Web lists-archives.com

Re: [Samba] winbindd crashing -- how to auto-heal?




And even the "stock" setting is not correct.  :-/ 

 > After=syslog.target network.target nmb.service 

It's better to have:
 After=syslog.target network-online.target nmb.service

And check if you nsswitch.conf contains winbind at the end and not beginning. 

If you use systemctl, use it like this get all status : 
systemctl status smbd nmbd winbind

Get all service info with : 
systemctl cat smbd nmbd winbind


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Jamie Jackson via samba
> Verzonden: maandag 3 september 2018 16:48
> Aan: rpenny@xxxxxxxxx
> CC: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] winbindd crashing -- how to auto-heal?
> 
> On Mon, Sep 3, 2018 at 10:35 AM Jamie Jackson 
> <jamiejaxon@xxxxxxxxx> wrote:
> 
> >
> >
> > On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba <
> > samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> On Sun, 2 Sep 2018 22:37:05 -0400
> >> Jamie Jackson via samba <samba@xxxxxxxxxxxxxxx> wrote:
> >>
> >> > Thanks for the workaround, Luca. I might end up going with:
> >> >
> >> > #!/bin/bash
> >> > getent group | grep -q 'Domain Users' && exit 0
> >> > echo "restarting winbind"
> >> > sudo systemctl restart winbind
> >> >
> >> >
> >> > Rowland, it crashed again. Here's some info. Please let 
> me know if I
> >> > should provide more:
> >> > 
> https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f
> >> >
> >>
> >> The last few lines of the log are these:
> >>
> >> [2018/09/01 23:19:27.748555,  3, pid=9795]
> >> ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid)
> >>   msrpc_name_to_sid: name=REDACTED\ROOT
> >> [2018/09/01 23:19:27.748585,  3, pid=9795]
> >> ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid)
> >>   name_to_sid [rpc] REDACTED\ROOT for domain REDACTED
> >> [2018/09/01 23:20:28.475336,  0, pid=9795]
> >> ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler)
> >>   Got sig[15] terminate (is_parent=0)
> >>
> >> It looks like you ran you script/commands on Sun Sep  2 
> 21:35:39 EDT
> >> 2018
> >>
> >> To my eye, there is nothing really wrong, there certainly isn't any
> >> evidence of a crash, the only evidence that I can see is 
> that winbind
> >> has exited.
> >>
> >> So I went back to the info you posted earlier, at that time I
> >> concentrated on the smb.conf, this time I looked a lot 
> more closely at
> >> this:
> >>
> >> $ ps -aux | grep '\(samba\|smb\|winbind\)'
> >> root     12600  0.0  0.0 399284  2324 ?        Ss   Aug31   0:16
> >> /usr/sbin/winbindd --foreground --no-process-group
> >> root     12602  0.0  0.0 424328  5948 ?        S    Aug31   0:01
> >> /usr/sbin/winbindd --foreground --no-process-group
> >> root     12857  0.0  0.0 406020   964 ?        S    Aug31   0:03
> >> /usr/sbin/winbindd --foreground --no-process-group
> >> root     12858  0.0  0.0 399144  1416 ?        S    Aug31   0:00
> >> /usr/sbin/winbindd --foreground --no-process-group
> >> root     12859  0.0  0.0 399144  1504 ?        S    Aug31   0:00
> >> /usr/sbin/winbindd --foreground --no-process-group
> >>
> >> If I run the same command on a Unix domain member, I get this:
> >>
> >> root      2231  0.0  0.1 398220 17912 ?        Ss   Aug29   0:03
> >> /usr/sbin/winbindd
> >> root      2593  0.0  0.1 455004 20328 ?        S    Aug29   0:10
> >> /usr/sbin/winbindd
> >> root      2630  0.0  0.0 307728 15336 ?        Ss   Aug29   0:00
> >> /usr/sbin/smbd -D
> >> root      2683  0.0  0.0 296524  4516 ?        S    Aug29   0:00
> >> /usr/sbin/smbd -D
> >> root      2684  0.0  0.0 296524  4516 ?        S    Aug29   0:00
> >> /usr/sbin/smbd -D
> >> root      2730  0.0  0.0 265088  9696 ?        S    Aug29   0:00
> >> /usr/sbin/winbindd
> >> root      2745  0.0  0.0 265220  9560 ?        S    Aug29   0:00
> >> /usr/sbin/winbindd
> >> root      2746  0.0  0.1 403600 16412 ?        S    Aug29   0:01
> >> /usr/sbin/winbindd
> >>
> >> So, from that, can I ask these questions:
> >>
> >> Why isn't 'smbd' running ?
> >>
> >
> > I didn't set this up, but I assume the sysadmins didn't run 
> it because
> > they, like Luca, probably assumed that smbd was for server 
> functionality
> > (to provide services to clients), whereas, AFAIK, our hosts 
> only act as
> > clients. Could you explain how smbd fits into this when the 
> hosts are
> > consuming remote services (but presumably not providing any)?
> >
> >
> >> Is 'nmbd' running ?
> >>
> >
> > Doesn't look like it:
> >
> > [jamie.jackson@rwhudxdkrdev ~]$ systemctl -a | grep
> > '\(smb\|samba\|sssd\|winbind\|nmb\)'
> > ??? nmb.service
> >                                        not-found inactive dead
> > nmb.service
> >   winbind.service
> >                                        loaded    active   
> running   Samba
> > Winbind Daemon
> >
> >
> >> Why aren't you running 'winbind' as a daemon ?
> >>
> >
> > No clue, but here's what I found in systemd:
> >
> > [jamie.jackson@rwhudxdkrdev ~]$ cat
> > /usr/lib/systemd/system/winbind.service
> > [Unit]
> > Description=Samba Winbind Daemon
> > After=syslog.target network.target nmb.service
> >
> > [Service]
> > Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba
> > Type=notify
> > NotifyAccess=all
> > PIDFile=/run/winbindd.pid
> > EnvironmentFile=-/etc/sysconfig/samba
> > ExecStart=/usr/sbin/winbindd --foreground --no-process-group
> > "$WINBINDOPTIONS"
> > ExecReload=/usr/bin/kill -HUP $MAINPID
> > LimitCORE=infinity
> >
> > [Install]
> > WantedBy=multi-user.target
> >
> >
> FYI, I just checked, and on a stock RHEL 7.5 box, with samba-winbind
> installed, the above is what you get. (The file above is stock.)
> 
> 
> > Why do feel you don't need a process group for winbind ?
> >>
> >
> > I'm not the implementor (but I can pass your questions on 
> to that group).
> > However, if I were to guess: The implementors probably 
> aren't trying to be
> > creative or contrary. I figure they probably found a 
> solution that seemed
> > to (mostly) work--maybe many years ago--and they might not 
> know exactly how
> > to implement AD integration in RHEL according to best practice.
> >
> > At this point, it might make more sense to throw out the current
> > configuration (since I'm gleaning from your questions that 
> it's unorthodox)
> > and start fresh, but let's see what your impressions are 
> after the latest
> > bits of info above.
> >
> >
> >> Rowland
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba