
> --------------------  /tmp/samba-debug-info.txt ----------------
> Collected config  --- 2020-01-29-20:20 -----------
> 
> Hostname: pi4b
> DNS Domain: samdom.org
> FQDN: pi4b.samdom.org
> ipaddress: 192.168.2.51 
> 
> -----------
>  
> Kerberos SRV _kerberos._tcp.samdom.org record verified ok, 
> sample output: 
> Server:		192.168.2.240
> Address:	192.168.2.240#53
> 
> _kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
> _kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.
2 AD-DC's are detected. 
Can you verify these with 
dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' )
dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
host $(hostname -d)
> Samba is not being run as a DC or a Unix domain member.
Line 157-159 so, because samba isnt running the script error on these parts. 

Just to make sure its not coming from fault DNS records. 
> 
> -----------
>        Checking file: /etc/os-release
> 
> PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> NAME="Raspbian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=raspbian
> ID_LIKE=debian
> HOME_URL="http://www.raspbian.org/"
> SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> 
> -----------
> 
> 
> This computer is running Debian 10.2 armv7l
> 
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state 
> UNKNOWN group
> default qlen 1000
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq 
> state UP group
> default qlen 1000
>     link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state 
> DOWN group default
> qlen 1000
>     link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> 
> -----------
>        Checking file: /etc/hosts
> 
> 127.0.0.1	localhost
> ::1		localhost ip6-localhost ip6-loopback
> ff02::1		ip6-allnodes
> ff02::2		ip6-allrouters
> 
> 192.168.2.51	pi4b.samdom.org	pi4b
> 
> -----------
> 
>        Checking file: /etc/resolv.conf
> 
> search samdom.org
> nameserver 192.168.2.240
> nameserver 192.168.2.4
> 
> -----------
> 
>        Checking file: /etc/krb5.conf
> 
> [libdefaults]
> 	default_realm = samdom.org
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
> 
> -----------
I cant see it but UPPERCASE SAMDOM.ORG in REALM
dnsdomains.tld
REALMS.TLD 
It just prevents small errors in combination with othere software. 

> 
>        Checking file: /etc/nsswitch.conf
> 
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> # `info libc "Name Service Switch"' for information about
this file.
> 
> passwd:         files winbind
> group:          files winbind
> shadow:         files
> gshadow:        files
> 
> hosts:          files mdns4_minimal [NOTFOUND=return] dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> -----------
> 
>     Warning,  does not exist
This is around line 300. 
Where i think the " " is the missing file and this is 
Or : Check_file_exists "${SMBCONF}"  which whould be strange. 
So i think its : 
This line in the script. 
Check_file_exists /etc/idmapd.conf
Can you check that, its just to make sure where i need to add parts in the
script.

> 
> -----------
> 
> 
> Installed packages:
> ii  acl                                   2.2.53-4
> armhf        access control list - utilities
> ii  attr                                  1:2.4.48-4
> armhf        utilities for manipulating filesystem extended attributes
> ii  fonts-quicksand                       0.2016-2
> all          sans-serif font with round attributes
> ii  krb5-config                           2.6
> all          Configuration files for Kerberos Version 5
> ii  krb5-user                             1.17-3
> armhf        basic programs to authenticate using MIT Kerberos
> ii  libacl1:armhf                         2.2.53-4
> armhf        access control list - shared library
> ii  libattr1:armhf                        1:2.4.48-4
> armhf        extended attribute handling - shared library
> ii  libgssapi-krb5-2:armhf                1.17-3
> armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-3:armhf                       1.17-3
> armhf        MIT Kerberos runtime libraries
> ii  libkrb5support0:armhf                 1.17-3
> armhf        MIT Kerberos runtime libraries - Support library
> ii  libnss-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba nameservice integration plugins
> ii  libpam-krb5:armhf                     4.8-2
> armhf        PAM module for MIT Kerberos
> ii  libpam-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> armhf        Windows domain authentication integration plugin
> ii  libsmbclient:armhf                    2:4.11.6+dfsg-0.1raspbian1
> armhf        shared library for communication with SMB/CIFS servers
> ii  libwbclient0:armhf                    2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba winbind client library
> ii  node-tweetnacl                        0.14.5+dfsg-3
> all          Port of TweetNaCl cryptographic library to JavaScript
> ii  python3-samba                         2:4.11.6+dfsg-0.1raspbian1
> armhf        Python 3 bindings for Samba
> ii  samba                                 2:4.11.6+dfsg-0.1raspbian1
> armhf        SMB/CIFS file, print, and login server for Unix
> ii  samba-common                          2:4.11.6+dfsg-0.1raspbian1
> all          common files used by both the Samba server and client
> ii  samba-common-bin                      2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba common files used by both the server and the client
> ii  samba-dsdb-modules:armhf              2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba Directory Services Database
> ii  samba-libs:armhf                      2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba core libraries
> ii  samba-vfs-modules:armhf               2:4.11.6+dfsg-0.1raspbian1
> armhf        Samba Virtual FileSystem plugins
> ii  smbclient                             2:4.11.6+dfsg-0.1raspbian1
> armhf        command-line SMB/CIFS clients for Unix
> ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
> armhf        Samba plugin for VLC
> ii  winbind                               2:4.11.6+dfsg-0.1raspbian1
> armhf        service to resolve user and group information 
> from Windows NT
> servers
> 
> -----------
> 
> Louis' script failed to print out smb.conf (even though it exists at
> /etc/samba/smb.conf) and user.map, so here they are:
> ---------- smb.conf -----------
> [global]
> 
> 	netbios name = pi4b
> 	security = ADS
> 	workgroup = SAMDOM
> 	realm = SAMDOM.ORG
> 
> 	# disable smb1
> 	client min protocol = smb2_02
> 	server min protocol = smb2_02
> 
> 	log file = /var/log/samba/%m.log
> 	log level = 1
> 
> 	# to prevent "Address family not supported by protocol" messages
> (ipv6)
> 	bind interfaces only = yes
> 	interfaces = lo eth0
> 
> 	dedicated keytab file = /etc/krb5.keytab
> 	kerberos method = secrets and keytab
> 	winbind refresh tickets = yes
> 
> 	winbind use default domain = yes
> 
> 	# Default idmap config used for BUILTIN and local 
> accounts/groups
> 	idmap config * : backend = tdb
> 	idmap config * : range = 2000-9999
> 
> 	# idmap config for domain samdom
> 	idmap config SAMDOM:backend = rid
> 	idmap config SAMDOM:range = 10000-99999
> 
> 	# next two lines for testing only - comment-out once working ok
> #	winbind enum users = yes
> #	winbind enum groups = yes
> 
> 	template shell = /bin/bash
> #	template homedir = /srv/samba/users/%U
> 
> 	vfs objects = acl_xattr
> 	map acl inherit = yes
> 	store dos attributes = yes
> 	username map = /etc/samba/user.map
> 
> [images]
> 	# for backup images made by Macrium Reflect
> 	path = /srv/samba/images
> 	read only = no
> 	acl_xattr:ignore system acl = yes
> 
> [downloads]
> 	path = /srv/samba/downloads
> 	read only = no
> 	acl_xattr:ignore system acl = yes
> 
> ---------------user.map --------------------
> !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> administrator
> 
> Thanks in advance for any clues!
> 
> Roy
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Hi Loius, 

 
> Roy,
> 
> Im still wondering what your problem might be/where its coming from.
> But we know it's interface/network related, only thing is Samba should
not coredump.
> 
> So i had a good look below to see where im missing what.
> And i dont see much to work with.
> 
> I have 2 possible options where, where a problem might be.
> 
> 1) samba start before network is online.
> A possible workaround is add in all the samba services :
> smbd.service nmbd.service winbind.service [Unit]
Wants=network-online.target After=network-online.target
> 
> systemctl edit smbd
> systemctl edit nmbd
> systemctl edit winbind
> 
> But, i dont think its that, because here (my setup) and Rowland its pi are
all working fine.
Tried the above, still the same.
> 
> ( based on : open_sockets_smbd: No sockets available to bind to. ) And
google is also telling, most probely due to starting and no
> network up.
> 
> And/or, if your using the /etc/network/interfaces file, run this.
>
https://raw.githubusercontent.com/thctlo/debian-scripts/master/setup-systemd-networkd.sh
> Run it like this :
> bash setup-systemd-networkd.sh member
> Verify the files, and try to replace /etc/network/interfaces.
> 
> It creates the needes systemd networking files, they are places in the
folder where you run it.
> It does NOT change anything, it shows what todo with the files.
> 
> It also might be an interface name thingy,, as Kris Lou mentions.
> So run it and whats in the generated files.
OK, here is the generated lan-member-dev-eth0.network file:
#
# This setup is for a Domain MEMBER server.
# IPV4 only.
[Match]
Name=eth0

[Network]
DHCP=no
DNSSEC=allow-downgrade
DNSSECNegativeTrustAnchors=lan
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no
LLMNR=no

# make use of systemd resolved and its setup, setup the 'search
dnsdomain.tld.'
Domains=samdom.org

# lets make use of systemd-timedate and timesyncd for the member servers.
NTP=192.168.2.240 192.168.2.4 

# DNS resolvers (its safe to mix IPv4 and IPv6)
# Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns.
# If you use systemd-resolved stub (caching) dns, use 127.0.0.53 (only)
# Defaults to the AD-DC servers found in the dns.
DNS=192.168.2.240 192.168.2.4 

# IPv4 gateway and primary IP address.
Gateway=192.168.2.1
Address=192.168.2.51/24

(note instructions have the name of the file wrong - it gave it as
lan-dev-eth0.network but it's actually called
lan-member-dev-eth0.network)

I implemented the changes per the instructions, and the result of timedatectl
status:
root at pi4b:~# timedatectl status
               Local time: Tue 2020-02-04 20:49:50 GMT
           Universal time: Tue 2020-02-04 20:49:50 UTC
                 RTC time: n/a
                Time zone: Europe/London (GMT, +0000)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no
(was running chrony, which I disabled)

The result of networkctl status
root at pi4b:~# networkctl status
?        State: routable
       Address: 192.168.2.51 on eth0
       Gateway: 192.168.2.1 on eth0
           DNS: 192.168.2.240
                192.168.2.4
Search Domains: samdom.org
           NTP: 192.168.2.240
                192.168.2.4

The result of networkctl status eth0
root at pi4b:~# networkctl status eth0
? 2: eth0
       Link File: n/a
    Network File: /etc/systemd/network/lan-member-dev-eth0.network
            Type: ether
           State: routable (configured)
            Path: platform-fd580000.genet
          Driver: bcmgenet
      HW Address: dc:a6:32:17:3c:86
         Address: 192.168.2.51
         Gateway: 192.168.2.1
             DNS: 192.168.2.240
                  192.168.2.4
  Search Domains: samdom.org
             NTP: 192.168.2.240
                  192.168.2.4
    Connected To: n/a on port 38:2c:4a:72:cd:4e

At this point, I re-enabled the two lines in smb.conf:
	bind interfaces only = yes
	interfaces = lo eth0
and re-booted the pi.

Still the same L smbd fails as systemctl status smbd shows:
root at pi4b:~# systemctl status smbd
? smbd.service - Samba SMB Daemon
   Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset:
enabled)
   Active: failed (Result: core-dump) since Tue 2020-02-04 20:32:52 GMT; 22min
ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
  Process: 493 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile
(code=exited, status=0/SUCCESS)
  Process: 495 ExecStart=/usr/sbin/smbd --foreground --no-process-group
$SMBDOPTIONS (code=dumped, signal=ABRT)
 Main PID: 495 (code=dumped, signal=ABRT)
   Status: "smbd: ready to serve connections..."

Feb 04 20:32:51 pi4b smbd[495]:   open_sockets_smbd: No sockets available to
bind to.
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.952387,  0]
../../source3/lib/util.c:824(smb_panic_s3)
Feb 04 20:32:51 pi4b smbd[495]:   PANIC (pid 495): open_sockets_smbd() failed
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953028,  0]
../../lib/util/fault.c:265(log_stack_trace)
Feb 04 20:32:51 pi4b smbd[495]:   BACKTRACE: 0 stack frames:
Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953292,  0]
../../source3/lib/dumpcore.c:315(dump_core)
Feb 04 20:32:51 pi4b smbd[495]:   dumping core in /var/log/samba/cores/smbd
Feb 04 20:32:51 pi4b smbd[495]:
Feb 04 20:32:51 pi4b systemd[1]: smbd.service: Main process exited, code=dumped,
status=6/ABRT
Feb 04 20:32:52 pi4b systemd[1]: smbd.service: Failed with result
'core-dump'.
> 
> 2) something is corrupt in samba database.
> Lets hope not..
So do I...
> 
> A check on the script, and based on the output you sended before.
> Just to make the thread complete, so i have a backlog of it.
> (Todo, make better output of errors or functions with empty values.)
> 
> > >
> > >I would try and fix it first, can you download and run
> > Louis's script:
> > >https://github.com/thctlo/samba4/blob/master/samba-collect-de
> bug-info.sh
> > >Sanitise the output and post the output into a reply to this.
> > >
> > >Rowland
> >
> > OK:
> > root at pi4b:~/scripts# ./samba-collect-debug-info.sh Please wait,
> > collecting debug info.
> >
> > Password for Administrator at SAMDOM.ORG:
> > grep: : No such file or directory
> 
> Around line 144 in the script, which means its just not running.
> 
> > Load smb config files from /etc/samba/smb.conf Loaded services file
> > OK.
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > The debug info about your system can be found in this file:
> > /tmp/samba-debug-info.txt
> > --------------------  /tmp/samba-debug-info.txt ----------------
> > Collected config  --- 2020-01-29-20:20 -----------
> >
> > Hostname: pi4b
> > DNS Domain: samdom.org
> > FQDN: pi4b.samdom.org
> > ipaddress: 192.168.2.51
> >
> > -----------
> >
> > Kerberos SRV _kerberos._tcp.samdom.org record verified ok, sample
> > output:
> > Server:		192.168.2.240
> > Address:	192.168.2.240#53
> >
> > _kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
> > _kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.
> 
> 2 AD-DC's are detected.
> Can you verify these with
> dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' ) 
Yes:
dig -x $(host pi-dc.samdom.org| awk '{ print $NF }' )

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 91bfcfed9ef46a69b34989825e39d6f6ba0f2712ec8869cd (good)
;; QUESTION SECTION:
;4.2.168.192.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600    IN      SOA     tiger-db.samdom.org.
hostmaster.samdom.org. 11 900 600 86400 3600

;; Query time: 5 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:41:12 GMT 2020
;; MSG SIZE  rcvd: 150
> dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
root at pi4b:~# dig -x $(host tiger-db.samdom.org| awk '{ print $NF }' )

; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x 192.168.2.240
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34146
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a3f680e54e3e81ee6c73adda5e39d772d9dceedb83ef6bb2 (good)
;; QUESTION SECTION:
;240.2.168.192.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
2.168.192.in-addr.arpa. 3600    IN      SOA     tiger-db.samdom.org.
hostmaster.samdom.org. 11 900 600 86400 3600

;; Query time: 3 msec
;; SERVER: 192.168.2.240#53(192.168.2.240)
;; WHEN: Tue Feb 04 20:43:16 GMT 2020
;; MSG SIZE  rcvd: 152
> host $(hostname -d)
root at pi4b:~# host $(hostname -d)
samdom.org has address 192.168.2.4
samdom.org has address 192.168.2.240
> 
> > Samba is not being run as a DC or a Unix domain member.
> 
> Line 157-159 so, because samba isnt running the script error on these
parts.
> 
> Just to make sure its not coming from fault DNS records.
> 
> >
> > -----------
> >        Checking file: /etc/os-release
> >
> > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> > NAME="Raspbian GNU/Linux"
> > VERSION_ID="10"
> > VERSION="10 (buster)"
> > VERSION_CODENAME=buster
> > ID=raspbian
> > ID_LIKE=debian
> > HOME_URL="http://www.raspbian.org/"
> > SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> >
> > -----------
> >
> >
> > This computer is running Debian 10.2 armv7l
> >
> > -----------
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN
> > group default qlen 1000
> >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >     inet 127.0.0.1/8 scope host lo
> > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq
state UP
> > group default qlen 1000
> >     link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
> >     inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
group
> > default qlen 1000
> >     link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> >
> > -----------
> >        Checking file: /etc/hosts
> >
> > 127.0.0.1	localhost
> > ::1		localhost ip6-localhost ip6-loopback
> > ff02::1		ip6-allnodes
> > ff02::2		ip6-allrouters
> >
> > 192.168.2.51	pi4b.samdom.org	pi4b
> >
> > -----------
> >
> >        Checking file: /etc/resolv.conf
> >
> > search samdom.org
> > nameserver 192.168.2.240
> > nameserver 192.168.2.4
> >
> > -----------
> >
> >        Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > 	default_realm = samdom.org
> > 	dns_lookup_realm = false
> > 	dns_lookup_kdc = true
> >
> > -----------
> I cant see it but UPPERCASE SAMDOM.ORG in REALM dnsdomains.tld REALMS.TLD
It just prevents small errors in combination with
> othere software.
Yes, can confirm that the realm was in UPPERCASE - the copy sent to the list was
sanitised and got changed to lowercase in the
process.
> 
> 
> >
> >        Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages
> > installed, try:
> > # `info libc "Name Service Switch"' for information
about this file.
> >
> > passwd:         files winbind
> > group:          files winbind
> > shadow:         files
> > gshadow:        files
> >
> > hosts:          files mdns4_minimal [NOTFOUND=return] dns
> > networks:       files
> >
> > protocols:      db files
> > services:       db files
> > ethers:         db files
> > rpc:            db files
> >
> > netgroup:       nis
> >
> > -----------
> >
> >     Warning,  does not exist
> 
> This is around line 300.
> Where i think the " " is the missing file and this is
> Or : Check_file_exists "${SMBCONF}"  which whould be strange.
> So i think its :
> This line in the script.
> Check_file_exists /etc/idmapd.conf
> Can you check that, its just to make sure where i need to add parts in the
script.
The file exists:
root at pi4b:~# ls -l /etc/idmapd.conf
-rw-r--r-- 1 root root 206 Apr  6  2019 /etc/idmapd.conf

Interestingly, I just re-ran your script and it ran OK this time, including
smb.conf and user.map.     Obviously something changed -
perhaps all these tweaks changed something?
> 
> 
> >
> > -----------
> >
> >
> > Installed packages:
> > ii  acl                                   2.2.53-4
> > armhf        access control list - utilities
> > ii  attr                                  1:2.4.48-4
> > armhf        utilities for manipulating filesystem extended attributes
> > ii  fonts-quicksand                       0.2016-2
> > all          sans-serif font with round attributes
> > ii  krb5-config                           2.6
> > all          Configuration files for Kerberos Version 5
> > ii  krb5-user                             1.17-3
> > armhf        basic programs to authenticate using MIT Kerberos
> > ii  libacl1:armhf                         2.2.53-4
> > armhf        access control list - shared library
> > ii  libattr1:armhf                        1:2.4.48-4
> > armhf        extended attribute handling - shared library
> > ii  libgssapi-krb5-2:armhf                1.17-3
> > armhf        MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> > ii  libkrb5-3:armhf                       1.17-3
> > armhf        MIT Kerberos runtime libraries
> > ii  libkrb5support0:armhf                 1.17-3
> > armhf        MIT Kerberos runtime libraries - Support library
> > ii  libnss-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba nameservice integration plugins
> > ii  libpam-krb5:armhf                     4.8-2
> > armhf        PAM module for MIT Kerberos
> > ii  libpam-winbind:armhf                  2:4.11.6+dfsg-0.1raspbian1
> > armhf        Windows domain authentication integration plugin
> > ii  libsmbclient:armhf                    2:4.11.6+dfsg-0.1raspbian1
> > armhf        shared library for communication with SMB/CIFS servers
> > ii  libwbclient0:armhf                    2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba winbind client library
> > ii  node-tweetnacl                        0.14.5+dfsg-3
> > all          Port of TweetNaCl cryptographic library to JavaScript
> > ii  python3-samba                         2:4.11.6+dfsg-0.1raspbian1
> > armhf        Python 3 bindings for Samba
> > ii  samba                                 2:4.11.6+dfsg-0.1raspbian1
> > armhf        SMB/CIFS file, print, and login server for Unix
> > ii  samba-common                          2:4.11.6+dfsg-0.1raspbian1
> > all          common files used by both the Samba server and client
> > ii  samba-common-bin                      2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba common files used by both the server and the client
> > ii  samba-dsdb-modules:armhf              2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba Directory Services Database
> > ii  samba-libs:armhf                      2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba core libraries
> > ii  samba-vfs-modules:armhf               2:4.11.6+dfsg-0.1raspbian1
> > armhf        Samba Virtual FileSystem plugins
> > ii  smbclient                             2:4.11.6+dfsg-0.1raspbian1
> > armhf        command-line SMB/CIFS clients for Unix
> > ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
> > armhf        Samba plugin for VLC
> > ii  winbind                               2:4.11.6+dfsg-0.1raspbian1
> > armhf        service to resolve user and group information
> > from Windows NT
> > servers
> >
> > -----------
> >
> > Louis' script failed to print out smb.conf (even though it exists
at
> > /etc/samba/smb.conf) and user.map, so here they are:
> > ---------- smb.conf -----------
> > [global]
> >
> > 	netbios name = pi4b
> > 	security = ADS
> > 	workgroup = SAMDOM
> > 	realm = SAMDOM.ORG
> >
> > 	# disable smb1
> > 	client min protocol = smb2_02
> > 	server min protocol = smb2_02
> >
> > 	log file = /var/log/samba/%m.log
> > 	log level = 1
> >
> > 	# to prevent "Address family not supported by protocol"
messages
> > (ipv6)
> > 	bind interfaces only = yes
> > 	interfaces = lo eth0
> >
> > 	dedicated keytab file = /etc/krb5.keytab
> > 	kerberos method = secrets and keytab
> > 	winbind refresh tickets = yes
> >
> > 	winbind use default domain = yes
> >
> > 	# Default idmap config used for BUILTIN and local
> > accounts/groups
> > 	idmap config * : backend = tdb
> > 	idmap config * : range = 2000-9999
> >
> > 	# idmap config for domain samdom
> > 	idmap config SAMDOM:backend = rid
> > 	idmap config SAMDOM:range = 10000-99999
> >
> > 	# next two lines for testing only - comment-out once working ok
> > #	winbind enum users = yes
> > #	winbind enum groups = yes
> >
> > 	template shell = /bin/bash
> > #	template homedir = /srv/samba/users/%U
> >
> > 	vfs objects = acl_xattr
> > 	map acl inherit = yes
> > 	store dos attributes = yes
> > 	username map = /etc/samba/user.map
> >
> > [images]
> > 	# for backup images made by Macrium Reflect
> > 	path = /srv/samba/images
> > 	read only = no
> > 	acl_xattr:ignore system acl = yes
> >
> > [downloads]
> > 	path = /srv/samba/downloads
> > 	read only = no
> > 	acl_xattr:ignore system acl = yes
> >
> > ---------------user.map --------------------
> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> > administrator
> >
> > Thanks in advance for any clues!
> >
> > Roy
Incidentally, I tried putting those two lines into smb.conf on pi-dc (also a
Raspberry Pi but model 3) and it too caused smbd to
fail.   So it's something specific to pi's

Thanks again, hope the above helps.
Roy

Hai Roy, 

Thanks for verifing it all. Im still amazed with this one. 
It all looks good to me, exept the missing PTR records then..  ;-) 

Ok last question here to both, now i have Raspbian and Debian Buster amhf on the
repo.
Rowland and Roy your both running Raspbian Buster correct? 
Its so strange Rowland his pi is running correct and Roy not.
There has to be a different. 

Im rulling out samba, of db corruptions.. Etc. 
Only thing is samba should not crash, we might like to have a loglevel 10 of
that.
And a bug report. Its a consistant crash of smbd so, reporting it would be nice
yes..

It im 100% sure its something withing the pi and the nic in combination off
raspbian or debian buster?
So, If you guys can confirm the os once again, who runs which one exactly. 


If your on Raspbian. 
Run : sudo raspi-config
Check what the state is of : Wait for Network at Boot. 

Is someone using something like this to reduce boot time? 
/etc/systemd/system/networking.service.d/reduce-timeout.conf 
[Service]
TimeoutStartSec=1

Roy, can you reboot the pi and send me the dmesg log and syslog 
I found some reports about "faulty" Pi mainboards also. 
Or can  you check it and look flipping networks.. 

Something like this:
[ 182.553342] bcmgenet fd580000.genet eth0: Link is Down
[ 182.553465] br0: port 1(eth0) entered disabled state
[ 185.673598] bcmgenet fd580000.genet eth0: Link is Up - 1Gbps/Full - flow
control rx/tx

(source: https://github.com/raspberrypi/linux/issues/3034#issuecomment-509709135
)

You can try to enable the network speed for the nic.. 


Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: Roy Eastwood [mailto:spindles7 at gmail.com] 
> Verzonden: dinsdag 4 februari 2020 22:26
> Aan: samba at lists.samba.org
> CC: 'L.P.H. van Belle'
> Onderwerp: RE: [Samba] smbd fails to start after upgrade to 
> version 4.11.6
> 
> Hi Loius, 
> 
>  
> > Roy,
> > 
> > Im still wondering what your problem might be/where its coming from.
> > But we know it's interface/network related, only thing is 
> Samba should not coredump.
> > 
> > So i had a good look below to see where im missing what.
> > And i dont see much to work with.
> > 
> > I have 2 possible options where, where a problem might be.
> > 
> > 1) samba start before network is online.
> > A possible workaround is add in all the samba services :
> > smbd.service nmbd.service winbind.service [Unit] 
> Wants=network-online.target After=network-online.target
> > 
> > systemctl edit smbd
> > systemctl edit nmbd
> > systemctl edit winbind
> > 
> > But, i dont think its that, because here (my setup) and 
> Rowland its pi are all working fine.
> 
> Tried the above, still the same.
> 
> > 
> > ( based on : open_sockets_smbd: No sockets available to 
> bind to. ) And google is also telling, most probely due to 
> starting and no
> > network up.
> > 
> > And/or, if your using the /etc/network/interfaces file, run this.
> > 
> https://raw.githubusercontent.com/thctlo/debian-scripts/master
> /setup-systemd-networkd.sh
> > Run it like this :
> > bash setup-systemd-networkd.sh member
> > Verify the files, and try to replace /etc/network/interfaces.
> > 
> > It creates the needes systemd networking files, they are 
> places in the folder where you run it.
> > It does NOT change anything, it shows what todo with the files.
> > 
> > It also might be an interface name thingy,, as Kris Lou mentions.
> > So run it and whats in the generated files.
> OK, here is the generated lan-member-dev-eth0.network file:
> #
> # This setup is for a Domain MEMBER server.
> # IPV4 only.
> [Match]
> Name=eth0
> 
> [Network]
> DHCP=no
> DNSSEC=allow-downgrade
> DNSSECNegativeTrustAnchors=lan
> IPv6PrivacyExtensions=no
> IPv6AcceptRouterAdvertisements=no
> LinkLocalAddressing=no
> LLMNR=no
> 
> # make use of systemd resolved and its setup, setup the 
> 'search dnsdomain.tld.'
> Domains=samdom.org
> 
> # lets make use of systemd-timedate and timesyncd for the 
> member servers.
> NTP=192.168.2.240 192.168.2.4 
> 
> # DNS resolvers (its safe to mix IPv4 and IPv6)
> # Max 3 DNS entries. ::1 or 127.0.0.1 if you use a cacheing dns.
> # If you use systemd-resolved stub (caching) dns, use 
> 127.0.0.53 (only)
> # Defaults to the AD-DC servers found in the dns.
> DNS=192.168.2.240 192.168.2.4 
> 
> # IPv4 gateway and primary IP address.
> Gateway=192.168.2.1
> Address=192.168.2.51/24
> 
> (note instructions have the name of the file wrong - it gave 
> it as lan-dev-eth0.network but it's actually called
> lan-member-dev-eth0.network)
> 
> I implemented the changes per the instructions, and the 
> result of timedatectl status:
> root at pi4b:~# timedatectl status
>                Local time: Tue 2020-02-04 20:49:50 GMT
>            Universal time: Tue 2020-02-04 20:49:50 UTC
>                  RTC time: n/a
>                 Time zone: Europe/London (GMT, +0000)
> System clock synchronized: no
>               NTP service: inactive
>           RTC in local TZ: no
> (was running chrony, which I disabled)
> 
> The result of networkctl status
> root at pi4b:~# networkctl status
> ?$B!|        State: routable
>        Address: 192.168.2.51 on eth0
>        Gateway: 192.168.2.1 on eth0
>            DNS: 192.168.2.240
>                 192.168.2.4
> Search Domains: samdom.org
>            NTP: 192.168.2.240
>                 192.168.2.4
> 
> The result of networkctl status eth0
> root at pi4b:~# networkctl status eth0
> ?$B!| 2: eth0
>        Link File: n/a
>     Network File: /etc/systemd/network/lan-member-dev-eth0.network
>             Type: ether
>            State: routable (configured)
>             Path: platform-fd580000.genet
>           Driver: bcmgenet
>       HW Address: dc:a6:32:17:3c:86
>          Address: 192.168.2.51
>          Gateway: 192.168.2.1
>              DNS: 192.168.2.240
>                   192.168.2.4
>   Search Domains: samdom.org
>              NTP: 192.168.2.240
>                   192.168.2.4
>     Connected To: n/a on port 38:2c:4a:72:cd:4e
> 
> At this point, I re-enabled the two lines in smb.conf:
> 	bind interfaces only = yes
> 	interfaces = lo eth0
> and re-booted the pi.
> 
> Still the same L smbd fails as systemctl status smbd shows:
> root at pi4b:~# systemctl status smbd
> ?$B!| smbd.service - Samba SMB Daemon
>    Loaded: loaded (/lib/systemd/system/smbd.service; enabled; 
> vendor preset: enabled)
>    Active: failed (Result: core-dump) since Tue 2020-02-04 
> 20:32:52 GMT; 22min ago
>      Docs: man:smbd(8)
>            man:samba(7)
>            man:smb.conf(5)
>   Process: 493 
> ExecStartPre=/usr/share/samba/update-apparmor-samba-profile 
> (code=exited, status=0/SUCCESS)
>   Process: 495 ExecStart=/usr/sbin/smbd --foreground 
> --no-process-group $SMBDOPTIONS (code=dumped, signal=ABRT)
>  Main PID: 495 (code=dumped, signal=ABRT)
>    Status: "smbd: ready to serve connections..."
> 
> Feb 04 20:32:51 pi4b smbd[495]:   open_sockets_smbd: No 
> sockets available to bind to.
> Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.952387,  
> 0] ../../source3/lib/util.c:824(smb_panic_s3)
> Feb 04 20:32:51 pi4b smbd[495]:   PANIC (pid 495): 
> open_sockets_smbd() failed
> Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953028,  
> 0] ../../lib/util/fault.c:265(log_stack_trace)
> Feb 04 20:32:51 pi4b smbd[495]:   BACKTRACE: 0 stack frames:
> Feb 04 20:32:51 pi4b smbd[495]: [2020/02/04 20:32:51.953292,  
> 0] ../../source3/lib/dumpcore.c:315(dump_core)
> Feb 04 20:32:51 pi4b smbd[495]:   dumping core in 
> /var/log/samba/cores/smbd
> Feb 04 20:32:51 pi4b smbd[495]:
> Feb 04 20:32:51 pi4b systemd[1]: smbd.service: Main process 
> exited, code=dumped, status=6/ABRT
> Feb 04 20:32:52 pi4b systemd[1]: smbd.service: Failed with 
> result 'core-dump'.
> 
> > 
> > 2) something is corrupt in samba database.
> > Lets hope not..
> So do I...
> > 
> > A check on the script, and based on the output you sended before.
> > Just to make the thread complete, so i have a backlog of it.
> > (Todo, make better output of errors or functions with empty values.)
> > 
> > > >
> > > >I would try and fix it first, can you download and run
> > > Louis's script:
> > > >https://github.com/thctlo/samba4/blob/master/samba-collect-de
> > bug-info.sh
> > > >Sanitise the output and post the output into a reply to this.
> > > >
> > > >Rowland
> > >
> > > OK:
> > > root at pi4b:~/scripts# ./samba-collect-debug-info.sh Please
wait,
> > > collecting debug info.
> > >
> > > Password for Administrator at SAMDOM.ORG:
> > > grep: : No such file or directory
> > 
> > Around line 144 in the script, which means its just not running.
> > 
> > > Load smb config files from /etc/samba/smb.conf Loaded 
> services file
> > > OK.
> > > Server role: ROLE_DOMAIN_MEMBER
> > >
> > > The debug info about your system can be found in this file:
> > > /tmp/samba-debug-info.txt
> > > --------------------  /tmp/samba-debug-info.txt ----------------
> > > Collected config  --- 2020-01-29-20:20 -----------
> > >
> > > Hostname: pi4b
> > > DNS Domain: samdom.org
> > > FQDN: pi4b.samdom.org
> > > ipaddress: 192.168.2.51
> > >
> > > -----------
> > >
> > > Kerberos SRV _kerberos._tcp.samdom.org record verified ok, sample
> > > output:
> > > Server:		192.168.2.240
> > > Address:	192.168.2.240#53
> > >
> > > _kerberos._tcp.samdom.org	service = 0 100 88 pi-dc.samdom.org.
> > > _kerberos._tcp.samdom.org	service = 0 100 88 tiger-db.samdom.org.
> > 
> > 2 AD-DC's are detected.
> > Can you verify these with
> > dig -x $(host pi-dc.samdom.org|awk '{ print $NF }' ) 
> Yes:
> dig -x $(host pi-dc.samdom.org| awk '{ print $NF }' )
> 
> ; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x
192.168.2.4
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38893
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, 
> ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 91bfcfed9ef46a69b34989825e39d6f6ba0f2712ec8869cd (good)
> ;; QUESTION SECTION:
> ;4.2.168.192.in-addr.arpa.      IN      PTR
> 
> ;; AUTHORITY SECTION:
> 2.168.192.in-addr.arpa. 3600    IN      SOA     
> tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600
> 
> ;; Query time: 5 msec
> ;; SERVER: 192.168.2.240#53(192.168.2.240)
> ;; WHEN: Tue Feb 04 20:41:12 GMT 2020
> ;; MSG SIZE  rcvd: 150
> 
> > dig -x $(host tiger-db.samdom.org|awk '{ print $NF }' )
> root at pi4b:~# dig -x $(host tiger-db.samdom.org| awk '{ print $NF
}' )
> 
> ; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> -x
192.168.2.240
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34146
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, 
> ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: a3f680e54e3e81ee6c73adda5e39d772d9dceedb83ef6bb2 (good)
> ;; QUESTION SECTION:
> ;240.2.168.192.in-addr.arpa.    IN      PTR
> 
> ;; AUTHORITY SECTION:
> 2.168.192.in-addr.arpa. 3600    IN      SOA     
> tiger-db.samdom.org. hostmaster.samdom.org. 11 900 600 86400 3600
> 
> ;; Query time: 3 msec
> ;; SERVER: 192.168.2.240#53(192.168.2.240)
> ;; WHEN: Tue Feb 04 20:43:16 GMT 2020
> ;; MSG SIZE  rcvd: 152
> > host $(hostname -d)
> root at pi4b:~# host $(hostname -d)
> samdom.org has address 192.168.2.4
> samdom.org has address 192.168.2.240
> > 
> > > Samba is not being run as a DC or a Unix domain member.
> > 
> > Line 157-159 so, because samba isnt running the script 
> error on these parts.
> > 
> > Just to make sure its not coming from fault DNS records.
> > 
> > >
> > > -----------
> > >        Checking file: /etc/os-release
> > >
> > > PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
> > > NAME="Raspbian GNU/Linux"
> > > VERSION_ID="10"
> > > VERSION="10 (buster)"
> > > VERSION_CODENAME=buster
> > > ID=raspbian
> > > ID_LIKE=debian
> > > HOME_URL="http://www.raspbian.org/"
> > > SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
> > > BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
> > >
> > > -----------
> > >
> > >
> > > This computer is running Debian 10.2 armv7l
> > >
> > > -----------
> > > running command : ip a
> > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue 
> state UNKNOWN
> > > group default qlen 1000
> > >     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > >     inet 127.0.0.1/8 scope host lo
> > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc 
> mq state UP
> > > group default qlen 1000
> > >     link/ether dc:a6:32:17:3c:86 brd ff:ff:ff:ff:ff:ff
> > >     inet 192.168.2.51/24 brd 192.168.2.255 scope global eth0
> > > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state 
> DOWN group
> > > default qlen 1000
> > >     link/ether dc:a6:32:17:3c:87 brd ff:ff:ff:ff:ff:ff
> > >
> > > -----------
> > >        Checking file: /etc/hosts
> > >
> > > 127.0.0.1	localhost
> > > ::1		localhost ip6-localhost ip6-loopback
> > > ff02::1		ip6-allnodes
> > > ff02::2		ip6-allrouters
> > >
> > > 192.168.2.51	pi4b.samdom.org	pi4b
> > >
> > > -----------
> > >
> > >        Checking file: /etc/resolv.conf
> > >
> > > search samdom.org
> > > nameserver 192.168.2.240
> > > nameserver 192.168.2.4
> > >
> > > -----------
> > >
> > >        Checking file: /etc/krb5.conf
> > >
> > > [libdefaults]
> > > 	default_realm = samdom.org
> > > 	dns_lookup_realm = false
> > > 	dns_lookup_kdc = true
> > >
> > > -----------
> > I cant see it but UPPERCASE SAMDOM.ORG in REALM 
> dnsdomains.tld REALMS.TLD It just prevents small errors in 
> combination with
> > othere software.
> 
> Yes, can confirm that the realm was in UPPERCASE - the copy 
> sent to the list was sanitised and got changed to lowercase in the
> process.
> > 
> > 
> > >
> > >        Checking file: /etc/nsswitch.conf
> > >
> > > # /etc/nsswitch.conf
> > > #
> > > # Example configuration of GNU Name Service Switch functionality.
> > > # If you have the `glibc-doc-reference' and `info'
packages
> > > installed, try:
> > > # `info libc "Name Service Switch"' for information
about
> this file.
> > >
> > > passwd:         files winbind
> > > group:          files winbind
> > > shadow:         files
> > > gshadow:        files
> > >
> > > hosts:          files mdns4_minimal [NOTFOUND=return] dns
> > > networks:       files
> > >
> > > protocols:      db files
> > > services:       db files
> > > ethers:         db files
> > > rpc:            db files
> > >
> > > netgroup:       nis
> > >
> > > -----------
> > >
> > >     Warning,  does not exist
> > 
> > This is around line 300.
> > Where i think the " " is the missing file and this is
> > Or : Check_file_exists "${SMBCONF}"  which whould be
strange.
> > So i think its :
> > This line in the script.
> > Check_file_exists /etc/idmapd.conf
> > Can you check that, its just to make sure where i need to 
> add parts in the script.
> The file exists:
> root at pi4b:~# ls -l /etc/idmapd.conf
> -rw-r--r-- 1 root root 206 Apr  6  2019 /etc/idmapd.conf
> 
> Interestingly, I just re-ran your script and it ran OK this 
> time, including smb.conf and user.map.     Obviously 
> something changed -
> perhaps all these tweaks changed something?
> 
> > 
> > 
> > >
> > > -----------
> > >
> > >
> > > Installed packages:
> > > ii  acl                                   2.2.53-4
> > > armhf        access control list - utilities
> > > ii  attr                                  1:2.4.48-4
> > > armhf        utilities for manipulating filesystem 
> extended attributes
> > > ii  fonts-quicksand                       0.2016-2
> > > all          sans-serif font with round attributes
> > > ii  krb5-config                           2.6
> > > all          Configuration files for Kerberos Version 5
> > > ii  krb5-user                             1.17-3
> > > armhf        basic programs to authenticate using MIT Kerberos
> > > ii  libacl1:armhf                         2.2.53-4
> > > armhf        access control list - shared library
> > > ii  libattr1:armhf                        1:2.4.48-4
> > > armhf        extended attribute handling - shared library
> > > ii  libgssapi-krb5-2:armhf                1.17-3
> > > armhf        MIT Kerberos runtime libraries - krb5 
> GSS-API Mechanism
> > > ii  libkrb5-3:armhf                       1.17-3
> > > armhf        MIT Kerberos runtime libraries
> > > ii  libkrb5support0:armhf                 1.17-3
> > > armhf        MIT Kerberos runtime libraries - Support library
> > > ii  libnss-winbind:armhf                  
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba nameservice integration plugins
> > > ii  libpam-krb5:armhf                     4.8-2
> > > armhf        PAM module for MIT Kerberos
> > > ii  libpam-winbind:armhf                  
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Windows domain authentication integration plugin
> > > ii  libsmbclient:armhf                    
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        shared library for communication with 
> SMB/CIFS servers
> > > ii  libwbclient0:armhf                    
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba winbind client library
> > > ii  node-tweetnacl                        0.14.5+dfsg-3
> > > all          Port of TweetNaCl cryptographic library to
JavaScript
> > > ii  python3-samba                         
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Python 3 bindings for Samba
> > > ii  samba                                 
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        SMB/CIFS file, print, and login server for Unix
> > > ii  samba-common                          
> 2:4.11.6+dfsg-0.1raspbian1
> > > all          common files used by both the Samba server and
client
> > > ii  samba-common-bin                      
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba common files used by both the server 
> and the client
> > > ii  samba-dsdb-modules:armhf              
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba Directory Services Database
> > > ii  samba-libs:armhf                      
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba core libraries
> > > ii  samba-vfs-modules:armhf               
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        Samba Virtual FileSystem plugins
> > > ii  smbclient                             
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        command-line SMB/CIFS clients for Unix
> > > ii  vlc-plugin-samba:armhf                3.0.8-0+deb10u1+rpt7
> > > armhf        Samba plugin for VLC
> > > ii  winbind                               
> 2:4.11.6+dfsg-0.1raspbian1
> > > armhf        service to resolve user and group information
> > > from Windows NT
> > > servers
> > >
> > > -----------
> > >
> > > Louis' script failed to print out smb.conf (even though 
> it exists at
> > > /etc/samba/smb.conf) and user.map, so here they are:
> > > ---------- smb.conf -----------
> > > [global]
> > >
> > > 	netbios name = pi4b
> > > 	security = ADS
> > > 	workgroup = SAMDOM
> > > 	realm = SAMDOM.ORG
> > >
> > > 	# disable smb1
> > > 	client min protocol = smb2_02
> > > 	server min protocol = smb2_02
> > >
> > > 	log file = /var/log/samba/%m.log
> > > 	log level = 1
> > >
> > > 	# to prevent "Address family not supported by
protocol" messages
> > > (ipv6)
> > > 	bind interfaces only = yes
> > > 	interfaces = lo eth0
> > >
> > > 	dedicated keytab file = /etc/krb5.keytab
> > > 	kerberos method = secrets and keytab
> > > 	winbind refresh tickets = yes
> > >
> > > 	winbind use default domain = yes
> > >
> > > 	# Default idmap config used for BUILTIN and local
> > > accounts/groups
> > > 	idmap config * : backend = tdb
> > > 	idmap config * : range = 2000-9999
> > >
> > > 	# idmap config for domain samdom
> > > 	idmap config SAMDOM:backend = rid
> > > 	idmap config SAMDOM:range = 10000-99999
> > >
> > > 	# next two lines for testing only - comment-out once working ok
> > > #	winbind enum users = yes
> > > #	winbind enum groups = yes
> > >
> > > 	template shell = /bin/bash
> > > #	template homedir = /srv/samba/users/%U
> > >
> > > 	vfs objects = acl_xattr
> > > 	map acl inherit = yes
> > > 	store dos attributes = yes
> > > 	username map = /etc/samba/user.map
> > >
> > > [images]
> > > 	# for backup images made by Macrium Reflect
> > > 	path = /srv/samba/images
> > > 	read only = no
> > > 	acl_xattr:ignore system acl = yes
> > >
> > > [downloads]
> > > 	path = /srv/samba/downloads
> > > 	read only = no
> > > 	acl_xattr:ignore system acl = yes
> > >
> > > ---------------user.map --------------------
> > > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> > > administrator
> > >
> > > Thanks in advance for any clues!
> > >
> > > Roy
> 
> Incidentally, I tried putting those two lines into smb.conf 
> on pi-dc (also a Raspberry Pi but model 3) and it too caused smbd to
> fail.   So it's something specific to pi's
> 
> Thanks again, hope the above helps.
> Roy
> 
>

Hi Louis,
> Hai Roy,
> 
> Thanks for verifing it all. Im still amazed with this one.
> It all looks good to me, exept the missing PTR records then..  ;-)
> 
> Ok last question here to both, now i have Raspbian and Debian Buster amhf
on the repo.
> Rowland and Roy your both running Raspbian Buster correct?
> Its so strange Rowland his pi is running correct and Roy not.
> There has to be a different.
> 
> Im rulling out samba, of db corruptions.. Etc.
> Only thing is samba should not crash, we might like to have a loglevel 10
of that.
> And a bug report. Its a consistant crash of smbd so, reporting it would be
nice yes..
> 
> It im 100% sure its something withing the pi and the nic in combination off
raspbian or debian buster?
> So, If you guys can confirm the os once again, who runs which one exactly.
> 
> 
> If your on Raspbian.
> Run : sudo raspi-config
> Check what the state is of : Wait for Network at Boot.
It is set to "No"
> 
> Is someone using something like this to reduce boot time?
> /etc/systemd/system/networking.service.d/reduce-timeout.conf
> [Service]
> TimeoutStartSec=1
I'm not.
> Roy, can you reboot the pi and send me the dmesg log and syslog I found
some reports about "faulty" Pi mainboards also.
> Or can  you check it and look flipping networks..
> 
> Something like this:
> [ 182.553342] bcmgenet fd580000.genet eth0: Link is Down
> [ 182.553465] br0: port 1(eth0) entered disabled state
> [ 185.673598] bcmgenet fd580000.genet eth0: Link is Up - 1Gbps/Full - flow
control rx/tx
> 
Yes the first and third lines appear in both dmesg and syslog files - attached
for you only if you need to look deeper (not the
list) - but not the middle line.
> (source:
https://github.com/raspberrypi/linux/issues/3034#issuecomment-509709135 )
> 
> You can try to enable the network speed for the nic..
> 
> 
> Greetz,
> 
> Louis
> 
Cheers,
Roy
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dmesg.txt
URL:
<http://lists.samba.org/pipermail/samba/attachments/20200205/3a57c11b/dmesg.txt>

Hai Roy, 

I had a good look and most look ok, not much exiting going on but still a few
points.
>From teh logs. 

Feb  5 08:41:48 pi4b ifup[303]: ifup: couldn't open interfaces file
"/etc/network/interfaces": No such file or directory
So re-create the file with the folling content, : /etc/network/interfaces   And
add :
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

( these are only the defaults )..


Feb  5 08:41:48 pi4b systemd-udevd[157]: Process '/usr/sbin/th-cmd --socket
/var/run/thd.socket --passfd --udev' failed with exit code 1.
- Possible fix(es) read :  https://bbs.archlinux.org/viewtopic.php?id=220315 


systemd[1]: Listening on Avahi mDNS/DNS-SD Stack Activation Socket. 
- So make sure nsswitch.conf the mDNS part is at the end of the line. 


Feb  5 08:41:48 pi4b systemd-networkd[155]: eth0: Gained carrier
Feb  5 08:41:48 pi4b systemd-networkd[155]: eth0: Configured
Feb  5 08:41:48 pi4b systemd-networkd-wait-online[181]: ignoring: lo
- Ok, to network configures ok. And i notice  
Feb  5 08:41:48 pi4b systemd-udevd[178]: link_config: autonegotiation is unset
or enabled, the speed and duplex are not writable.
- Setting it might speed up the boot process a bit but as shown network works
fine.


Failed to open /etc/resolv.conf: Invalid argument  ( typo somewhere? ) 
Check the content. 

Feb  5 08:41:48 pi4b avahi-daemon[340]: Failed to open /etc/resolv.conf: Invalid
argument
Feb  5 08:41:48 pi4b avahi-daemon[340]: socket() failed: Address family not
supported by protocol
Need something, i dont know but reduce the resolv.conf to
search some.dom.tld 
nameserver ip_ad_dc1  
nameserver ip_ad_dc2
nameserver ip_internet_DNS

Feb  5 08:41:48 pi4b rpc.svcgssd[320]: unable to obtain root (machine)
credentials
Feb  5 08:41:48 pi4b rpc.svcgssd[320]: do you have a keytab entry for
nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
Your missing the nfs SPNs in the keytab file but, i dont know if you use it. 

So above point are or might not  problem related, but i would fix them. 
Why i like clean server boots without errors, it just helps.. 

I see HEVC support in the Pi4 thats nice, anyone running kodi on raspbian, if
so.. :-)
I would like to know the experiance with it. 
If its good, i'll get myself a pi4 also, since i need to replace my old
player with ani915GMA GPU .
:-) 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Roy Eastwood [mailto:spindles7 at gmail.com] 
> Verzonden: woensdag 5 februari 2020 10:00
> Aan: 'L.P.H. van Belle'; samba at lists.samba.org
> Onderwerp: RE: [Samba] smbd fails to start after upgrade to 
> version 4.11.6
> 
> Hi Louis,
> > Hai Roy,
> > 
> > Thanks for verifing it all. Im still amazed with this one.
> > It all looks good to me, exept the missing PTR records then..  ;-)
> > 
> > Ok last question here to both, now i have Raspbian and 
> Debian Buster amhf on the repo.
> > Rowland and Roy your both running Raspbian Buster correct?
> > Its so strange Rowland his pi is running correct and Roy not.
> > There has to be a different.
> > 
> > Im rulling out samba, of db corruptions.. Etc.
> > Only thing is samba should not crash, we might like to have 
> a loglevel 10 of that.
> > And a bug report. Its a consistant crash of smbd so, 
> reporting it would be nice yes..
> > 
> > It im 100% sure its something withing the pi and the nic in 
> combination off raspbian or debian buster?
> > So, If you guys can confirm the os once again, who runs 
> which one exactly.
> > 
> > 
> > If your on Raspbian.
> > Run : sudo raspi-config
> > Check what the state is of : Wait for Network at Boot.
> It is set to "No"
> 
> > 
> > Is someone using something like this to reduce boot time?
> > /etc/systemd/system/networking.service.d/reduce-timeout.conf
> > [Service]
> > TimeoutStartSec=1
> I'm not.
> 
> > Roy, can you reboot the pi and send me the dmesg log and 
> syslog I found some reports about "faulty" Pi mainboards also.
> > Or can  you check it and look flipping networks..
> > 
> > Something like this:
> > [ 182.553342] bcmgenet fd580000.genet eth0: Link is Down
> > [ 182.553465] br0: port 1(eth0) entered disabled state
> > [ 185.673598] bcmgenet fd580000.genet eth0: Link is Up - 
> 1Gbps/Full - flow control rx/tx
> > 
> Yes the first and third lines appear in both dmesg and syslog 
> files - attached for you only if you need to look deeper (not the
> list) - but not the middle line.
> 
> > (source: 
> https://github.com/raspberrypi/linux/issues/3034#issuecomment-
> 509709135 )
> > 
> > You can try to enable the network speed for the nic..
> > 
> > 
> > Greetz,
> > 
> > Louis
> > 
> 
> Cheers,
> Roy
>