samba - Apr 2020 - Service Winbind stopped, what could be the reason ?

Hello dear Samba users, 

I recently faced an issue with samba (4.10.4) and winbind. 
The winbind service was stopped, so no user can acces to my samba share. 
I restart the winbind service, and all users can access to the share as
usually...
But I would like to understand why this issue occured. 

My samba server is a centos 7 linux, configured as domain member to a microsoft
AD (windows server 2012 R2).
All services (samba, winbind) are in automatic, started with linux start, and
should always remained started.

In winbindd.log, there are many entries like : 
[2020/04/27 08:20:14.167335, 1] ../source3/lib/util.c:1700(name_to_fqdn) 
getaddrinfo: ?chec temporaire dans la r?solution du nom 

On my Centos 7 samba server, the DNS resolution works only for fulled qualified
name :
ping workstation1 
ping: workstation1 : ?chec temporaire dans la r?solution du nom 
but 
ping workstation1.mydomain.fr 
64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=1 ttl=127 time=1.58
ms
64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=2 ttl=127 time=1.33
ms
64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=3 ttl=127 time=1.04
ms

Can it be the explanation why winbind has stopped ? 

Do I have to add "domain=mydomain.fr" in
/etc/sysconfig/network-scripts/ifcfg-eth0 of my centos 7 server network adapter
?
May it help Winbind for DNS resolving ? 

Best Regards, 
Ed

On 28/04/2020 15:35, Edouard Guign? via samba wrote:
> Hello dear Samba users,
>
> I recently faced an issue with samba (4.10.4) and winbind.
> The winbind service was stopped, so no user can acces to my samba share.
> I restart the winbind service, and all users can access to the share as
usually...
> But I would like to understand why this issue occured.
>
> My samba server is a centos 7 linux, configured as domain member to a
microsoft AD (windows server 2012 R2).
> All services (samba, winbind) are in automatic, started with linux start,
and should always remained started.
>
> In winbindd.log, there are many entries like :
> [2020/04/27 08:20:14.167335, 1] ../source3/lib/util.c:1700(name_to_fqdn)
> getaddrinfo: ?chec temporaire dans la r?solution du nom
>
> On my Centos 7 samba server, the DNS resolution works only for fulled
qualified name :
> ping workstation1
> ping: workstation1 : ?chec temporaire dans la r?solution du nom
> but
> ping workstation1.mydomain.fr
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=1 ttl=127
time=1.58 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=2 ttl=127
time=1.33 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=3 ttl=127
time=1.04 ms
>
> Can it be the explanation why winbind has stopped ?
>
> Do I have to add "domain=mydomain.fr" in
/etc/sysconfig/network-scripts/ifcfg-eth0 of my centos 7 server network adapter
?
> May it help Winbind for DNS resolving ?
>
> Best Regards,
> Ed
Please post your smb.conf and /etc/resolv.conf

You must be able to ping any domain machine by short hostname, FQDN or IP.

Rowland

Dear Rowland,

Please find a dump of smb.conf and resolv.conf of my centos 7 server :

# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
        client min protocol = SMB2
        client signing = required
        disable spoolss = Yes
        domain master = No
        kerberos method = secrets and keytab
        load printers = No
        local master = No
        log file = /var/log/samba/%m.log
        preferred master = No
        printcap name = /dev/null
        realm = MYAD.MYDOMAIN.FR
        security = ADS
        server min protocol = SMB2_02
        server signing = required
        winbind nss info = rfc2307
        winbind use default domain = Yes
        workgroup = IPGAD
        idmap config ipgad : unix_primary_group = yes
        idmap config ipgad : unix_nss_info = yes
        idmap config ipgad : range = 10000 - 14999
        idmap config ipgad : schema_mode = rfc2307
        idmap config ipgad : backend = ad
        idmap config * : range = 15000-99999
        idmap config * : backend = tdb
        cups options = raw
        hosts allow = 127. 10.9.8. 10.9.7. 10.9.2. 10.9.4. 10.9.5.
        hosts deny = 10.9.9. 10.9.10.
        map acl inherit = Yes
        use sendfile = Yes
        vfs objects = acl_xattr


[groups]
        comment = jaguar2
        path = /var/datashared
        read only = No
        valid users = "@MYAD\utilisateurs du domaine"
        vfs objects = acl_xattr streams_xattr shadow_copy2
        shadow:format = daily_%Y.%m.%d-%H.%M.%S
        shadow:localtime = yes
        shadow:sort = desc
        shadow:basedir = /var/datashared
        shadow:snapdir = /data/datashared/snapshots


[homes]
        browseable = No
        comment = Home Directories
        create mask = 0700
        directory mask = 0700
        hide files = /~*.tmp/profile/desktop.ini/~$*/
        path = /home
        read only = No
        valid users = %S


[printers]
        browseable = No
        comment = All Printers
        create mask = 0600
        path = /var/tmp
        printable = Yes


[print$]
        comment = Printer Drivers
        create mask = 0664
        directory mask = 0775
        path = /var/lib/samba/drivers
        write list = root

# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.9.x.xx1
nameserver 10.9.x.xx2

10.9.x.xx1 is the ip of first domain controler, 10.9.x.xx2 is the ip of the
second domain controler.

I notice that "domain" is not mentioned in resolv.conf ; so domain
machine by short hostname is not possible for this reason ?

Best Regards,
Ed

----- Mail original -----
De: "sambalist" <samba at lists.samba.org>
?: "sambalist" <samba at lists.samba.org>
Envoy?: Mardi 28 Avril 2020 12:08:44
Objet: Re: [Samba] Service Winbind stopped, what could be the reason ?

On 28/04/2020 15:35, Edouard Guign? via samba wrote:
> Hello dear Samba users,
>
> I recently faced an issue with samba (4.10.4) and winbind.
> The winbind service was stopped, so no user can acces to my samba share.
> I restart the winbind service, and all users can access to the share as
usually...
> But I would like to understand why this issue occured.
>
> My samba server is a centos 7 linux, configured as domain member to a
microsoft AD (windows server 2012 R2).
> All services (samba, winbind) are in automatic, started with linux start,
and should always remained started.
>
> In winbindd.log, there are many entries like :
> [2020/04/27 08:20:14.167335, 1] ../source3/lib/util.c:1700(name_to_fqdn)
> getaddrinfo: ?chec temporaire dans la r?solution du nom
>
> On my Centos 7 samba server, the DNS resolution works only for fulled
qualified name :
> ping workstation1
> ping: workstation1 : ?chec temporaire dans la r?solution du nom
> but
> ping workstation1.mydomain.fr
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=1 ttl=127
time=1.58 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=2 ttl=127
time=1.33 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=3 ttl=127
time=1.04 ms
>
> Can it be the explanation why winbind has stopped ?
>
> Do I have to add "domain=mydomain.fr" in
/etc/sysconfig/network-scripts/ifcfg-eth0 of my centos 7 server network adapter
?
> May it help Winbind for DNS resolving ?
>
> Best Regards,
> Ed
Please post your smb.conf and /etc/resolv.conf

You must be able to ping any domain machine by short hostname, FQDN or IP.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba