Samba service can't bind on port 135 after it's stucking

ETES · November 4, 2022, 4:03pm

Hello,

i have the following Problem with the samba service on UCS:

the samba service stucks frequently (i suspect Logrotate for restarting the samba service unclean because it is active at the same time as the samba stucks)
restarting all services which are depending to UCS.
the samba service doesn’t come up because samba is already bind on port 135 (required for the RPC-Connection)

here some output from samba-tool:

root@master:~# samba-tool drs showrepl
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to server.domain.tld failed - drsException: DRS connection to server.domain.tld failed: (3221226038, 'The transport-connection attempt was refused by the remote system.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 63, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))

root@master:~# samba-tool drs kcc
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to server.domain.tld failed - drsException: DRS connection to server.domain.tld failed: (3221226038, 'The transport-connection attempt was refused by the remote system.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/drs.py", line 55, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 63, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))

root@master:~# /usr/lib/nagios/plugins/check_univention_samba_drs_failures
Samba DRS CRITICAL: DRS connection to server.domain.tld failed

[2022/11/03 01:08:23.786267,  0, pid=22092] ../../source4/samba/server.c:623(binary_smbd_main)
  samba version 4.16.2-Univention started.
  Copyright Andrew Tridgell and the Samba Team 1992-2022
[2022/11/03 01:08:24.117921,  0, pid=22093] ../../source4/samba/server.c:897(binary_smbd_main)
  binary_smbd_main: samba: using 'prefork' process model
[2022/11/03 01:08:24.190446,  0, pid=22137] ../../source4/samba/service_stream.c:373(stream_setup_socket)
  stream_setup_socket: Failed to listen on ::1:135 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2022/11/03 01:08:24.190481,  0, pid=22137] ../../source4/rpc_server/dcerpc_server.c:511(add_socket_rpc_tcp_iface)
  service_setup_stream_socket(address=::1,port=135) for epmapper mgmt failed - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2022/11/03 01:08:24.190489,  0, pid=22137] ../../source4/samba/service_task.c:36(task_server_terminate)
  task_server_terminate: task_server_terminate: [dcerpc: Failed to initialise end points]
[2022/11/03 01:08:24.200207,  0, pid=22093] ../../source4/samba/server.c:392(samba_terminate)
  samba_terminate: samba_terminate of samba 22093: dcerpc: Failed to initialise end points

root@master:~# stat /var/log/samba/log.samba
  File: /var/log/samba/log.samba
  Size: 412114    	Blocks: 816        IO Block: 4096   regular file
Device: fe00h/65024d	Inode: 524299      Links: 1
Access: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (    4/     adm)
Access: 2022-11-03 05:43:55.062461342 +0100
Modify: 2022-11-03 01:08:24.196316566 +0100
Change: 2022-11-03 01:08:24.196316566 +0100

I think it could be logrotate and something is broken in the samba config.
Do you have any ideas regarding this issue?

With kind regards
ETES

KaBi · February 1, 2023, 7:08am

Hello ETES,
I have a similar problem, happened last sunday and then this night. After a restart of the server the services seem to start normally, so the error is gone. This is what I found in /var/log/samba/log.samba
Did you manage to find a solution?
The server run on ucs 5.0.2 e528

Best regards
KaBi

[2023/02/01 01:08:08.802612,  0, pid=13228] ../../source4/samba/server.c:623(binary_smbd_main)
  samba version 4.16.2-Univention started.
  Copyright Andrew Tridgell and the Samba Team 1992-2022
[2023/02/01 01:08:10.983823,  0, pid=13229] ../../source4/samba/server.c:897(binary_smbd_main)
  binary_smbd_main: samba: using 'prefork' process model
[2023/02/01 01:08:11.129911,  0, pid=13253] ../../source4/samba/service_stream.c:373(stream_setup_socket)
  stream_setup_socket: Failed to listen on ::1:88 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2023/02/01 01:08:11.130069,  0, pid=13253] ../../source4/kdc/kdc-server.c:585(kdc_add_socket)
  Failed to bind to ::1:88 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2023/02/01 01:08:11.130087,  0, pid=13253] ../../source4/samba/service_task.c:36(task_server_terminate)
  task_server_terminate: task_server_terminate: [kdc failed to setup interfaces]
[2023/02/01 01:08:11.651679,  0, pid=13264] ../../source4/samba/service_stream.c:373(stream_setup_socket)
  stream_setup_socket: Failed to listen on ::1:135 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2023/02/01 01:08:11.651833,  0, pid=13264] ../../source4/rpc_server/dcerpc_server.c:511(add_socket_rpc_tcp_iface)
  service_setup_stream_socket(address=::1,port=135) for epmapper mgmt failed - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2023/02/01 01:08:11.651858,  0, pid=13264] ../../source4/samba/service_task.c:36(task_server_terminate)
  task_server_terminate: task_server_terminate: [dcerpc: Failed to initialise end points]
[2023/02/01 01:08:11.774415,  0, pid=13229] ../../source4/samba/server.c:392(samba_terminate)
  samba_terminate: samba_terminate of samba 13229: kdc failed to setup interfaces

ETES · February 1, 2023, 7:28am

Hi KaBi,

we have found a bug with the univention support.
Workaround:
vim +98 /usr/lib/univention-server/server_password_change.d/univention-samba4
add sleep 60:

....
                /etc/init.d/samba stop
                sleep 60
                pids=$(pgrep smbd)

....

The final fix should be delivered with the next updates.

Kind regards
Simon