Jeremy Allison
2024-May-02 16:43 UTC
[Samba] winbind: does it actually depend on nmbd? and network-online?
On Thu, May 02, 2024 at 12:17:43PM +0100, Rowland Penny via samba wrote:>On Thu, 2 May 2024 13:44:47 +0300 >Michael Tokarev via samba <samba at lists.samba.org> wrote: >> >> Note nmbd needs network to be online. While winbind only needs >> network to be up. If winbind requires nmbd, who in turn requires >> network to be online, winbind will be started only with online >> network. If we drop winbind dependency on nmbd here, winbind will >> be started earlier, before network is online. >> >> Does winbind requires network to be online or just up? > >No idea about that, perhaps Jeremy will know.What's the difference between "online" and "up" ?
Michael Tokarev
2024-May-02 17:00 UTC
[Samba] winbind: does it actually depend on nmbd? and network-online?
02.05.2024 19:43, Jeremy Allison via samba wrote:>>> Does winbind requires network to be online or just up? > > What's the difference between "online" and "up" ?"Online" has numerous meanings depending on the settings, but the basic idea is the same: when there's some connectivity present. I had a trap on my notebook due to this and due to debian-specific settings. Obviously, a notebook is supposed to be without connectivity just fine. This one has been upgraded from an old version of debian, - a version which used to use /etc/rc.local which was ordered after networking, and at that old time, there was no notion of "network-online" at all. My rc.local was empty. Debian decided to make rc.local dependent on network-ONLINE.target. And user logins are ordered after rc.local if it is present. So as the result, I wasn't able to log in to my notebook until there's a known wifi network nearby, or available ethernet port - not even root login was possible. See https://www.freedesktop.org/software/systemd/man/latest/systemd.special.html#network-online.target for a bit more context about this, and the page referenced from there, https://systemd.io/NETWORK_ONLINE . The meaning of "online" can be adjusted by the local settings. By default it means "at least one network interface (besides loopback) is configured and has carrier". In this context, basically, network-online means winbind is able to send queries to a remote domain controller (hopefully it is up and running). While network means the interfaces are configured (and might not even be configured, - eg. systemd-networkd can delay interface configuration until it detects carrier). Since winbind can cache network information, and since samba even allows network-less login with saved/cached credentials, I guess it should depend on network.target, not network-online.target. Not for the first login though. For nmbd, - this one apparently is the same (when it is used), though it might not find any active interface in this case (when networkd delays carrier-less interface configuration) and even fail to start. Still, without network-online, nmbd becomes basically useless. Thanks, /mjt -- GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24. New key: rsa4096/61AD3D98ECDF2C8E 9D8B E14E 3F2A 9DD7 9199 28F1 61AD 3D98 ECDF 2C8E Old key: rsa2048/457CE0A0804465C5 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt