Bug 54356 - [5.0] After Server-Password-Change samba process is not started due to Failed to listen on ::1:135
[5.0] After Server-Password-Change samba process is not started due to Failed...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Password changes
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 5.0-1-errata
Assigned To: Iván.Delgado
Erik Damrose
https://git.knut.univention.de/univen...
:
Depends on: 51535
Blocks: 53597
  Show dependency treegraph
 
Reported: 2022-01-18 14:21 CET by Iván.Delgado
Modified: 2022-01-19 13:55 CET (History)
11 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.343
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2020052521000591, 2020061821000521, 2020111921000439, 2021041321000112, 2021110121000194, 2021121621000601
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Iván.Delgado univentionstaff 2022-01-18 14:21:57 CET
+++ This bug was initially created as a clone of Bug #51535 +++

A Partner reported, that two of his customers have the following messages in the samba log, after the server password change took place.
Samba is therefor not started in the morning.


stream_setup_socket: Failed to listen on ::1:135 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

Troubleshooting the issue shows that on both customer environments some cifs connections were still established.

Like:

Samba version 4.10.1-Univention
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
32550   EXFTP$       Domain Computers 192.168.24.8 (ipv4:192.168.24.8:42972)    SMB3_11           -                    AES-128-CMAC         

Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
IPC$         32550   192.168.24.8  Tue Jun 16 17:41:08 2020 CEST    -            AES-128-CMAC
===============================================================================
or 

/bin/df -lhT
Filesystem                Type      Size  Used Avail Use% Mounted on
udev                      devtmpfs  2.0G     0  2.0G   0% /dev
tmpfs                     tmpfs     396M   27M  369M   7% /run
/dev/mapper/vg_ucs-rootfs ext4       22G   16G  4.7G  77% /
[...]
\\192.168.0.24\back    cifs      3.7T  1.2T  2.6T  31% /mnt/back
 
===============================================================================

So we patched the server-password-change script, to make sure the disconnection works.
==========================================================================
 diff -Nuar univention-samba4{.orig,}
--- univention-samba4.orig    2020-06-18 16:33:01.812634377 +0200
+++ univention-samba4    2020-06-18 16:32:10.169712325 +0200
@@ -83,6 +83,16 @@
         exit 1
     fi
 
-    test -x /etc/init.d/samba && /etc/init.d/samba restart
+    if test -x /etc/init.d/samba; then
+        /etc/init.d/samba stop
+        sleep 5
+        pids=$(pgrep smbd)
+        if [ -n "$pids" ]; then
+            pkill -9 smbd
+            /etc/init.d/samba stop
+        fi
+        /etc/init.d/samba start
+    fi
         
 fi
Comment 1 Iván.Delgado univentionstaff 2022-01-18 14:57:36 CET
The patch suggested in the description was applied.
Now the samba process is restarted after server password change.

The commit message of 46f1561760 8da491a1a1 529f4d4601 have a wrong bug number, the correct bug number is 54356

[5.0-1] d7745fe35b Bug #54356: Update advisory
[5.0-1] 46f1561760 Bug #51535: Fix bug number in advisory and changelog
[5.0-1] 8da491a1a1 Bug #51535: Create Advisory + changelog
[5.0-1] 529f4d4601 Bug #51535: After Server-Password-Change samba process is not started

univention-samba4: 9.0.6-8A~5.0.0.202201181446
Comment 2 Erik Damrose univentionstaff 2022-01-19 11:18:20 CET
OK: Adapted u-samba4 server password change script
OK: univention-samba4: 9.0.6-8A~5.0.0.202201181446
OK: yaml, i made some small changes to the text
Verified