Matthias Kühne | Ellerhold Aktiengesellschaft
2025-Jan-16 12:50 UTC
[Samba] Problems with rpcd helpers not restarting after config changes and updates
Hello lovely samba-people,
in the last year we had some problems with the rpcd helpers: they dont
restart after a config change or an upgrade. We think
https://lists.samba.org/archive/samba/2024-July/249470.html is a symptom
of it. Other errors included that samba-ad-dc did not work properly
until restarting the whole server. The upgrade to 4.21.3 took down our
whole ERP software, because the ad-dc somehow broke.
Well we think that running newer samba-ad-dc with the old rpc helpers is
the culprit here (this may be wrong though).
In Samba 4.16 a new helper was added: samba-dcerpcd. This binary starts
the rpcd helpers as needed. Normally (rpc start on demand helpers = yes
(the default)) it is started by smbd, winbind or samba-ad-dc on demand
and detaches after. So restarting the aforementioned processes does not
restart dcerpcd or the rpcd helpers. Thanks to Ralph B?hme of SerNet for
explaining all of this!
The solution is to set "rpc start on demand helpers = no" in your
smb.conf and add a new systemd service:
[Unit]
Description=Samba DCERPCD Server process
Before=smbd.service winbind.service samba-ad-dc.service
PartOf=smbd.service winbind.service samba-ad-dc.service
[Service]
ExecStart=/usr/libexec/samba/samba-dcerpcd --foreground --libexec-rpcds
--debuglevel=0
[Install]
WantedBy=multi-user.target
Additionally you need this systemd overrides for smbd, winbind,
samba-ad-dc and possibily nmbd, put this file into
/etc/systemd/system/{smbd,winbind,nmbd,samba-ad-dc}.service.d/override.conf
[Unit]
Requires=samba-dcerpcd.service
After that: systemctl daemon-reload && systemctl stop smbd nmbd winbind
samba-ad-dc && systemctl enable samba-dcerpcd && systemctl start
samba-dcerpcd
And now start your needed services:
fileserver: systemctl start smbd nmbd winbind samba-dcerpcd
dc: fileserver: systemctl start samba-ad-dc samba-dcerpcd
Verify everything is working.
The goal is that samba-dcerpcd restarts when on of the other services
restarts. So that systemctl restart smbd also restarts samba-dcerpcd !
Im hoping that with this change, our upgrade-problems are gone. And I
hope I can help some of you out there.
@mjt: Can you somehow bring this change to the debian packages please?
The change in the smb.conf is tricky though, so idk how you can package
that. But providing a samba-dcerpcd.service file thats disabled and
restarting it in postinstall would be great!
--
Senior Webentwickler
Datenschutzbeauftragter
Ellerhold Aktiengesellschaft
Friedrich-List-Str. 4
01445 Radebeul
Telefon: +49 (0) 351 83933-61
Web: www.ellerhold.de
Facebook: www.facebook.com/ellerhold.gruppe
Instagram: www.instagram.com/ellerhold.gruppe
LinkedIn: www.linkedin.com/company/ellerhold-gruppe
Amtsgericht Dresden / HRB 23769
Vorstand: Stephan Ellerhold, Maximilian Ellerhold
Vorsitzender des Aufsichtsrates: Frank Ellerhold
---Diese E-Mail und Ihre Anlagen enthalten vertrauliche Mitteilungen. Sollten
Sie nicht der beabsichtigte Adressat sein, so bitten wir Sie um Mitteilung und
um sofortiges l?schen dieser E-Mail und der Anlagen.
Unsere Hinweise zum Datenschutz finden Sie hier:
http://www.ellerhold.de/datenschutz/
This e-mail and its attachments are privileged and confidential. If you are not
the intended recipient, please notify us and immediately delete this e-mail and
its attachments.
You can find our privacy policy here: http://www.ellerhold.de/datenschutz/
Michael Tokarev
2025-Jan-21 10:25 UTC
[Samba] Problems with rpcd helpers not restarting after config changes and updates
16.01.2025 15:50, Matthias K?hne | Ellerhold Aktiengesellschaft via samba wrote: ..> @mjt: Can you somehow bring this change to the debian packages please? > The change in the smb.conf is tricky though, so idk how you can package > that. But providing a samba-dcerpcd.service file thats disabled and > restarting it in postinstall would be great!This is not difficult to do, but this needs to be agreed upon with the upstream. Exactly because it's tricky wrt smb.conf. If there's a bug in samba about this, it's better to fix it instead, I think. It's interesting I never noticed this before. /mjt