Mani Wieser
2021-Aug-31 09:42 UTC
[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
On 31.08.2021 11:08, L.P.H. van Belle via samba wrote:> [Service] > # Temp fix ad-dc : reception only permitted for main PID > NotifyAccess=allI can confirm a noise less restart of samba version 4.14.7-Debian (bullseye) Mani
Roy Eastwood
2021-Aug-31 20:18 UTC
[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
On 31 August 2021 10:42 Mani Wieser wrote:> On 31.08.2021 11:08, L.P.H. van Belle via samba wrote: > > [Service] > > # Temp fix ad-dc : reception only permitted for main PID > > NotifyAccess=all > > I can confirm a noise less restart of samba version 4.14.7-Debian (bullseye) > > Mani >I agree, now works. Which leaves the WiKi incorrect as it still recommends Type=forking etc. I assume this should be updated to (adapted for self-compiled version)?: [Unit] Description=Samba AD Daemon Documentation=man:samba(8) man:samba(7) man:smb.conf(5) Wants=network-online.target After=network.target network-online.target [Service] Type=notify NotifyAccess=all PIDFile=/usr/local/samba/var/run/samba.pid LimitNOFILE=16384 EnvironmentFile=-/etc/default/samba ExecStart=/usr/local/samba/sbin/samba --foreground --no-process-group $SAMBAOPTIONS ExecReload=/bin/kill -HUP $MAINPID [Install] WantedBy=multi-user.target Regards, Roy
L.P.H. van Belle
2021-Sep-01 07:48 UTC
[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
Gooe morning, I'll CC Alexander Bokovoy in this on, i think he can tell us more on this. Before this ends up in a bloodbath ;-) No, joking her, but i think these guys can tell us. Rowland, Why do you think that we should not set Type. SystemD cant deteriming what type of program is running. Type must be set and if its not set, type is "simple" ( as Roy also noticed ) If type is simple, it just used /etc/init.d/samba start/stop But simple is wrong, just because it wont catch errors when starting up.. Quote: systemctl start command lines for simple services will report success even if the service's binary cannot be invoked successfully All i can say is, the Samba team is using "notify" some time. And only somehere in Samba 4.12/4.13 NotifyAccess= is removed from all service files in the samba sources. And after this CVE fix in systemd, its not correct anymore in my opionion If NotifyAccess= isnt defined, then NotifyAccess=main and main isnt correct for samba-ad-dc, because of the extra processes starting. I dont know how its exact implemeted in samba, i leave that to the devs. And lets keek the focus on this that it ONLY involves samba-ad-dc.service So NotifyAccess=all was removed in this commit https://gitlab.com/thctlo1/samba/-/commit/d1740fb3d5a72cb49e30b330bb0b01e7ef3e09cc Which was correct at that time, but things changed. Lets wait what Alexander or Andreas can tell us on this. So far, Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 31 augustus 2021 22:50 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > message from PID 27448, but reception only permitted for main > PID 27410 > > On Tue, 2021-08-31 at 21:18 +0100, Roy Eastwood via samba wrote: > > I agree, now works. Which leaves the WiKi incorrect as it still > > recommends Type=forking etc. I assume this should be updated to > > (adapted for self-compiled version)?: > > > > I am going to throw a hand grenade in here, after reading 'man > systemd.service , I now think that 'Type' shouldn't be set at all! > > With this samba-ad-dc.service file: > > [Unit] > Description=Samba AD Daemon > Documentation=man:samba(8) man:samba(7) man:smb.conf(5) > Wants=network-online.target > After=network.target network-online.target > > [Service] > PIDFile=/run/samba/samba.pid > LimitNOFILE=16384 > EnvironmentFile=-/etc/default/samba > ExecStart=/usr/sbin/samba --foreground --no-process-group > $SAMBAOPTIONS > ExecReload=/bin/kill -HUP $MAINPID > > > [Install] > WantedBy=multi-user.target > > Results in this: > > ??? samba-ad-dc.service - Samba AD Daemon > Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; > vendor preset: enabled) > Active: active (running) since Tue 2021-08-31 21:38:06 BST; 8s ago > Docs: man:samba(8) > man:samba(7) > man:smb.conf(5) > Main PID: 15307 (samba) > Tasks: 57 (limit: 4915) > CGroup: /system.slice/samba-ad-dc.service > ??????15307 samba: root process > ??????15309 samba: tfork waiter process(15310) > ??????15310 samba: task[s3fs] pre-fork master > ??????15311 samba: tfork waiter process(15313) > ??????15312 samba: tfork waiter process(15314) > ??????15313 samba: task[rpc] pre-fork master > ??????15314 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ??????15315 samba: tfork waiter process(15316) > ??????15316 samba: task[nbt] pre-fork master > ??????15317 samba: tfork waiter process(15319) > ??????15318 samba: tfork waiter process(15320) > ??????15319 samba: task[rpc] pre-forked worker(0) > ??????15320 samba: task[wrepl] pre-fork master > ??????15321 samba: tfork waiter process(15325) > ??????15322 samba: tfork waiter process(15323) > ??????15323 samba: task[ldap] pre-fork master > ??????15324 samba: tfork waiter process(15326) > ??????15325 samba: task[rpc] pre-forked worker(1) > ??????15326 samba: task[cldap] pre-fork master > ??????15327 samba: tfork waiter process(15330) > ??????15328 samba: tfork waiter process(15329) > ??????15329 samba: task[rpc] pre-forked worker(2) > ??????15330 samba: task[kdc] pre-fork master > ??????15331 samba: tfork waiter process(15334) > ??????15332 samba: tfork waiter process(15333) > ??????15333 samba: task[drepl] pre-fork master > ??????15334 samba: task[rpc] pre-forked worker(3) > ??????15335 samba: tfork waiter process(15338) > ??????15336 samba: tfork waiter process(15337) > ??????15337 samba: task[kdc] pre-forked worker(0) > ??????15338 samba: task[winbindd] pre-fork master > ??????15339 samba: tfork waiter process(15342) > ??????15340 samba: tfork waiter process(15343) > ??????15341 samba: tfork waiter process(15348) > ??????15342 samba: task[kdc] pre-forked worker(1) > ??????15343 samba: task[ntp_signd] pre-fork master > ??????15344 samba: tfork waiter process(15346) > ??????15345 samba: tfork waiter process(15349) > ??????15346 samba: task[kcc] pre-fork master > ??????15347 samba: tfork waiter process(15350) > ??????15348 /usr/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > ??????15349 samba: task[kdc] pre-forked worker(2) > ??????15350 samba: task[dnsupdate] pre-fork master > ??????15351 samba: tfork waiter process(15352) > ??????15352 samba: task[kdc] pre-forked worker(3) > ??????15359 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ??????15360 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ??????15361 /usr/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ??????15363 winbindd: domain child [SAMDOM] > ??????15364 samba: tfork waiter process(15365) > ??????15365 samba: task[ldap] pre-forked worker(0) > ??????15366 samba: tfork waiter process(15367) > ??????15367 samba: task[ldap] pre-forked worker(1) > ??????15368 samba: tfork waiter process(15369) > ??????15369 samba: task[ldap] pre-forked worker(2) > ??????15370 samba: tfork waiter process(15371) > ??????15371 samba: task[ldap] pre-forked worker(3) > > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 21:38:07.380345, 0] > ../../source4/samba/server.c:920(binary_smbd_main) > Aug 31 21:38:07 rpidc2 samba[15307]: binary_smbd_main: samba: using > 'prefork' process model > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 21:38:07.609089, 0] > ../../lib/util/become_daemon.c:136(daemon_ready) > Aug 31 21:38:07 rpidc2 samba[15307]: daemon_ready: daemon 'samba' > finished starting up and ready to serve connections > Aug 31 21:38:08 rpidc2 smbd[15314]: [2021/08/31 21:38:08.245451, 0] > ../../lib/util/become_daemon.c:136(daemon_ready) > Aug 31 21:38:08 rpidc2 smbd[15314]: daemon_ready: daemon 'smbd' > finished starting up and ready to serve connections > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > 21:38:08.338432, 0] > ../../source3/winbindd/winbindd_cache.c:3206(initialize_winbin > dd_cache) > Aug 31 21:38:08 rpidc2 winbindd[15348]: initialize_winbindd_cache: > clearing cache and re-creating with version number 2 > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > 21:38:08.343985, 0] ../../lib/util/become_daemon.c:136(daemon_ready) > Aug 31 21:38:08 rpidc2 winbindd[15348]: daemon_ready: daemon > 'winbindd' finished starting up and ready to serve connections > > And 'pstree' shows this: > > systemd?????????agetty > > ??????samba?????????tfork(15310)?????????s3fs[master]????????? > tfork(15314)?????????smbd?????????c > leanupd > ??? ??? > ??????l > pqd > ??? ??? > ??????s > mbd-notifyd > ??? > ??????tfork(15313)?????????rpc[master]?????????tfork(15319)?????????rpc(0)> ??? ??? > ??????tfork(15325)?????????rpc(1) > ??? ??? > ??????tfork(15329)?????????rpc(2) > ??? ??? > ??????tfork(15334)?????????rpc(3) > ??? ??????tfork(15316)?????????nbt[master] > ??? ??????tfork(15320)?????????wrepl[master] > ??? > ??????tfork(15323)?????????ldap[master]?????????tfork(15365)?????????ldap(0)> ??? ??? > ??????tfork(15367)?????????ldap(1) > ??? ??? > ??????tfork(15369)?????????ldap(2) > ??? ??? > ??????tfork(15371)?????????ldap(3) > ??? ??????tfork(15326)?????????cldap[master] > ??? > ??????tfork(15330)?????????kdc[master]?????????tfork(15337)?????????kdc(0)> ??? ??? > ??????tfork(15342)?????????kdc(1) > ??? ??? > ??????tfork(15349)?????????kdc(2) > ??? ??? > ??????tfork(15352)?????????kdc(3) > ??? ??????tfork(15333)?????????drepl[master] > ??? > ??????tfork(15338)?????????winbindd[master?????????tfork(15348)?????????winbi> ndd?????????winbindd > ??? ??????tfork(15343)?????????ntp_signd[master] > ??? ??????tfork(15346)?????????kcc[master] > ??? ??????tfork(15350)?????????dnsupdate[master] > > It is all working for myself. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >