It looks like these two bugs could be relevant here. https://smartos.org/bugview/OS-4018 https://smartos.org/bugview/OS-4205
Jerry On Thu, Sep 3, 2015 at 7:15 AM, Nicholas Lee <[email protected]> wrote: > Very basic samba4 joined to an AD domain test on LX/Ubuntu. (I should > probably do this in a joyent domain now that it's meant to be working, but > I wanted to try this.) > > Minor issue. Seems the samba daemons use the following to start on boot: > > root@base3:~# grep -i 'start on' /etc/init/smbd.conf > start on (local-filesystems and net-device-up) > root@base3:~# grep -i 'start on' /etc/init/nmbd.conf > start on (local-filesystems and net-device-up IFACE!=lo) > root@base3:~# grep -i 'start on' /etc/init/winbind.conf > start on (local-filesystems and net-device-up IFACE!=lo) > > > [root@node7 /usbkey/vmcfg]# vmadm list > UUID TYPE RAM STATE > ALIAS > ... > f1dd6f86-b9a2-44e8-9c44-d976c2148999 LX 2048 stopped > base3.corp.kpac.co.nz > > [root@node7 /usbkey/vmcfg]# vmadm start > f1dd6f86-b9a2-44e8-9c44-d976c2148999 > Successfully started VM f1dd6f86-b9a2-44e8-9c44-d976c2148999 > > [root@node7 /usbkey/vmcfg]# zlogin f1dd6f86-b9a2-44e8-9c44-d976c2148999 > [Connected to zone 'f1dd6f86-b9a2-44e8-9c44-d976c2148999' pts/2] > Last login: Thu Sep 3 12:31:30 UTC 2015 from zone:global on pts/2 > Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0 x86_64) > > * Documentation: https://help.ubuntu.com/ > __ . . > _| |_ | .-. . . .-. :--. |- > |_ _| ;| || |(.-' | | | > |__| `--' `-' `;-| `-' ' ' `-' > / ; Instance (Ubuntu 14.04 20150819) > `-' https://docs.joyent.com/images/lx-brand-beta > > root@base3:~# ps awx > PID TTY STAT TIME COMMAND > 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background > 48650 ? S 0:00 upstart-file-bridge --daemon > 48750 ? S 0:00 sleep 60 > 1 ? S 0:00 init > 48757 ? Ss 0:00 /bin/login -h zone:global -f > 48779 ? R 0:00 ps awx > 48752 ? Ss 0:00 /sbin/getty -8 38400 console > 48670 ? Ss 0:00 cron > 48768 ? S 0:00 -bash > 48647 ? S< 0:00 /usr/sbin/ntpdate -s ntp.ubuntu.com > 48676 ? Ss 0:00 /usr/sbin/sshd -D > 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon > 48415 ? Ssl 0:00 ipmgmtd > 48636 ? S 0:00 lockfile-touch /var/lock/ntpdate-ifup > 48497 ? S 0:00 upstart-udev-bridge --daemon > 48619 ? Ssl 0:00 rsyslogd > 48630 ? S 0:00 /bin/sh /etc/network/if-up.d/ntpdate > root@base3:~# service winbind start && service smbd start && service nmbd > start > winbind start/running, process 48795 > smbd start/running, process 48806 > nmbd start/running, process 48820 > root@base3:~# ps awx > PID TTY STAT TIME COMMAND > 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background > 48650 ? S 0:00 upstart-file-bridge --daemon > 48750 ? S 0:00 sleep 60 > 1 ? S 0:00 init > 48757 ? Ss 0:00 /bin/login -h zone:global -f > 48820 /var/log/samba/log.nmbd Ss 0:00 nmbd -D > 48752 ? Ss 0:00 /sbin/getty -8 38400 console > 48670 ? Ss 0:00 cron > 48768 ? S 0:00 -bash > 48795 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F > 48822 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F > 48824 /var/log/samba/log.smbd S 0:00 smbd -F > 48676 ? Ss 0:00 /usr/sbin/sshd -D > 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon > 48415 ? Ssl 0:00 ipmgmtd > 48823 /var/log/samba/log.winbindd-idmap S 0:00 /usr/sbin/winbindd -F > 48806 /var/log/samba/log.smbd Ss 0:00 smbd -F > 48826 ? R 0:00 ps awx > 48814 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F > 48497 ? S 0:00 upstart-udev-bridge --daemon > 48619 ? Ssl 0:00 rsyslogd > 48804 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F > > > Switch to explicit 'start on' fixes the issue. I'm not sure what other > packages have the above 'start on' arrangement. > > root@base3:~# grep 'start on' /etc/init/winbind.conf > start on runlevel [2345] > root@base3:~# grep 'start on' /etc/init/?mbd.conf > /etc/init/nmbd.conf:start on (local-filesystems and net-device-up > IFACE!=lo) > /etc/init/smbd.conf:start on (local-filesystems and net-device-up) > > > reboot and then. > > root@base3:~# ps awx > PID TTY STAT TIME COMMAND > 49771 ? Ssl 0:00 rsyslogd > 49906 ? S 0:00 sleep 60 > 49948 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F > 49926 ? S 0:00 -bash > 1 ? S 0:00 init > 49802 ? S 0:00 upstart-file-bridge --daemon > 49573 ? Ssl 0:00 ipmgmtd > 49855 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F > 49649 ? S 0:00 upstart-udev-bridge --daemon > 49947 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F > 49949 ? R 0:00 ps awx > 49824 ? Ss 0:00 cron > 49920 ? Ss 0:00 /sbin/getty -8 38400 console > 49655 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon > 49848 ? S 0:00 /bin/sh /etc/init.d/ondemand background > 49908 ? Ss 0:00 /bin/login -h zone:global -f > 49828 ? Ss 0:00 /usr/sbin/sshd -D > 49835 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F > > root@base3:~# /etc/init.d/winbind status > * winbind is running > root@base3:~# /etc/init.d/smbd status > * smbd is not running > > > > === > > kinit/klist works. > wbinfo -u, -g and -i seem to work. > > > root@base3:~# wbinfo -u | grep nlee > nlee > > > > Haven't pin this issue down yet: > > > root@base3:~# touch /tmp/t > root@base3:~# chown nlee /tmp/t > root@base3:~# ls -l /tmp > total 5 > -rw------- 1 root root 2466 Sep 3 12:06 krb5cc_0 > -rw-r--r-- 1 root root 0 Sep 3 12:32 t > > > Few other logs: > > root@base3:~# date > Thu Sep 3 12:33:39 UTC 2015 > > > root@base3:~# tail /var/log/samba/log.smbd > open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 failed > with error = Protocol not available > [2015/09/03 12:30:59.181653, 0] ../lib/util/pidfile.c:153(pidfile_unlink) > Failed to delete pidfile /var/run/samba/smbd.pid. Error was No such file > or directory > [2015/09/03 12:32:26, 0] ../source3/smbd/server.c:1198(main) > smbd version 4.1.6-Ubuntu started. > Copyright Andrew Tridgell and the Samba Team 1992-2013 > [2015/09/03 12:32:26.085415, 0] ../source3/smbd/server.c:1278(main) > standard input is not a socket, assuming -D option > [2015/09/03 12:32:26.528489, 0] > ../source3/lib/util_sock.c:446(open_socket_in) > open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 failed > with error = Protocol not available > > > root@base3:~# tail /var/log/samba/log.nmbd > Got SIGTERM: going down... > [2015/09/03 12:32:26, 0] ../source3/nmbd/nmbd.c:902(main) > nmbd version 4.1.6-Ubuntu started. > Copyright Andrew Tridgell and the Samba Team 1992-2013 > [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) > open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed > with error = Protocol not available > [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) > open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed > with error = Protocol not available > [2015/09/03 12:32:26, 0] ../source3/lib/util_sock.c:446(open_socket_in) > open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 failed > with error = Protocol not available > root@base3:~# tail /var/log/samba/log.winbindd > Copyright Andrew Tridgell and the Samba Team 1992-2013 > [2015/09/03 12:29:45.661287, 0] > ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) > initialize_winbindd_cache: clearing cache and re-creating with version > number 2 > [2015/09/03 12:30:59.165752, 0] > ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler) > Got sig[15] terminate (is_parent=1) > [2015/09/03 12:32:20, 0] ../source3/winbindd/winbindd.c:1453(main) > winbindd version 4.1.6-Ubuntu started. > Copyright Andrew Tridgell and the Samba Team 1992-2013 > [2015/09/03 12:32:20.551640, 0] > ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) > initialize_winbindd_cache: clearing cache and re-creating with version > number 2 > > > apparmour is meant to cause some issues with samba, but it's not installed. > > root@base3:~# dpkg -l apparmour > dpkg-query: no packages found matching apparmour > root@base3:~# dpkg -l app\* > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version > Architecture Description > > +++-=========================================-=========================-=========================-======================================================================================= > un apparmor <none> > <none> (no description available) > un approx <none> > <none> (no description available) > > > > I'll give this ago on base-64-lts 14.4.2 next. > > Nicholas > > > apt-get install samba winbind samba libnss-winbind libpam-winbind > krb5-config krb5-locales krb5-user > > > root@base3:/etc/init# cat /etc/samba/smb.conf > [global] > realm = CORP.KPAC.CO.NZ > workgroup = KPAC > security = ADS > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > # idmap config *:backend = tdb > # idmap config *:range = 5000-9999 > idmap config KPAC:backend = rid > idmap config KPAC:range = 10000-29999 > idmap config KPAC:schema_mode = rfc2307 > > winbind nss info = rfc2307 > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind refresh tickets = Yes > winbind normalize names = Yes > winbind separator = + > > > store dos attributes = Yes > > vfs objects = acl_xattr > map acl inherit = Yes > > > # fix syslog > printing = CUPS > printcap name = /dev/null > > > root@base3:~# cat /etc/krb5.conf > # Be careful with CAPS they are significant! > [libdefaults] > default_realm = CORP.KPAC.CO.NZ > ticket_lifetime = 24000 > default_tgs_entypes = rc4-hmac des-cbc-md5 > default_tkt__enctypes = rc4-hmac des-cbc-md5 > permitted_enctypes = rc4-hmac des-cbc-md5 > dns_lookup_realm = true > dns_lookup_kdc = true > dns_fallback = yes > > [realms] > CORP.KPAC.CO.NZ = { > kdc = twin.corp.kpac.co.nz > default_domain = corp.kpac.co.nz > } > > [domain_realm] > # So are leading fullstops > .corp.kpac.co.nz = CORP.KPAC.CO.NZ > corp.kpac.co.nz = CORP.KPAC.CO.NZ > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > > root@base3:~# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/21516906-2011406d> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
