Edouard Guigné
2020-Apr-28 15:25 UTC
[Samba] Service Winbind stopped, what could be the reason ?
Dear Rowland,
Please find a dump of smb.conf and resolv.conf of my centos 7 server :
# testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
client min protocol = SMB2
client signing = required
disable spoolss = Yes
domain master = No
kerberos method = secrets and keytab
load printers = No
local master = No
log file = /var/log/samba/%m.log
preferred master = No
printcap name = /dev/null
realm = MYAD.MYDOMAIN.FR
security = ADS
server min protocol = SMB2_02
server signing = required
winbind nss info = rfc2307
winbind use default domain = Yes
workgroup = IPGAD
idmap config ipgad : unix_primary_group = yes
idmap config ipgad : unix_nss_info = yes
idmap config ipgad : range = 10000 - 14999
idmap config ipgad : schema_mode = rfc2307
idmap config ipgad : backend = ad
idmap config * : range = 15000-99999
idmap config * : backend = tdb
cups options = raw
hosts allow = 127. 10.9.8. 10.9.7. 10.9.2. 10.9.4. 10.9.5.
hosts deny = 10.9.9. 10.9.10.
map acl inherit = Yes
use sendfile = Yes
vfs objects = acl_xattr
[groups]
comment = jaguar2
path = /var/datashared
read only = No
valid users = "@MYAD\utilisateurs du domaine"
vfs objects = acl_xattr streams_xattr shadow_copy2
shadow:format = daily_%Y.%m.%d-%H.%M.%S
shadow:localtime = yes
shadow:sort = desc
shadow:basedir = /var/datashared
shadow:snapdir = /data/datashared/snapshots
[homes]
browseable = No
comment = Home Directories
create mask = 0700
directory mask = 0700
hide files = /~*.tmp/profile/desktop.ini/~$*/
path = /home
read only = No
valid users = %S
[printers]
browseable = No
comment = All Printers
create mask = 0600
path = /var/tmp
printable = Yes
[print$]
comment = Printer Drivers
create mask = 0664
directory mask = 0775
path = /var/lib/samba/drivers
write list = root
# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.9.x.xx1
nameserver 10.9.x.xx2
10.9.x.xx1 is the ip of first domain controler, 10.9.x.xx2 is the ip of the
second domain controler.
I notice that "domain" is not mentioned in resolv.conf ; so domain
machine by short hostname is not possible for this reason ?
Best Regards,
Ed
----- Mail original -----
De: "sambalist" <samba at lists.samba.org>
?: "sambalist" <samba at lists.samba.org>
Envoy?: Mardi 28 Avril 2020 12:08:44
Objet: Re: [Samba] Service Winbind stopped, what could be the reason ?
On 28/04/2020 15:35, Edouard Guign? via samba wrote:> Hello dear Samba users,
>
> I recently faced an issue with samba (4.10.4) and winbind.
> The winbind service was stopped, so no user can acces to my samba share.
> I restart the winbind service, and all users can access to the share as
usually...
> But I would like to understand why this issue occured.
>
> My samba server is a centos 7 linux, configured as domain member to a
microsoft AD (windows server 2012 R2).
> All services (samba, winbind) are in automatic, started with linux start,
and should always remained started.
>
> In winbindd.log, there are many entries like :
> [2020/04/27 08:20:14.167335, 1] ../source3/lib/util.c:1700(name_to_fqdn)
> getaddrinfo: ?chec temporaire dans la r?solution du nom
>
> On my Centos 7 samba server, the DNS resolution works only for fulled
qualified name :
> ping workstation1
> ping: workstation1 : ?chec temporaire dans la r?solution du nom
> but
> ping workstation1.mydomain.fr
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=1 ttl=127
time=1.58 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=2 ttl=127
time=1.33 ms
> 64 bytes from workstation1!.mydomain.fr (10.9.x.x): icmp_seq=3 ttl=127
time=1.04 ms
>
> Can it be the explanation why winbind has stopped ?
>
> Do I have to add "domain=mydomain.fr" in
/etc/sysconfig/network-scripts/ifcfg-eth0 of my centos 7 server network adapter
?
> May it help Winbind for DNS resolving ?
>
> Best Regards,
> Ed
Please post your smb.conf and /etc/resolv.conf
You must be able to ping any domain machine by short hostname, FQDN or IP.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
2020-Apr-28 16:11 UTC
[Samba] Service Winbind stopped, what could be the reason ?
On 28/04/2020 16:25, Edouard Guign? wrote:> Dear Rowland, > > Please find a dump of smb.conf and resolv.conf of my centos 7 server : >Nothing really wrong in your smb.conf, except: ??????? winbind nss info = rfc2307 That isn't used any more. ?????? cups options = raw You have turned printing off ??????? valid users = "@MYAD\utilisateurs du domaine" Your workgroup is 'IPGAD' so 'MYAD' should be 'IPGAD', but even better would be to set the permissions from windows. Your major problem is your resolv.conf, it should have a line: search myad.mydomain.fr I take it that your computer gets its dns info via DHCP, so you need to find out how to ensure that network manager creates that line in resolv.conf. Rowland
Edouard Guigné
2020-Apr-28 16:43 UTC
[Samba] Service Winbind stopped, what could be the reason ?
Hello, Thank you Rowland, Yes, I wanted to anonymize smb.conf and missed to change IPGAD in MYAD on some lines, sorry Does "winbind nss info = rfc2307" is not used anymore, because of "idmap config ipgad : schema_mode = rfc2307" ? Best Regards, Ed ----- Mail original ----- De: "sambalist" <samba at lists.samba.org> ?: "sambalist" <samba at lists.samba.org> Envoy?: Mardi 28 Avril 2020 13:11:11 Objet: Re: [Samba] Service Winbind stopped, what could be the reason ? On 28/04/2020 16:25, Edouard Guign? wrote:> Dear Rowland, > > Please find a dump of smb.conf and resolv.conf of my centos 7 server : >Nothing really wrong in your smb.conf, except: ??????? winbind nss info = rfc2307 That isn't used any more. ?????? cups options = raw You have turned printing off ??????? valid users = "@MYAD\utilisateurs du domaine" Your workgroup is 'IPGAD' so 'MYAD' should be 'IPGAD', but even better would be to set the permissions from windows. Your major problem is your resolv.conf, it should have a line: search myad.mydomain.fr I take it that your computer gets its dns info via DHCP, so you need to find out how to ensure that network manager creates that line in resolv.conf. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Edouard Guigné
2020-Apr-30 14:11 UTC
[Samba] Service Winbind stopped, what could be the reason ?
Hello Rowland, I had a look on message log, when the winbind stopped. I found that an system update occured during the night, and then Winbind did not restart properly. ... /Apr 28 04:33:08 [localhost] yum[1232]: Mis ? jour?: samba-winbind-clients.x86_64 4.10.4-10.el7// //Apr 28 04:33:08 [localhost] yum[1232]: Mis ? jour?: samba-winbind-krb5-locator.x86_64 4.10.4-10.el7// //Apr 28 04:33:09 [localhost] yum[1232]: Mis ? jour?: samba.x86_64 4.10.4-10.el7/ ... /Apr 28 08:07:53 [localhost] systemd-logind: New session 79900 of user root.// //Apr 28 08:08:26 [localhost] systemd: Starting Samba SMB Daemon...// //Apr 28 08:08:26 [localhost] smbd[4611]: [2020/04/28 08:08:26.248346,? 0] ../../lib/util/become_daemon.c:136(daemon_ready)// //Apr 28 08:08:26 [localhost] smbd[4611]:? daemon_ready: daemon 'smbd' finished starting up and ready to serve connections// //Apr 28 08:08:26 [localhost] systemd: Started Samba SMB Daemon.// /*/Apr 28 08:08:51 [localhost] smbd[4625]: [2020/04/28 08:08:51.228010,? 0] ../../source3/auth/auth_winbind.c:122(check_winbind_security)/**/ /**/Apr 28 08:08:51 [localhost] smbd[4625]: check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS/**/ /**/Apr 28 08:08:51 [localhost] smbd[4626]: [2020/04/28 08:08:51.251448,? 0] ../../source3/auth/auth_winbind.c:122(check_winbind_security)/**/ /**/Apr 28 08:08:51 [localhost] smbd[4626]: check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS/* ... When I restarted Winbind : /Apr 28 08:15:01 [localhost] systemd: Started Session 79902 of user root.// //Apr 28 08:15:18 [localhost] systemd: Stopping Samba Winbind Daemon...// //Apr 28 08:15:18 [localhost] winbindd[3915]: [2020/04/28 08:15:18.356936,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[3915]:? Got sig[15] terminate (is_parent=1)// //Apr 28 08:15:18 [localhost] winbindd[4084]: [2020/04/28 08:15:18.357134,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[4084]:? Got sig[15] terminate (is_parent=0)// //Apr 28 08:15:18 [localhost] winbindd[4279]: [2020/04/28 08:15:18.357085,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[4279]:? Got sig[15] terminate (is_parent=0)// //Apr 28 08:15:18 [localhost] winbindd[4082]: [2020/04/28 08:15:18.368710,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[4082]:? Got sig[15] terminate (is_parent=0)// //Apr 28 08:15:18 [localhost] winbindd[4022]: [2020/04/28 08:15:18.357031,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[4022]:? Got sig[15] terminate (is_parent=0)// //Apr 28 08:15:18 [localhost] winbindd[4075]: [2020/04/28 08:15:18.371589,? 0] ../source3/winbindd/winbindd.c:239(winbindd_sig_term_handler)// //Apr 28 08:15:18 [localhost] winbindd[4075]:? Got sig[15] terminate (is_parent=0)// //Apr 28 08:15:18 [localhost] systemd: Stopped Samba Winbind Daemon.// //Apr 28 08:15:18 [localhost] systemd: Starting Samba Winbind Daemon...// //Apr 28 08:15:18 [localhost] winbindd[4731]: [2020/04/28 08:15:18.896997,? 0] ../../source3/winbindd/winbindd_cache.c:3166(initialize_winbindd_cache)// //Apr 28 08:15:18 [localhost] winbindd[4731]: initialize_winbindd_cache: clearing cache and re-creating with version number 2// //Apr 28 08:15:18 [localhost] winbindd[4731]: [2020/04/28 08:15:18.915444,? 0] ../../lib/util/become_daemon.c:136(daemon_ready)// //Apr 28 08:15:18 [localhost] winbindd[4731]:? daemon_ready: daemon 'winbindd' finished starting up and ready to serve connections// //Apr 28 08:15:18 [localhost] systemd: Started Samba Winbind Daemon./ Can it sometimes happen that winbind do not restart properly after automatic system update ? Best regards, Ed Le 28/04/2020 ? 13:11, Rowland penny via samba a ?crit?:> On 28/04/2020 16:25, Edouard Guign? wrote: >> Dear Rowland, >> >> Please find a dump of smb.conf and resolv.conf of my centos 7 server : >> > Nothing really wrong in your smb.conf, except: > > ??????? winbind nss info = rfc2307 > > That isn't used any more. > > ?????? cups options = raw > > You have turned printing off > > ??????? valid users = "@MYAD\utilisateurs du domaine" > > Your workgroup is 'IPGAD' so 'MYAD' should be 'IPGAD', but even better > would be to set the permissions from windows. > > Your major problem is your resolv.conf, it should have a line: > > search myad.mydomain.fr > > I take it that your computer gets its dns info via DHCP, so you need > to find out how to ensure that network manager creates that line in > resolv.conf. > > Rowland > > >