Web lists-archives.com

Re: [Samba] samba-ad restart fails occasionally




Hi Louis,

On 05/12/2017 10:19 AM, L.P.H. van Belle via samba wrote:
You know there is 4.6.3 for wheezy available?
Yep. But this has been happening for quite a while already. Even from during before 4.4, or actually even earlier.

What you can do is get the source and get the init from the 4.6.3. if
you want to stay on the 4.5 sernet line.
yes, I could play around with those init script, yes. Thanks for the suggestion.

Here are the requested files:
root@DC2:/etc/logrotate.d# cat sernet-samba
/var/log/samba/log.samba {
    size 20M
    missingok
    rotate 99
    compress
    delaycompress
    notifempty
    create 644 root root
    postrotate
    service sernet-samba-ad restart > /log.samba-restarts
    endscript
}

/var/log/samba/*.old {
    size 1M
    missingok
    rotate 99
    compress
    nocreate
    notifempty
    postrotate
    service sernet-samba-ad restart > /samba.old-restarts
    endscript
}

/var/log/samba/samba.*.log {
    size 20M
    missingok
    rotate 99
    compress
    delaycompress
    notifempty
    postrotate
    service sernet-samba-ad restart > /samba-log-restarts
    endscript
}

/var/log/samba/log.smbd {
    size 20M
    missingok
    rotate 99
    compress
    delaycompress
    notifempty
    create 644 root root
    postrotate
    service sernet-samba-ad restart > /smbd.samba-restarts
    endscript
}

And

root@DC2:/etc/init.d# cat sernet-samba-ad
#!/bin/sh
# Copyright (c) 2004-2017 SerNet GmbH
#
# SerNet Samba Team <samba@xxxxxxxxx>
#
### BEGIN INIT INFO
# Provides:       sernet-samba-ad ldap slapd
# Required-Start: $network $remote_fs
# Should-Start:   $syslog cupsd
# Should-Stop:    $syslog cupsd
# Required-Stop:
# Default-Start:  2 3 4 5
# Default-Stop:   0 1 6
# Description:    initscript for the SAMBA AD services
### END INIT INFO

SAMBA_USR_PREFIX=${SAMBA_USR_PREFIX:=/usr}
SAMBA_CONF_PREFIX=${SAMBA_CONF_PREFIX:=/etc/samba}

SMB_CONF=${SAMBA_CONF_PREFIX}/smb.conf
SAMBA_PIDDIR=${SAMBA_PIDDIR:=/var/run/samba}

ENV_SAMBA_START_MODE=${SAMBA_START_MODE-}
ENV_SAMBA_RESTART_ON_UPDATE=${SAMBA_RESTART_ON_UPDATE-}
ENV_SAMBA_IGNORE_NSUPDATE_G=${SAMBA_IGNORE_NSUPDATE_G-}
. /etc/default/sernet-samba
SAMBA_START_MODE=${ENV_SAMBA_START_MODE:=${SAMBA_START_MODE-}}
SAMBA_RESTART_ON_UPDATE=${ENV_SAMBA_RESTART_ON_UPDATE:=${SAMBA_RESTART_ON_UPDATE-}}
SAMBA_IGNORE_NSUPDATE_G=${ENV_SAMBA_IGNORE_NSUPDATE_G:=${SAMBA_IGNORE_NSUPDATE_G-}}
. /lib/lsb/init-functions

NAME="AD services"
BINARY="${SAMBA_USR_PREFIX}/sbin/samba"
EXTRA_OPTS="${SAMBA_EXTRA_OPTS-}"
PIDFILE="${SAMBA_PIDDIR}/samba.pid"
START_MODE="ad"

LC_ALL=en_US.UTF-8

# Export Spotlight DBUS settings for smbd service
test -n "${TRACKER_BUS_TYPE}" && export TRACKER_BUS_TYPE
test -n "${DBUS_SESSION_BUS_ADDRESS}" && export DBUS_SESSION_BUS_ADDRESS

# Export GNUPGHOME for cleartext password encryption
test -n "${GNUPGHOME}" && export GNUPGHOME

sernet_verify_configuration()
{
	local _script="$1"
	local _cmd="$2"

	if [ ! -x ${BINARY} ] ; then
		log_failure_msg "${BINARY} not installed ! "
		return 5
	fi

	if ! test "${SAMBA_START_MODE}" = "${START_MODE}" ; then
		echo "${_script} wants to ${_cmd} but SAMBA_START_MODE is set to \"${SAMBA_START_MODE}\"."
		echo "Disable ${_script} or set SAMBA_START_MODE in"
		echo "/etc/default/sernet-samba to \"${START_MODE}\"."
		log_warning_msg "Exiting gracefully now."
		test x"${_SYSTEMCTL_SKIP_REDIRECT}" = x"true" && {
			# We need to exit with 0 in order to make
			# systemd happy.
			exit 0;
		}
		return 6
	fi

	if [ x"${SAMBA_IGNORE_NSUPDATE_G}" != x"yes" ]; then
		CHECK_NSUPDATE_G="`cat /dev/null | nsupdate -g 2> /dev/null && echo 1 || echo 0`"
		if [ ${CHECK_NSUPDATE_G} -eq 0 ]; then
			echo "WARNING: nsupdate does not support the GSS-TSIG mode!"
			echo "Have a look at SAMBA_IGNORE_NSUPDATE_G in /etc/default/sernet-samba."
			log_warning_msg "Exiting gracefully now."
			return 6
		fi
	fi

	if [ ! -f ${SMB_CONF} ]; then
		log_failure_msg "Samba configuration file ${SMB_CONF} does not exist."
		return 6
	fi

	if test "${START_MODE}" = "ad" ; then
		samba-tool testparm --suppress-prompt --section-name=global --parameter-name="server role" 2>/dev/null | \
		grep -q '^active directory domain controller' || {
			log_warning_msg "Samba not configured as active directory domain controller!"
			return 6
		}
	else
		testparm --suppress-prompt --section-name=global --parameter-name="server role" 2>/dev/null | \
		grep -q '^active directory domain controller' && {
			log_warning_msg "Samba configured as active directory domain controller!"
			return 6
		}
	fi

	return 0
}

case "$1" in
    start)
	sernet_verify_configuration "$0" "$1" || exit $?
	echo -n "Starting SAMBA ${NAME} : "
	test -e ${SAMBA_PIDDIR} || mkdir -m 755 ${SAMBA_PIDDIR}

	test -e ${PIDFILE} && {
		PID=$(cat ${PIDFILE})
		readlink /proc/${PID}/exe | grep -q "^${BINARY}" && {
			log_warning_msg "Warning: ${BINARY} already running ! "
			exit 0
		}

		log_warning_msg "Warning: ${PIDFILE} exists ! "
	}

	# remove winbindd pipe to workaround selinux issue
	WINBINDD_PIPE="${SAMBA_PIDDIR}/winbindd/pipe"
	test -p ${WINBINDD_PIPE} && rm ${WINBINDD_PIPE}

	if start_daemon -p ${PIDFILE} ${BINARY} -D ${EXTRA_OPTS} >/dev/null ; then
		log_success_msg ""
	else
		log_failure_msg ""
		exit 1
	fi
	;;
    stop)
	sernet_verify_configuration "$0" "$1" || exit 0
	echo -n "Shutting down SAMBA ${NAME} : "
	if [ ! -e ${PIDFILE} ] ; then
		log_warning_msg "Warning: PID file ${PIDFILE} does not exist ! "
		exit 0
	fi

	PID=$(cat ${PIDFILE})

	if ! (readlink /proc/${PID}/exe | grep -q "^${BINARY}") ; then
		log_warning_msg "Warning: ${BINARY} not running with PID=${PID} from ${PIDFILE} ! "
		exit 0
	fi

	kill -15 ${PID}
	for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30; do
		sleep 3
		kill -0 ${PID} >/dev/null 2>&1 || break
		log_warning_msg "...trying once more "
		kill -15 ${PID}
	done

	kill -0 ${PID} >/dev/null 2>&1 || {
		log_success_msg ""
		rm -f ${PIDFILE}
		exit 0
	}

	log_failure_msg "Error: ${BINARY} still running with PID=${PID} from ${PIDFILE}"
	exit 1
	;;
    try-restart)
	if $0 status > /dev/null ; then
		test "${SAMBA_RESTART_ON_UPDATE}" != yes || $0 restart
	else
		exit 0
	fi
	;;
    restart)
	$0 stop
	$0 start
	;;
    force-reload)
	$0 reload
	;;
    reload)
	sernet_verify_configuration "$0" "$1" || exit $?
	echo -n "Reloading SAMBA ${NAME} : "

	if [ ! -e ${PIDFILE} ] ; then
		log_warning_msg "PID file ${PIDFILE} not available "
		exit 7
	fi

	PID=$(cat ${PIDFILE})

	if ! (readlink /proc/${PID}/exe | grep -q "^${BINARY}") ; then
		log_warning_msg "${BINARY} not running with PID=${PID} from ${PIDFILE}"
		exit 7
	fi

	killproc ${BINARY} -HUP
	log_success_msg ""
	;;
    status)
	sernet_verify_configuration "$0" "$1" || exit $?
	echo -n "Checking for SAMBA ${NAME} : "

	if [ ! -e ${PIDFILE} ] ; then
		log_failure_msg "PID file ${PIDFILE} not available "
		exit 3
	fi

	PID=$(cat ${PIDFILE})
	kill -0 ${PID} >/dev/null 2>&1 || {
		log_failure_msg ""
		exit 3
	}

	if ! (readlink /proc/${PID}/exe | grep -q "^${BINARY}") ; then
		log_failure_msg "${BINARY} not running with PID=${PID} from ${PIDFILE}"
		exit 3
	fi

	log_success_msg ""
	;;
    probe)
	## Optional: Probe for the necessity of a reload,
	## give out the argument which is required for a reload.
	test ${SMB_CONF} -nt ${PIDFILE} && echo reload
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 3
	;;
esac

I don't think the init scripts for smbd/nmbd/winbindd are relevant, as everything is done from the single sernet-samba-ad script. (in fact: running those other init scripts prints a message that we "need to use sernet-samba-ad")

But i do suggest, upgrade to the 4.6.3 packages or .. Its time... To
upgrade to jessie, and get the 4.5.8 packages ( or the 4.6.3 )
Yes, I'll upgrade, you are right: perhaps the big upgrade to jessie could solve this...

Thanks for your reply, Louis.

MJ

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba