Univention Bugzilla – Bug 44237
univention-samba4: /etc/init.d/samba is incompatible with systemd
Last modified: 2022-12-05 14:37:10 CET
The /etc/init.d/samba helper script installed by the samba source package and used in univention-samba4 (not univention-samba) is incompatible with systemd, so you have to decide, you can only use one or the other consistently: ================================================================ root@master100:~# service samba stop root@master100:~# /etc/init.d/samba start [ ok ] Starting nmbd (via systemctl): nmbd.service. [ ok ] Starting smbd (via systemctl): smbd.service. [ ok ] Starting samba-ad-dc (via systemctl): samba-ad-dc.service. root@master100:~# service samba reload Job for samba.service failed. See 'systemctl status samba.service' and 'journalctl -xn' for details. root@master100:~# service samba stop root@master100:~# pgrep -cf /usr/sbin/samba 12 ================================================================ ================================================================ root@master100:~# /etc/init.d/samba stop [ ok ] Stopping samba-ad-dc (via systemctl): samba-ad-dc.service. [ ok ] Stopping smbd (via systemctl): smbd.service. [ ok ] Stopping nmbd (via systemctl): nmbd.service. root@master100:~# service samba status ● samba.service - LSB: ensure Samba daemons are started (nmbd and smbd) Loaded: loaded (/etc/init.d/samba) Active: active (exited) since Mo 2017-04-03 15:34:13 CEST; 58s ago Process: 15226 ExecStop=/etc/init.d/samba stop (code=exited, status=0/SUCCESS) Process: 15007 ExecReload=/etc/init.d/samba reload (code=exited, status=0/SUCCESS) Process: 15272 ExecStart=/etc/init.d/samba start (code=exited, status=0/SUCCESS) root@master100:~# service samba reload Job for samba.service failed. See 'systemctl status samba.service' and 'journalctl -xn' for details. root@master100:~# service samba restart root@master100:~# service samba reload root@master100:~# ================================================================ The script does not load the lsb/init-functions. We should have a look at how Debian deals with this. We also need to consider that UCS uses the "samba" package in fundamentally different configurations and process structures (univention-samba and univention-samba4). In the mean time we should avoid using "service samba [action]" and "invoke-rc.d samba [action]".
Note: This is the status after booting: ======================================================================= root@master100:~# service samba status ● samba.service - LSB: ensure Samba daemons are started (nmbd and smbd) Loaded: loaded (/etc/init.d/samba) Active: inactive (dead) ======================================================================= But everything is up: ======================================================================= root@master100:~# pgrep -cf /usr/sbin/samba 12 ======================================================================= Even better, running the script directly returns a proper status report: ======================================================================= root@master100:~# /etc/init.d/samba status ● samba-ad-dc.service - LSB: start Samba daemons for the AD DC Loaded: loaded (/etc/init.d/samba-ad-dc) Active: active (running) since Mo 2017-04-03 16:23:48 CEST; 33s ago Process: 704 ExecStart=/etc/init.d/samba-ad-dc start (code=exited, status=0/SUCCESS) CGroup: /system.slice/samba-ad-dc.service ├─1068 /usr/sbin/samba -D ├─1207 /usr/sbin/samba -D ├─1208 /usr/sbin/samba -D ├─1209 /usr/sbin/samba -D ├─1210 /usr/sbin/samba -D ├─1213 /usr/sbin/samba -D ├─1214 /usr/sbin/samba -D ├─1215 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─1216 /usr/sbin/samba -D ├─1217 /usr/sbin/samba -D ├─1218 /usr/sbin/samba -D ├─1223 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ├─1226 /usr/sbin/samba -D ├─1227 /usr/sbin/samba -D ├─1376 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ├─1379 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground ├─1380 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground └─1415 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground Apr 03 16:23:48 master100 samba-ad-dc[704]: Starting Samba AD DC daemon: samba. Apr 03 16:23:48 master100 systemd[1]: Started LSB: start Samba daemons for the AD DC. ======================================================================= So, better use the script directly and avoid "service" and "invoke-rc.d" until we have sorted things out "the systemd-way".
The Enterprise Customer affected flag is set but neither a Ticket number is referenced nor a Customer ID is set. Please set a Ticket number or a Customer ID. Otherwise the Enterprise Customer affected flag will be reset.
(In reply to Stefan Gohmann from comment #2) > The Enterprise Customer affected flag is set but neither a Ticket number is > referenced nor a Customer ID is set. Please set a Ticket number or a > Customer ID. Otherwise the Enterprise Customer affected flag will be reset. Couln't find a related Ticket - probably this issue for sure will effect every customer?
added two current support cases
Would be helpful if a solution / hint is shown in the system diagnostics when this specific message occurs. imho a [fix button] is not the right answer in this situation.
I came here across reading bug #47634 while trying to debug a non-working cross-domain share setup (always getting NT_STATUS_OBJECT_NAME_NOT_FOUND). It turned out that the solution was a really trivial one...
For UCS 4.4-8 and 5.0-0: # find /etc/init.d/ /???/systemd \( -iname \*samba\* -o -name \*[sn]mbd\* \) -printf '%p -> %l\n' /etc/init.d/nmbd -> /etc/init.d/smbd -> /etc/init.d/samba -> /etc/init.d/samba-ad-dc -> /run/systemd/generator.late/smbd.service -> /run/systemd/generator.late/samba.service -> /run/systemd/generator.late/samba-ad-dc.service -> /run/systemd/generator.late/graphical.target.wants/smbd.service -> ../smbd.service /run/systemd/generator.late/graphical.target.wants/samba-ad-dc.service -> ../samba-ad-dc.service /run/systemd/generator.late/graphical.target.wants/nmbd.service -> ../nmbd.service /run/systemd/generator.late/multi-user.target.wants/smbd.service -> ../smbd.service /run/systemd/generator.late/multi-user.target.wants/samba-ad-dc.service -> ../samba-ad-dc.service /run/systemd/generator.late/multi-user.target.wants/nmbd.service -> ../nmbd.service /run/systemd/generator.late/nmbd.service -> /run/systemd/units/invocation:samba-ad-dc.service -> fb1d9b2da72944ab8b29029cb73846e9 /run/systemd/units/invocation:smbd.service -> 2d4ee97564fc4e6c81c9f5db81f3be5f /run/systemd/units/invocation:nmbd.service -> e412757ee71f4e1b90d38d13b0fca0d0 Please note that there is no symbolic link for "samba.service" by any "*.target.wants/" to get enabled by default: # systemctl status {samba{,-ad-dc},{s,n}mbd}.service ● samba.service - LSB: ensure Samba daemons are started (nmbd and smbd) Loaded: loaded (/etc/init.d/samba; generated) Active: inactive (dead) ● samba-ad-dc.service - LSB: Samba daemons for the AD DC Loaded: loaded (/etc/init.d/samba-ad-dc; generated) Active: active (running) since Thu 2021-11-25 09:07:01 CET; 1h 51min ago ● smbd.service - LSB: Samba SMB/CIFS daemon (smbd) Loaded: loaded (/etc/init.d/smbd; generated) Active: active (exited) since Thu 2021-11-25 09:07:00 CET; 1h 52min ago ● nmbd.service - LSB: Samba NetBIOS nameserver (nmbd) Loaded: loaded (/etc/init.d/nmbd; generated) Active: active (running) since Thu 2021-11-25 09:07:00 CET; 1h 52min ago "/etc/init.d/samba" is just a shell-wrapper, which deliberately does NOT source "/lib/lsb/init-functions", which would delegate starting the service to the NATIVE systemd.service files IFF it exists, which does not. (In reply to Arvid Requate from comment #1) > Note: This is the status after booting: > ======================================================================= > root@master100:~# service samba status > ● samba.service - LSB: ensure Samba daemons are started (nmbd and smbd) > Loaded: loaded (/etc/init.d/samba) > Active: inactive (dead) > ======================================================================= EXPECTED: There is no symbolic link for "samba.service" by any "*.target.wants/" to get enabled by default on boot > But everything is up: > ======================================================================= > root@master100:~# pgrep -cf /usr/sbin/samba > 12 > ======================================================================= EXPECTED: Because `/usr/sbin/samba` is started by "/etc/init.d/samba-ad-dc" AKA "samba-ad-dc.service" > Even better, running the script directly returns a proper status report: > ======================================================================= > root@master100:~# /etc/init.d/samba status > ● samba-ad-dc.service - LSB: start Samba daemons for the AD DC ^^^^^^^^^^^^^^^^^^^ … EXPECTED: Because "/etc/init.d/samba" is just a shell script, which does NOT source `/lib/lsb/init-functions`, which contains the code to handle NATIVE systemd.service ; as there is no "/{etc,lib}/systemd/systemd/samba.service" this is irrelevant for now. The the command is just invoking the SHELL script "/etc/init.d/samba", which does a "/etc/init.d/samba-ad-dc status": This delegates to `systemd` and shows the mentioned output. 1. If you do a "/etc/init.d/samba start" - it will invoke the script as a plain shell script - which then will just try to start "nmbd", "smbd", "samba-ad-dc" which are already running; - This will be done via "systemctl", which will do nothing as "{nmbd,smbd,samba-ad-dc}.service" are already running. - As the script does NOT source "/lib/lsb/init-functions" the "samba.service" will remain untouched, e.g. "inactive". - `systemctl stop|reload samba` will do NOTHING because of that and `systemctl restart samba` will do to WRONG thing: `stop` will do nothing, `start` will not RE-start the still running services. - But `/etc/init.d/samba stop|service|reload|restart` will work 2. If you do a "systemctl start samba" instead - this does the same BUT - will also mark "samba.service" as "running"! - because of that `systemctl stop|reload|restart samba` does also work because it will be propagated to {samba-ad-dc,smbd,nmbd} by the shell script correctly. - but "systemctl status samba" will be wrong and still show the service as ACTIVE after doing a `systemctl stop smbd.service nmbd.service samba-ad-dc.service` because for systemd the services are not connected - but `/etc/init.d/samba status` will show failure it it delegates to "samba-ad-dc.service" Basically you need: - "/lib/systemd/system/samba.service" [Unit] Description=Samba Super Service Requires=samba-ad-dc.service smbd.service nmbd.service # these services must be started PropagateReloadTo=smbd.service # only service supporting reload [Service] Type=oneshot ExecStart=/bin/true # dummy ExecReload=/bin/true # to make PropagateReload work RemainAfterExit=yes [Install] WantedBy=multi-user.target - "/lib/systemd/system/samba-ad-dc.service.d/samba.conf - "/lib/systemd/system/smbd.service.d/samba.conf - "/lib/systemd/system/nmbd.service.d/samba.conf [Unit] PartOf=samba.service # propagate OUR demise upstream - Optionally "/etc/init.d/samba" for backward compatibility until all those "/etc/init.d/samba …" and "invoke-rc.d samba …" are gone: #!/bin/bash ### BEGIN INIT INFO # Provides: samba # Required-Start: samba-ad-dc nmbd smbd # Required-Stop: samba-ad-dc nmbd smbd # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Samba Super Service ### END INIT INFO . /lib/lsb/init-functions NAME='samba` DESC=$(get_lsb_header_val "$0" Short-Description) exit 0 The `PartOf=` will bind all services together, e.g. stopping one of them will also stop all the others. But afterward you can start "{nmbd,smbd,samba-ad-dc}.service" individually or all of them via just "samba.service".
Thanks for the analysis. For future reference: Please note that smbd, nmbd (and winbind) must not get started as separate services iff the system is configured as AD DC, as in that case samba starts smbd and winbind as child processes. This can be determined by either checking "server role = active directory domain controller" in smb.conf or by the fact that univention-samba4 is installed. OTOH, if (server/role == memberserver) or (ad/member == yes) then those processes need to be started separately. Maybe the easiest thing would be to ship those service units as part of univention-samba4 and univention-samba.
(In reply to Arvid Requate from comment #8) > For future reference: Please note that smbd, nmbd (and winbind) > must not get started as separate services iff the system is configured as AD DC, > as in that case samba starts smbd and winbind as child processes. This can be > determined by either checking "server role = active directory domain > controller" in smb.conf or by the fact that univention-samba4 is installed. > > OTOH, if (server/role == memberserver) or (ad/member == yes) then > those processes need to be started separately. Systemd has "Conflicts=" which can be used to make sure either "samba-ad-dc.service" is running or "{smbd,nmdb,windbind}.service". I have not checked how well this plays together with "PartOf=" as this becomes contradicting in some cases. samba.service: if ucr["server/role"] == "memberserver" or ucrv.is_true("ad/member"): # Member Requires=samba-ad-dc.service smbd.service nmbd.service # these services must be started PropagateReloadTo=smbd.service else: # AD DC Conflicts=smbd.service nmbd.service winbind.service > Maybe the easiest thing would be to ship those service units as part > of univention-samba4 and univention-samba. Looks a little bit like our "univention-bind" where have "bind9.service" and/or "univention-bind-ldap.service" depending on UCRV "dns/backend". We generate some "systemd augemntation files" /etc/systemd/system/$name.service.d/$prefix.conf there to conditionally add appropriate dependencies. I have not checked what systemd.service files "samba" ships by default and how re-usable they are for out 2 modes "AD DC" and "Member". TBC…