Problem: samba (nmbd) is not starting

scheinig · March 11, 2024, 10:34am

Problem:

samba caused by nmbd not starting is also not starting up.

Investigation:

Step1

First check the logfiles for helpfull messages.
These are

/var/log/samba/log.samba
/var/log/samba/log.smbd
/var/log/samba/log.nmbd
  [2024/03/11 10:36:05.260278,  0, pid=19588] ../../source3/nmbd/nmbd.c:909(main)
  server role = 'active directory domain controller' not compatible with running nmbd standalone. 
  You should start 'samba' instead, and it will control starting the internal nbt server

In this case nmbd.log was interesting and the server services part. You should find -nbt within these services. If not you should check the ucr Variable samba4/service/nmb
ucr get samba4/service/nmb

2. Step

Check, if samba or just one part of samba is not starting up.

SYSTEMCTL_SKIP_REDIRECT=1 bash -x /etc/init.d/samba start
+ case $1 in
+ /etc/init.d/nmbd start
[FAIL] Starting NetBIOS name server: nmbd failed!
+ /etc/init.d/smbd start
+ /etc/init.d/samba-ad-dc start
[FAIL] Starting NetBIOS name server: nmbd failed!
[ ok ] Starting Samba AD DC server: samba.

You can also try to start nmbd with debug:

/usr/sbin/nmbd -F -i -d5
The message is still the same, as seen in the logfile.

nmbd version 4.18.3-Univention started.
Copyright Andrew Tridgell and the Samba Team 1992-2023
server role = 'active directory domain controller' not compatible with running nmbd standalone. 
You should start 'samba' instead, and it will control starting the internal nbt server

Step 3

From the log message this looks like a configuration issue. So the /etc/samba/smb.conf should provide some infos.

cat /etc/samba/smb.conf |grep -A3 -B3 'server services'
        server role     = active directory domain controller
        name resolve order      = wins host bcast
        server string   = Univention Corporate Server
        server services = -dns -smb +s3fs
        workgroup       = SCHEIN
        realm           = SCHEIN.IG

We seee, that nbt is not mentioned here.

Step 4

How do we get there? Looking in the template files:
less /etc/univention/templates/files/etc/samba/smb.conf.d/10global
Part from that shows:

samba_serverstring = configRegistry.get('samba/serverstring', 'Univention Corporate Server')
print('\tserver string\t= %s' % (samba_serverstring,))

# build up and set server services option list if non-empty
server_services = ['-dns']
if configRegistry.get('samba4/service/smb', 'smbd') == 'smbd':
    server_services.append('-smb')
elif configRegistry.get('samba4/service/smb', 's3fs') == 's3fs':
    server_services.extend(['-smb', '+s3fs'])
if configRegistry.get('samba4/service/nmb', 'nmbd') == 'nmbd':
    server_services.append('-nbt')
if configRegistry.is_false('samba4/service/drepl'):
    server_services.append('-drepl')
if server_services:
    print('\tserver services\t= %s' % (' '.join(server_services),))
if configRegistry.get('samba4/service/nmb', 'nmbd') == 'nmbd':
    print('\tserver role check:inhibit = yes')
    print('\t# use nmbd; to disable set samba4/service/nmb to s4')
    print('\tnmbd_proxy_logon:cldap_server=127.0.0.1')

print('\tworkgroup\t= %s' % configRegistry['windows/domain'])
print('\trealm\t\t= %s' % configRegistry['kerberos/realm'])

Here the -ntp should be appended.

Step 5

To Debug that you should copy the template and add debugging output
cp /etc/univention/templates/files/etc/samba/smb.conf.d/10global /tmp/10global
With the ucr filter command you can do a temporary coomit with this exact file

ucr filter </tmp/10global | grep server
       server role     = active directory domain controller
        server string   = Univention Corporate Server
        server services = -dns -smb +s3fs
        ldap server require strong auth = allow_sasl_over_tls

possible debugging with print statements

build up and set server services option list if non-empty

server_services = [’-dns’]
if configRegistry.get(‘samba4/service/smb’, ‘smbd’) == ‘smbd’:
server_services.append(’-smb’)
print(’\t # 1 server services\t= %s’ % (’ '.join(server_services),))
elif configRegistry.get(‘samba4/service/smb’, ‘s3fs’) == ‘s3fs’:
server_services.extend([’-smb’, ‘+s3fs’])
print(’\t# 2 server services\t= %s’ % (’ '.join(server_services),))
if configRegistry.get(‘samba4/service/nmb’, ‘nmbd’) == ‘nmbd’:
server_services.append(’-nbt’)
print(’\t# 3 server services\t= %s’ % (’ '.join(server_services),))
if configRegistry.is_false(‘samba4/service/drepl’):
server_services.append(’-drepl’)
print(’# 4 tserver services\t= %s’ % (’ '.join(server_services),))
if server_services:
print(’\tserver services\t= %s’ % (’ ‘.join(server_services),))
if configRegistry.get(‘samba4/service/nmb’, ‘nmbd’) == ‘nmbd’:
print(’\tserver role check:inhibit = yes’)
print(’\t# use nmbd; to disable set samba4/service/nmb to s4’)
print(’\tnmbd_proxy_logon:cldap_server=127.0.0.1’)

Now getting:

ucr filter </tmp/10global | grep server 
        server role     = active directory domain controller
        server string   = Univention Corporate Server
        # 2 server services     = -dns -smb +s3fs
        server services = -dns -smb +s3fs
        ldap server require strong auth = allow_sasl_over_tls

We see the nmbd part was not run through. so checking the ucr

ucr get samba4/service/nmb
nmdb

On the second view we find the typo
Correcting this shows:

ucr filter </tmp/10global | grep server 
        server role     = active directory domain controller
        server string   = Univention Corporate Server
        # 2 server services     = -dns -smb +s3fs
        # 3 server services     = -dns -smb +s3fs -nbt
        server services = -dns -smb +s3fs -nbt
        server role check:inhibit = yes
        nmbd_proxy_logon:cldap_server=127.0.0.1
        ldap server require strong auth = allow_sasl_over_tls

And the original smb.conf also shows the “-ntp”

cat /etc/samba/smb.conf |grep -A3 -B3 'server services'
        server role     = active directory domain controller
        name resolve order      = wins host bcast
        server string   = Univention Corporate Server
        server services = -dns -smb +s3fs -nbt
        server role check:inhibit = yes
        # use nmbd; to disable set samba4/service/nmb to s4
        nmbd_proxy_logon:cldap_server=127.0.0.1

Solution:

ucr get samba4/service/nmb
nmdb

ucr set samba4/service/nmb=nmbd
Setting samba4/service/nmb
Multifile: /etc/samba/smb.conf

The test with SYSTEMCTL_SKIP_REDIRECT has to be undone.

SYSTEMCTL_SKIP_REDIRECT=1 bash -x /etc/init.d/samba stop
+ case $1 in
+ /etc/init.d/samba-ad-dc stop
[ ok ] Stopping Samba AD DC server: samba[....] Stopping NetBIOS name server: nmbd.
. ok 
+ /etc/init.d/smbd stop
+ /etc/init.d/nmbd stop
[ ok ] Stopping NetBIOS name server: nmbd.

root@backup01:~/univention-support# /etc/init.d/samba start
[ ok ] Starting nmbd (via systemctl): nmbd.service.
[ ok ] Starting samba-ad-dc (via systemctl): samba-ad-dc.service.

scheinig · March 11, 2024, 10:34am