L.P.H. van Belle
2021-Sep-01 14:35 UTC
[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
On this :> Type=notify changes NotifyAccess forcibly to 'main' if > NotifyAccess is not set (our case). Are you claiming this has > changed in systemd?Yes, that is correct, this something related to changes in systemd. I suspect its this one: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt In debian this change passed on : [20 Jul 2021] DSA-4942 systemd - security update And NotifyAccess=main wont work correctly for samba-ad-dc. At least on samba-ad-dc works but we see : Got notification message from PID 27448, but reception only permitted for main PID 27410 Which didnt not look good. So i asked the debian maintainer about this. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993347 Where we first suggested to change back to "Fork" because wiki says so.. But he pointed out. To use NotifyAccess=all So, this is the change i would like to see in samba back again. https://bugzilla.samba.org/show_bug.cgi?id=14814 And i saw you guys made this change between 4.12/4.13. The "why" i dont know.. Maybe this needs more research, but the suggested fix works and did work since 4.4.x So far, and thanks for the reply :-) Im all ears for what best as fix. Greetz, Louis Ps. Historical info : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740942 samba 4.1.x https://lists.samba.org/archive/samba/2016-July/201197.html samba 4.4.x> -----Oorspronkelijk bericht----- > Van: Alexander Bokovoy [mailto:ab at samba.org] > Verzonden: woensdag 1 september 2021 16:06 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org; Andreas Schneider > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > message from PID 27448, but reception only permitted for main > PID 27410 > > On ke, 01 syys 2021, L.P.H. van Belle wrote: > > Gooe morning, > > > > I'll CC Alexander Bokovoy in this on, i think he can tell > us more on this. > > Before this ends up in a bloodbath ;-) > > > > No, joking her, but i think these guys can tell us. > > > > Rowland, Why do you think that we should not set Type. > > SystemD cant deteriming what type of program is running. > > > > Type must be set and if its not set, type is "simple" ( as > Roy also noticed ) > > If type is simple, it just used /etc/init.d/samba start/stop > > > > But simple is wrong, just because it wont catch errors when > starting up.. > > Quote: systemctl start command lines for simple services > will report > > success even if the service's binary cannot be invoked successfully > > > > All i can say is, the Samba team is using "notify" some time. > > And only somehere in Samba 4.12/4.13 NotifyAccess= is > removed from > > all service files in the samba sources. > > > > And after this CVE fix in systemd, its not correct anymore > in my opionion > > If NotifyAccess= isnt defined, then NotifyAccess=main and > > main isnt correct for samba-ad-dc, because of the extra > processes starting. > > > > I dont know how its exact implemeted in samba, i leave that > to the devs. > > > > And lets keek the focus on this that it ONLY involves > samba-ad-dc.service > > > > So NotifyAccess=all was removed in this commit > > > https://gitlab.com/thctlo1/samba/-/commit/d1740fb3d5a72cb49e30 > b330bb0b01e7ef3e09cc > > Which was correct at that time, but things changed. > > > > Lets wait what Alexander or Andreas can tell us on this. > > Hi. We use Type=notify for samba/smbd/winbindd when they run > separately > because they are set up to provide notifications. Thus, > Type=notify has > to be present in samba.service. Internally, smbd and winbindd will not > do notifications if they were started by 'samba' daemon so there would > be only a single process reporting its status. > > Also, Type=notify changes NotifyAccess forcibly to 'main' if > NotifyAccess is not set (our case). Are you