That is very good to know, as I were about to implement smb/cifs on LX zones, since it'll have the same advantages as Joyent zones
On September 3, 2015 10:28:47 AM EDT, Jerry Jelinek <[email protected]> wrote: >It looks like these two bugs could be relevant here. > >https://smartos.org/bugview/OS-4018 >https://smartos.org/bugview/OS-4205 > >Jerry > > >On Thu, Sep 3, 2015 at 7:15 AM, Nicholas Lee <[email protected]> >wrote: > >> Very basic samba4 joined to an AD domain test on LX/Ubuntu. (I >should >> probably do this in a joyent domain now that it's meant to be >working, but >> I wanted to try this.) >> >> Minor issue. Seems the samba daemons use the following to start on >boot: >> >> root@base3:~# grep -i 'start on' /etc/init/smbd.conf >> start on (local-filesystems and net-device-up) >> root@base3:~# grep -i 'start on' /etc/init/nmbd.conf >> start on (local-filesystems and net-device-up IFACE!=lo) >> root@base3:~# grep -i 'start on' /etc/init/winbind.conf >> start on (local-filesystems and net-device-up IFACE!=lo) >> >> >> [root@node7 /usbkey/vmcfg]# vmadm list >> UUID TYPE RAM STATE >> ALIAS >> ... >> f1dd6f86-b9a2-44e8-9c44-d976c2148999 LX 2048 stopped >> base3.corp.kpac.co.nz >> >> [root@node7 /usbkey/vmcfg]# vmadm start >> f1dd6f86-b9a2-44e8-9c44-d976c2148999 >> Successfully started VM f1dd6f86-b9a2-44e8-9c44-d976c2148999 >> >> [root@node7 /usbkey/vmcfg]# zlogin >f1dd6f86-b9a2-44e8-9c44-d976c2148999 >> [Connected to zone 'f1dd6f86-b9a2-44e8-9c44-d976c2148999' pts/2] >> Last login: Thu Sep 3 12:31:30 UTC 2015 from zone:global on pts/2 >> Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0 x86_64) >> >> * Documentation: https://help.ubuntu.com/ >> __ . . >> _| |_ | .-. . . .-. :--. |- >> |_ _| ;| || |(.-' | | | >> |__| `--' `-' `;-| `-' ' ' `-' >> / ; Instance (Ubuntu 14.04 20150819) >> `-' https://docs.joyent.com/images/lx-brand-beta >> >> root@base3:~# ps awx >> PID TTY STAT TIME COMMAND >> 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background >> 48650 ? S 0:00 upstart-file-bridge --daemon >> 48750 ? S 0:00 sleep 60 >> 1 ? S 0:00 init >> 48757 ? Ss 0:00 /bin/login -h zone:global -f >> 48779 ? R 0:00 ps awx >> 48752 ? Ss 0:00 /sbin/getty -8 38400 console >> 48670 ? Ss 0:00 cron >> 48768 ? S 0:00 -bash >> 48647 ? S< 0:00 /usr/sbin/ntpdate -s ntp.ubuntu.com >> 48676 ? Ss 0:00 /usr/sbin/sshd -D >> 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon >> 48415 ? Ssl 0:00 ipmgmtd >> 48636 ? S 0:00 lockfile-touch /var/lock/ntpdate-ifup >> 48497 ? S 0:00 upstart-udev-bridge --daemon >> 48619 ? Ssl 0:00 rsyslogd >> 48630 ? S 0:00 /bin/sh /etc/network/if-up.d/ntpdate >> root@base3:~# service winbind start && service smbd start && service >nmbd >> start >> winbind start/running, process 48795 >> smbd start/running, process 48806 >> nmbd start/running, process 48820 >> root@base3:~# ps awx >> PID TTY STAT TIME COMMAND >> 48691 ? S 0:00 /bin/sh /etc/init.d/ondemand background >> 48650 ? S 0:00 upstart-file-bridge --daemon >> 48750 ? S 0:00 sleep 60 >> 1 ? S 0:00 init >> 48757 ? Ss 0:00 /bin/login -h zone:global -f >> 48820 /var/log/samba/log.nmbd Ss 0:00 nmbd -D >> 48752 ? Ss 0:00 /sbin/getty -8 38400 console >> 48670 ? Ss 0:00 cron >> 48768 ? S 0:00 -bash >> 48795 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F >> 48822 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F >> 48824 /var/log/samba/log.smbd S 0:00 smbd -F >> 48676 ? Ss 0:00 /usr/sbin/sshd -D >> 48502 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon >> 48415 ? Ssl 0:00 ipmgmtd >> 48823 /var/log/samba/log.winbindd-idmap S 0:00 /usr/sbin/winbindd >-F >> 48806 /var/log/samba/log.smbd Ss 0:00 smbd -F >> 48826 ? R 0:00 ps awx >> 48814 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F >> 48497 ? S 0:00 upstart-udev-bridge --daemon >> 48619 ? Ssl 0:00 rsyslogd >> 48804 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F >> >> >> Switch to explicit 'start on' fixes the issue. I'm not sure what >other >> packages have the above 'start on' arrangement. >> >> root@base3:~# grep 'start on' /etc/init/winbind.conf >> start on runlevel [2345] >> root@base3:~# grep 'start on' /etc/init/?mbd.conf >> /etc/init/nmbd.conf:start on (local-filesystems and net-device-up >> IFACE!=lo) >> /etc/init/smbd.conf:start on (local-filesystems and net-device-up) >> >> >> reboot and then. >> >> root@base3:~# ps awx >> PID TTY STAT TIME COMMAND >> 49771 ? Ssl 0:00 rsyslogd >> 49906 ? S 0:00 sleep 60 >> 49948 /var/log/samba/log.wb-BASE3 S 0:00 /usr/sbin/winbindd -F >> 49926 ? S 0:00 -bash >> 1 ? S 0:00 init >> 49802 ? S 0:00 upstart-file-bridge --daemon >> 49573 ? Ssl 0:00 ipmgmtd >> 49855 /var/log/samba/log.wb-KPAC S 0:00 /usr/sbin/winbindd -F >> 49649 ? S 0:00 upstart-udev-bridge --daemon >> 49947 /var/log/samba/log.wb-BUILTIN S 0:00 /usr/sbin/winbindd -F >> 49949 ? R 0:00 ps awx >> 49824 ? Ss 0:00 cron >> 49920 ? Ss 0:00 /sbin/getty -8 38400 console >> 49655 ? Ss 0:00 /lib/systemd/systemd-udevd --daemon >> 49848 ? S 0:00 /bin/sh /etc/init.d/ondemand background >> 49908 ? Ss 0:00 /bin/login -h zone:global -f >> 49828 ? Ss 0:00 /usr/sbin/sshd -D >> 49835 /var/log/samba/log.winbindd Ss 0:00 /usr/sbin/winbindd -F >> >> root@base3:~# /etc/init.d/winbind status >> * winbind is running >> root@base3:~# /etc/init.d/smbd status >> * smbd is not running >> >> >> >> === >> >> kinit/klist works. >> wbinfo -u, -g and -i seem to work. >> >> >> root@base3:~# wbinfo -u | grep nlee >> nlee >> >> >> >> Haven't pin this issue down yet: >> >> >> root@base3:~# touch /tmp/t >> root@base3:~# chown nlee /tmp/t >> root@base3:~# ls -l /tmp >> total 5 >> -rw------- 1 root root 2466 Sep 3 12:06 krb5cc_0 >> -rw-r--r-- 1 root root 0 Sep 3 12:32 t >> >> >> Few other logs: >> >> root@base3:~# date >> Thu Sep 3 12:33:39 UTC 2015 >> >> >> root@base3:~# tail /var/log/samba/log.smbd >> open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 >failed >> with error = Protocol not available >> [2015/09/03 12:30:59.181653, 0] >../lib/util/pidfile.c:153(pidfile_unlink) >> Failed to delete pidfile /var/run/samba/smbd.pid. Error was No such >file >> or directory >> [2015/09/03 12:32:26, 0] ../source3/smbd/server.c:1198(main) >> smbd version 4.1.6-Ubuntu started. >> Copyright Andrew Tridgell and the Samba Team 1992-2013 >> [2015/09/03 12:32:26.085415, 0] ../source3/smbd/server.c:1278(main) >> standard input is not a socket, assuming -D option >> [2015/09/03 12:32:26.528489, 0] >> ../source3/lib/util_sock.c:446(open_socket_in) >> open_socket_in(): setsockopt: SO_REUSEPORT = true on port 445 >failed >> with error = Protocol not available >> >> >> root@base3:~# tail /var/log/samba/log.nmbd >> Got SIGTERM: going down... >> [2015/09/03 12:32:26, 0] ../source3/nmbd/nmbd.c:902(main) >> nmbd version 4.1.6-Ubuntu started. >> Copyright Andrew Tridgell and the Samba Team 1992-2013 >> [2015/09/03 12:32:26, 0] >../source3/lib/util_sock.c:446(open_socket_in) >> open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 >failed >> with error = Protocol not available >> [2015/09/03 12:32:26, 0] >../source3/lib/util_sock.c:446(open_socket_in) >> open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 >failed >> with error = Protocol not available >> [2015/09/03 12:32:26, 0] >../source3/lib/util_sock.c:446(open_socket_in) >> open_socket_in(): setsockopt: SO_REUSEPORT = true on port 137 >failed >> with error = Protocol not available >> root@base3:~# tail /var/log/samba/log.winbindd >> Copyright Andrew Tridgell and the Samba Team 1992-2013 >> [2015/09/03 12:29:45.661287, 0] >> ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) >> initialize_winbindd_cache: clearing cache and re-creating with >version >> number 2 >> [2015/09/03 12:30:59.165752, 0] >> ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler) >> Got sig[15] terminate (is_parent=1) >> [2015/09/03 12:32:20, 0] ../source3/winbindd/winbindd.c:1453(main) >> winbindd version 4.1.6-Ubuntu started. >> Copyright Andrew Tridgell and the Samba Team 1992-2013 >> [2015/09/03 12:32:20.551640, 0] >> ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache) >> initialize_winbindd_cache: clearing cache and re-creating with >version >> number 2 >> >> >> apparmour is meant to cause some issues with samba, but it's not >installed. >> >> root@base3:~# dpkg -l apparmour >> dpkg-query: no packages found matching apparmour >> root@base3:~# dpkg -l app\* >> Desired=Unknown/Install/Remove/Purge/Hold >> | >> >Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend >> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) >> ||/ Name Version >> Architecture Description >> >> >+++-=========================================-=========================-=========================-======================================================================================= >> un apparmor <none> >> <none> (no description available) >> un approx <none> >> <none> (no description available) >> >> >> >> I'll give this ago on base-64-lts 14.4.2 next. >> >> Nicholas >> >> >> apt-get install samba winbind samba libnss-winbind libpam-winbind >> krb5-config krb5-locales krb5-user >> >> >> root@base3:/etc/init# cat /etc/samba/smb.conf >> [global] >> realm = CORP.KPAC.CO.NZ >> workgroup = KPAC >> security = ADS >> dedicated keytab file = /etc/krb5.keytab >> kerberos method = secrets and keytab >> >> # idmap config *:backend = tdb >> # idmap config *:range = 5000-9999 >> idmap config KPAC:backend = rid >> idmap config KPAC:range = 10000-29999 >> idmap config KPAC:schema_mode = rfc2307 >> >> winbind nss info = rfc2307 >> winbind use default domain = Yes >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind refresh tickets = Yes >> winbind normalize names = Yes >> winbind separator = + >> >> >> store dos attributes = Yes >> >> vfs objects = acl_xattr >> map acl inherit = Yes >> >> >> # fix syslog >> printing = CUPS >> printcap name = /dev/null >> >> >> root@base3:~# cat /etc/krb5.conf >> # Be careful with CAPS they are significant! >> [libdefaults] >> default_realm = CORP.KPAC.CO.NZ >> ticket_lifetime = 24000 >> default_tgs_entypes = rc4-hmac des-cbc-md5 >> default_tkt__enctypes = rc4-hmac des-cbc-md5 >> permitted_enctypes = rc4-hmac des-cbc-md5 >> dns_lookup_realm = true >> dns_lookup_kdc = true >> dns_fallback = yes >> >> [realms] >> CORP.KPAC.CO.NZ = { >> kdc = twin.corp.kpac.co.nz >> default_domain = corp.kpac.co.nz >> } >> >> [domain_realm] >> # So are leading fullstops >> .corp.kpac.co.nz = CORP.KPAC.CO.NZ >> corp.kpac.co.nz = CORP.KPAC.CO.NZ >> >> [appdefaults] >> pam = { >> debug = false >> ticket_lifetime = 36000 >> renew_lifetime = 36000 >> forwardable = true >> krb4_convert = false >> } >> >> [logging] >> default = FILE:/var/log/krb5libs.log >> kdc = FILE:/var/log/krb5kdc.log >> admin_server = FILE:/var/log/kadmind.log >> >> >> root@base3:~# cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages >installed, try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat winbind >> group: compat winbind >> shadow: compat >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> >> *smartos-discuss* | Archives >> <https://www.listbox.com/member/archive/184463/=now> >> <https://www.listbox.com/member/archive/rss/184463/21516906-2011406d> >| >> Modify >> <https://www.listbox.com/member/?&;> >> Your Subscription <http://www.listbox.com> >> > > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