claiming this has > changed in > systemd? > > > > > > > > > So far, > > > > Greetz, > > > > Louis > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Rowland Penny via samba > > > Verzonden: dinsdag 31 augustus 2021 22:50 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > > > message from PID 27448, but reception only permitted for main > > > PID 27410 > > > > > > On Tue, 2021-08-31 at 21:18 +0100, Roy Eastwood via samba wrote: > > > > I agree, now works. Which leaves the WiKi incorrect > as it still > > > > recommends Type=forking etc. I assume this should be > updated to > > > > (adapted for self-compiled version)?: > > > > > > > > > > I am going to throw a hand grenade in here, after reading 'man > > > systemd.service , I now think that 'Type' shouldn't be set at all! > > > > > > With this samba-ad-dc.service file: > > > > > > [Unit] > > > Description=Samba AD Daemon > > > Documentation=man:samba(8) man:samba(7) man:smb.conf(5) > > > Wants=network-online.target > > > After=network.target network-online.target > > > > > > [Service] > > > PIDFile=/run/samba/samba.pid > > > LimitNOFILE=16384 > > > EnvironmentFile=-/etc/default/samba > > > ExecStart=/usr/sbin/samba --foreground --no-process-group > > > $SAMBAOPTIONS > > > ExecReload=/bin/kill -HUP $MAINPID > > > > > > > > > [Install] > > > WantedBy=multi-user.target > > > > > > Results in this: > > > > > > ??? samba-ad-dc.service - Samba AD Daemon > > > Loaded: loaded > (/lib/systemd/system/samba-ad-dc.service; enabled; > > > vendor preset: enabled) > > > Active: active (running) since Tue 2021-08-31 21:38:06 > BST; 8s ago > > > Docs: man:samba(8) > > > man:samba(7) > > > man:smb.conf(5) > > > Main PID: 15307 (samba) > > > Tasks: 57 (limit: 4915) > > > CGroup: /system.slice/samba-ad-dc.service > > > ??????15307 samba: root process > > > ??????15309 samba: tfork waiter process(15310) > > > ??????15310 samba: task[s3fs] pre-fork master > > > ??????15311 samba: tfork waiter process(15313) > > > ??????15312 samba: tfork waiter process(15314) > > > ??????15313 samba: task[rpc] pre-fork master > > > ??????15314 /usr/sbin/smbd -D --option=server role > > > check:inhibit=yes --foreground > > > ??????15315 samba: tfork waiter process(15316) > > > ??????15316 samba: task[nbt] pre-fork master > > > ??????15317 samba: tfork waiter process(15319) > > > ??????15318 samba: tfork waiter process(15320) > > > ??????15319 samba: task[rpc] pre-forked worker(0) > > > ??????15320 samba: task[wrepl] pre-fork master > > > ??????15321 samba: tfork waiter process(15325) > > > ??????15322 samba: tfork waiter process(15323) > > > ??????15323 samba: task[ldap] pre-fork master > > > ??????15324 samba: tfork waiter process(15326) > > > ??????15325 samba: task[rpc] pre-forked worker(1) > > > ??????15326 samba: task[cldap] pre-fork master > > > ??????15327 samba: tfork waiter process(15330) > > > ??????15328 samba: tfork waiter process(15329) > > > ??????15329 samba: task[rpc] pre-forked worker(2) > > > ??????15330 samba: task[kdc] pre-fork master > > > ??????15331 samba: tfork waiter process(15334) > > > ??????15332 samba: tfork waiter process(15333) > > > ??????15333 samba: task[drepl] pre-fork master > > > ??????15334 samba: task[rpc] pre-forked worker(3) > > > ??????15335 samba: tfork waiter process(15338) > > > ??????15336 samba: tfork waiter process(15337) > > > ??????15337 samba: task[kdc] pre-forked worker(0) > > > ??????15338 samba: task[winbindd] pre-fork master > > > ??????15339 samba: tfork waiter process(15342) > > > ??????15340 samba: tfork waiter process(15343) > > > ??????15341 samba: tfork waiter process(15348) > > > ??????15342 samba: task[kdc] pre-forked worker(1) > > > ??????15343 samba: task[ntp_signd] pre-fork master > > > ??????15344 samba: tfork waiter process(15346) > > > ??????15345 samba: tfork waiter process(15349) > > > ??????15346 samba: task[kcc] pre-fork master > > > ??????15347 samba: tfork waiter process(15350) > > > ??????15348 /usr/sbin/winbindd -D --option=server role > > > check:inhibit=yes --foreground > > > ??????15349 samba: task[kdc] pre-forked worker(2) > > > ??????15350 samba: task[dnsupdate] pre-fork master > > > ??????15351 samba: tfork waiter process(15352) > > > ??????15352 samba: task[kdc] pre-forked worker(3) > > > ??????15359 /usr/sbin/smbd -D --option=server role > > > check:inhibit=yes --foreground > > > ??????15360 /usr/sbin/smbd -D --option=server role > > > check:inhibit=yes --foreground > > > ??????15361 /usr/sbin/smbd -D --option=server role > > > check:inhibit=yes --foreground > > > ??????15363 winbindd: domain child [SAMDOM] > > > ??????15364 samba: tfork waiter process(15365) > > > ??????15365 samba: task[ldap] pre-forked worker(0) > > > ??????15366 samba: tfork waiter process(15367) > > > ??????15367 samba: task[ldap] pre-forked worker(1) > > > ??????15368 samba: tfork waiter process(15369) > > > ??????15369 samba: task[ldap] pre-forked worker(2) > > > ??????15370 samba: tfork waiter process(15371) > > > ??????15371 samba: task[ldap] pre-forked worker(3) > > > > > > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 > 21:38:07.380345, 0] > > > ../../source4/samba/server.c:920(binary_smbd_main) > > > Aug 31 21:38:07 rpidc2 samba[15307]: binary_smbd_main: > samba: using > > > 'prefork' process model > > > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 > 21:38:07.609089, 0] > > > ../../lib/util/become_daemon.c:136(daemon_ready) > > > Aug 31 21:38:07 rpidc2 samba[15307]: daemon_ready: > daemon 'samba' > > > finished starting up and ready to serve connections > > > Aug 31 21:38:08 rpidc2 smbd[15314]: [2021/08/31 > 21:38:08.245451, 0] > > > ../../lib/util/become_daemon.c:136(daemon_ready) > > > Aug 31 21:38:08 rpidc2 smbd[15314]: daemon_ready: daemon 'smbd' > > > finished starting up and ready to serve connections > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > > > 21:38:08.338432, 0] > > > ../../source3/winbindd/winbindd_cache.c:3206(initialize_winbin > > > dd_cache) > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: > initialize_winbindd_cache: > > > clearing cache and re-creating with version number 2 > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > > > 21:38:08.343985, 0] > ../../lib/util/become_daemon.c:136(daemon_ready) > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: daemon_ready: daemon > > > 'winbindd' finished starting up and ready to serve connections > > > > > > And 'pstree' shows this: > > > > > > systemd?????????agetty > > > > > > ??????samba?????????tfork(15310)?????????s3fs[master]????????? > > > tfork(15314)?????????smbd?????????c > > > leanupd > > > ??? ??? > > > ??????l > > > pqd > > > ??? ??? > > > ??????s > > > mbd-notifyd > > > ??? > > > ??????tfork(15313)?????????rpc[master]?????????tfork(15319)??? > > ??????rpc(0) > > > ??? ??? > > > ??????tfork(15325)?????????rpc(1) > > > ??? ??? > > > ??????tfork(15329)?????????rpc(2) > > > ??? ??? > > > ??????tfork(15334)?????????rpc(3) > > > ??? ??????tfork(15316)?????????nbt[master] > > > ??? ??????tfork(15320)?????????wrepl[master] > > > ??? > > > ??????tfork(15323)?????????ldap[master]?????????tfork(15365)?? > > ???????ldap(0) > > > ??? ??? > > > ??????tfork(15367)?????????ldap(1) > > > ??? ??? > > > ??????tfork(15369)?????????ldap(2) > > > ??? ??? > > > ??????tfork(15371)?????????ldap(3) > > > ??? ??????tfork(15326)?????????cldap[master] > > > ??? > > > ??????tfork(15330)?????????kdc[master]?????????tfork(15337)??? > > ??????kdc(0) > > > ??? ??? > > > ??????tfork(15342)?????????kdc(1) > > > ??? ??? > > > ??????tfork(15349)?????????kdc(2) > > > ??? ??? > > > ??????tfork(15352)?????????kdc(3) > > > ??? ??????tfork(15333)?????????drepl[master] > > > ??? > > > ??????tfork(15338)?????????winbindd[master?????????tfork(15348 > > )?????????winbi > > > ndd?????????winbindd > > > ??? ??????tfork(15343)?????????ntp_signd[master] > > > ??? ??????tfork(15346)?????????kcc[master] > > > ??? ??????tfork(15350)?????????dnsupdate[master] > > > > > > It is all working for myself. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > -- > / Alexander Bokovoy > >
L.P.H. van Belle
2021-Sep-03 14:42 UTC
[Samba] samba-ad-dc.service: Got notification message from PID 27448, but reception only permitted for main PID 27410
Hello Alexander,> -----Oorspronkelijk bericht----- > Van: Alexander Bokovoy [mailto:ab at samba.org] > Verzonden: vrijdag 3 september 2021 15:03 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org; Andreas Schneider > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > message from PID 27448, but reception only permitted for main > PID 27410 > > On ke, 01 syys 2021, L.P.H. van Belle wrote: > > > > On this : > > > Type=notify changes NotifyAccess forcibly to 'main' if > > > NotifyAccess is not set (our case). Are you claiming this has > > > changed in systemd? > > > > Yes, that is correct, this something related to changes in systemd. > > > > I suspect its this one: > > > https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-ser > vice-systemd.txt > > In debian this change passed on : [20 Jul 2021] DSA-4942 > systemd - security update > > I do not see how CVE-2021-33910 is affecting the NotifyAccess > behavior.I hoped, you would see/find it.. :-(> > > And NotifyAccess=main wont work correctly for samba-ad-dc. > > > > At least on samba-ad-dc works but we see : > > Got notification message from PID 27448, but reception only > permitted for main PID 27410 > > > > Which didnt not look good. > > This one means we've got sd_notify() from a process that is not a > correct one. Do you know what process is that? E.g. is it 'samba' or > 'smbd' or 'winbindd'? or something else?As far i can tell and see, only the "samba" process is affected in it. (And only samba-ad-dc mode.)> > Right now smbd and winbindd disable SD notifications if they > are run in > Samba AD DC configuration. It might be that we should add the same > daemon_sd_notifications(false); call to other AD DC daemons when they > fork out of 'samba' binary.I wish i did know this, but thats one, i really dont know, im not that smart in the samba code. :-( but maybe this one helps you more, To identify the problem. https://access.redhat.com/solutions/3062191 Services using the "Type=Notify" and "NotifyAccess=All" settings are vulnerable to being inadvertently shut down by other services Greetz, Louis> > > > > > So i asked the debian maintainer about this. > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993347 > > > > Where we first suggested to change back to "Fork" because > wiki says so.. > > But he pointed out. To use NotifyAccess=all > > > > So, this is the change i would like to see in samba back again. > > https://bugzilla.samba.org/show_bug.cgi?id=14814 > > > > And i saw you guys made this change between 4.12/4.13. > > The "why" i dont know.. > > > > > Maybe this needs more research, but the suggested fix works > and did work since 4.4.x > > > > So far, and thanks for the reply :-) > > Im all ears for what best as fix. > > > > Greetz, > > > > Louis > > > > Ps. Historical info : > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740942 > samba 4.1.x > > https://lists.samba.org/archive/samba/2016-July/201197.html > samba 4.4.x > > > > > > > > > -----Oorspronkelijk bericht----- > > > Van: Alexander Bokovoy [mailto:ab at samba.org] > > > Verzonden: woensdag 1 september 2021 16:06 > > > Aan: L.P.H. van Belle > > > CC: samba at lists.samba.org; Andreas Schneider > > > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > > > message from PID 27448, but reception only permitted for main > > > PID 27410 > > > > > > On ke, 01 syys 2021, L.P.H. van Belle wrote: > > > > Gooe morning, > > > > > > > > I'll CC Alexander Bokovoy in this on, i think he can tell > > > us more on this. > > > > Before this ends up in a bloodbath ;-) > > > > > > > > No, joking her, but i think these guys can tell us. > > > > > > > > Rowland, Why do you think that we should not set Type. > > > > SystemD cant deteriming what type of program is running. > > > > > > > > Type must be set and if its not set, type is "simple" ( as > > > Roy also noticed ) > > > > If type is simple, it just used /etc/init.d/samba start/stop > > > > > > > > But simple is wrong, just because it wont catch errors when > > > starting up.. > > > > Quote: systemctl start command lines for simple services > > > will report > > > > success even if the service's binary cannot be invoked > successfully > > > > > > > > All i can say is, the Samba team is using "notify" some time. > > > > And only somehere in Samba 4.12/4.13 NotifyAccess= is > > > removed from > > > > all service files in the samba sources. > > > > > > > > And after this CVE fix in systemd, its not correct anymore > > > in my opionion > > > > If NotifyAccess= isnt defined, then NotifyAccess=main and > > > > main isnt correct for samba-ad-dc, because of the extra > > > processes starting. > > > > > > > > I dont know how its exact implemeted in samba, i leave that > > > to the devs. > > > > > > > > And lets keek the focus on this that it ONLY involves > > > samba-ad-dc.service > > > > > > > > So NotifyAccess=all was removed in this commit > > > > > > > https://gitlab.com/thctlo1/samba/-/commit/d1740fb3d5a72cb49e30 > > > b330bb0b01e7ef3e09cc > > > > Which was correct at that time, but things changed. > > > > > > > > Lets wait what Alexander or Andreas can tell us on this. > > > > > > Hi. We use Type=notify for samba/smbd/winbindd when they run > > > separately > > > because they are set up to provide notifications. Thus, > > > Type=notify has > > > to be present in samba.service. Internally, smbd and > winbindd will not > > > do notifications if they were started by 'samba' daemon > so there would > > > be only a single process reporting its status. > > > > > > Also, Type=notify changes NotifyAccess forcibly to 'main' if > > > NotifyAccess is not set (our case). Are you claiming this has > > > changed in > > > systemd? > > > > > > > > > > > > > > > > > > > > > So far, > > > > > > > > Greetz, > > > > > > > > Louis > > > > > > > > > > > > > > > > > > > > > -----Oorspronkelijk bericht----- > > > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > > > Rowland Penny via samba > > > > > Verzonden: dinsdag 31 augustus 2021 22:50 > > > > > Aan: samba at lists.samba.org > > > > > Onderwerp: Re: [Samba] samba-ad-dc.service: Got notification > > > > > message from PID 27448, but reception only permitted for main > > > > > PID 27410 > > > > > > > > > > On Tue, 2021-08-31 at 21:18 +0100, Roy Eastwood via > samba wrote: > > > > > > I agree, now works. Which leaves the WiKi incorrect > > > as it still > > > > > > recommends Type=forking etc. I assume this should be > > > updated to > > > > > > (adapted for self-compiled version)?: > > > > > > > > > > > > > > > > I am going to throw a hand grenade in here, after reading 'man > > > > > systemd.service , I now think that 'Type' shouldn't > be set at all! > > > > > > > > > > With this samba-ad-dc.service file: > > > > > > > > > > [Unit] > > > > > Description=Samba AD Daemon > > > > > Documentation=man:samba(8) man:samba(7) man:smb.conf(5) > > > > > Wants=network-online.target > > > > > After=network.target network-online.target > > > > > > > > > > [Service] > > > > > PIDFile=/run/samba/samba.pid > > > > > LimitNOFILE=16384 > > > > > EnvironmentFile=-/etc/default/samba > > > > > ExecStart=/usr/sbin/samba --foreground --no-process-group > > > > > $SAMBAOPTIONS > > > > > ExecReload=/bin/kill -HUP $MAINPID > > > > > > > > > > > > > > > [Install] > > > > > WantedBy=multi-user.target > > > > > > > > > > Results in this: > > > > > > > > > > ??? samba-ad-dc.service - Samba AD Daemon > > > > > Loaded: loaded > > > (/lib/systemd/system/samba-ad-dc.service; enabled; > > > > > vendor preset: enabled) > > > > > Active: active (running) since Tue 2021-08-31 21:38:06 > > > BST; 8s ago > > > > > Docs: man:samba(8) > > > > > man:samba(7) > > > > > man:smb.conf(5) > > > > > Main PID: 15307 (samba) > > > > > Tasks: 57 (limit: 4915) > > > > > CGroup: /system.slice/samba-ad-dc.service > > > > > ??????15307 samba: root process > > > > > ??????15309 samba: tfork waiter process(15310) > > > > > ??????15310 samba: task[s3fs] pre-fork master > > > > > ??????15311 samba: tfork waiter process(15313) > > > > > ??????15312 samba: tfork waiter process(15314) > > > > > ??????15313 samba: task[rpc] pre-fork master > > > > > ??????15314 /usr/sbin/smbd -D --option=server role > > > > > check:inhibit=yes --foreground > > > > > ??????15315 samba: tfork waiter process(15316) > > > > > ??????15316 samba: task[nbt] pre-fork master > > > > > ??????15317 samba: tfork waiter process(15319) > > > > > ??????15318 samba: tfork waiter process(15320) > > > > > ??????15319 samba: task[rpc] pre-forked worker(0) > > > > > ??????15320 samba: task[wrepl] pre-fork master > > > > > ??????15321 samba: tfork waiter process(15325) > > > > > ??????15322 samba: tfork waiter process(15323) > > > > > ??????15323 samba: task[ldap] pre-fork master > > > > > ??????15324 samba: tfork waiter process(15326) > > > > > ??????15325 samba: task[rpc] pre-forked worker(1) > > > > > ??????15326 samba: task[cldap] pre-fork master > > > > > ??????15327 samba: tfork waiter process(15330) > > > > > ??????15328 samba: tfork waiter process(15329) > > > > > ??????15329 samba: task[rpc] pre-forked worker(2) > > > > > ??????15330 samba: task[kdc] pre-fork master > > > > > ??????15331 samba: tfork waiter process(15334) > > > > > ??????15332 samba: tfork waiter process(15333) > > > > > ??????15333 samba: task[drepl] pre-fork master > > > > > ??????15334 samba: task[rpc] pre-forked worker(3) > > > > > ??????15335 samba: tfork waiter process(15338) > > > > > ??????15336 samba: tfork waiter process(15337) > > > > > ??????15337 samba: task[kdc] pre-forked worker(0) > > > > > ??????15338 samba: task[winbindd] pre-fork master > > > > > ??????15339 samba: tfork waiter process(15342) > > > > > ??????15340 samba: tfork waiter process(15343) > > > > > ??????15341 samba: tfork waiter process(15348) > > > > > ??????15342 samba: task[kdc] pre-forked worker(1) > > > > > ??????15343 samba: task[ntp_signd] pre-fork master > > > > > ??????15344 samba: tfork waiter process(15346) > > > > > ??????15345 samba: tfork waiter process(15349) > > > > > ??????15346 samba: task[kcc] pre-fork master > > > > > ??????15347 samba: tfork waiter process(15350) > > > > > ??????15348 /usr/sbin/winbindd -D > --option=server role > > > > > check:inhibit=yes --foreground > > > > > ??????15349 samba: task[kdc] pre-forked worker(2) > > > > > ??????15350 samba: task[dnsupdate] pre-fork master > > > > > ??????15351 samba: tfork waiter process(15352) > > > > > ??????15352 samba: task[kdc] pre-forked worker(3) > > > > > ??????15359 /usr/sbin/smbd -D --option=server role > > > > > check:inhibit=yes --foreground > > > > > ??????15360 /usr/sbin/smbd -D --option=server role > > > > > check:inhibit=yes --foreground > > > > > ??????15361 /usr/sbin/smbd -D --option=server role > > > > > check:inhibit=yes --foreground > > > > > ??????15363 winbindd: domain child [SAMDOM] > > > > > ??????15364 samba: tfork waiter process(15365) > > > > > ??????15365 samba: task[ldap] pre-forked worker(0) > > > > > ??????15366 samba: tfork waiter process(15367) > > > > > ??????15367 samba: task[ldap] pre-forked worker(1) > > > > > ??????15368 samba: tfork waiter process(15369) > > > > > ??????15369 samba: task[ldap] pre-forked worker(2) > > > > > ??????15370 samba: tfork waiter process(15371) > > > > > ??????15371 samba: task[ldap] pre-forked worker(3) > > > > > > > > > > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 > > > 21:38:07.380345, 0] > > > > > ../../source4/samba/server.c:920(binary_smbd_main) > > > > > Aug 31 21:38:07 rpidc2 samba[15307]: binary_smbd_main: > > > samba: using > > > > > 'prefork' process model > > > > > Aug 31 21:38:07 rpidc2 samba[15307]: [2021/08/31 > > > 21:38:07.609089, 0] > > > > > ../../lib/util/become_daemon.c:136(daemon_ready) > > > > > Aug 31 21:38:07 rpidc2 samba[15307]: daemon_ready: > > > daemon 'samba' > > > > > finished starting up and ready to serve connections > > > > > Aug 31 21:38:08 rpidc2 smbd[15314]: [2021/08/31 > > > 21:38:08.245451, 0] > > > > > ../../lib/util/become_daemon.c:136(daemon_ready) > > > > > Aug 31 21:38:08 rpidc2 smbd[15314]: daemon_ready: > daemon 'smbd' > > > > > finished starting up and ready to serve connections > > > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > > > > > 21:38:08.338432, 0] > > > > > ../../source3/winbindd/winbindd_cache.c:3206(initialize_winbin > > > > > dd_cache) > > > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: > > > initialize_winbindd_cache: > > > > > clearing cache and re-creating with version number 2 > > > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: [2021/08/31 > > > > > 21:38:08.343985, 0] > > > ../../lib/util/become_daemon.c:136(daemon_ready) > > > > > Aug 31 21:38:08 rpidc2 winbindd[15348]: daemon_ready: daemon > > > > > 'winbindd' finished starting up and ready to serve connections > > > > > > > > > > And 'pstree' shows this: > > > > > > > > > > systemd?????????agetty > > > > > > > > > > ??????samba?????????tfork(15310)?????????s3fs[master]????????? > > > > > tfork(15314)?????????smbd?????????c > > > > > leanupd > > > > > ??? ??? > > > > > ??????l > > > > > pqd > > > > > ??? ??? > > > > > ??????s > > > > > mbd-notifyd > > > > > ??? > > > > > ??????tfork(15313)?????????rpc[master]?????????tfork(15319)??? > > > > ??????rpc(0) > > > > > ??? ??? > > > > > ??????tfork(15325)?????????rpc(1) > > > > > ??? ??? > > > > > ??????tfork(15329)?????????rpc(2) > > > > > ??? ??? > > > > > ??????tfork(15334)?????????rpc(3) > > > > > ??? ??????tfork(15316)?????????nbt[master] > > > > > ??? ??????tfork(15320)?????????wrepl[master] > > > > > ??? > > > > > ??????tfork(15323)?????????ldap[master]?????????tfork(15365)?? > > > > ???????ldap(0) > > > > > ??? ??? > > > > > ??????tfork(15367)?????????ldap(1) > > > > > ??? ??? > > > > > ??????tfork(15369)?????????ldap(2) > > > > > ??? ??? > > > > > ??????tfork(15371)?????????ldap(3) > > > > > ??? ??????tfork(15326)?????????cldap[master] > > > > > ??? > > > > > ??????tfork(15330)?????????kdc[master]?????????tfork(15337)??? > > > > ??????kdc(0) > > > > > ??? ??? > > > > > ??????tfork(15342)?????????kdc(1) > > > > > ??? ??? > > > > > ??????tfork(15349)?????????kdc(2) > > > > > ??? ??? > > > > > ??????tfork(15352)?????????kdc(3) > > > > > ??? ??????tfork(15333)?????????drepl[master] > > > > > ??? > > > > > ??????tfork(15338)?????????winbindd[master?????????tfork(15348 > > > > )?????????winbi > > > > > ndd?????????winbindd > > > > > ??? ??????tfork(15343)?????????ntp_signd[master] > > > > > ??? ??????tfork(15346)?????????kcc[master] > > > > > ??? ??????tfork(15350)?????????dnsupdate[master] > > > > > > > > > > It is all working for myself. > > > > > > > > > > Rowland > > > > > > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL > and read the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > > > > > > > > > -- > > > / Alexander Bokovoy > > > > > > > > > > -- > / Alexander Bokovoy > >