直到昨天,我的 Raspberry Pi 上还运行着一个正常运行的 Active Directory 主域控制器。现在看来,我根本无法让“samba”服务监听。这是因为执行了升级。
root@r2d2:/etc# /etc/init.d/samba start [ ok ] Starting nmbd (via systemctl): nmbd.service. [ ok ] Starting smbd (via systemctl): smbd.service. [ ok ] Starting samba-ad-dc (via systemctl): samba-ad-dc.service. root@r2d2:/etc#
我认为这看起来不错,但是smbclient -L localhost -U%给出了标题中引用的错误消息。
我已经在 Google 上搜索了一段时间,但不确定问题是什么。我导入了一个(替换)启动脚本,但除此之外我没有做任何更改。
我认为,根本问题出在 startup/init.d 程序中,但我不知道下一步该怎么做。
root@r2d2:/etc# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5910 0.0.0.0:* LISTEN 804/Xvnc tcp 0 0 127.0.0.1:3350 0.0.0.0:* LISTEN 734/xrdp-sesman tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 547/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 543/cupsd tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 612/xrdp tcp6 0 0 :::80 :::* LISTEN 644/apache2 tcp6 0 0 :::22 :::* LISTEN 547/sshd tcp6 0 0 ::1:631 :::* LISTEN 543/cupsd root@r2d2:/etc#
我正在使用内部 DNS。
我注意到了以下几点,这也是我困惑的关键所在——谷歌搜索这个问题并不容易确定如何启动 Samba
log.smbd
[2016/05/17 09:56:52.566097, 2] ../source3/lib/interface.c:341(add_interface) added interface eth0 ip=169.254.144.46 bcast=169.254.255.255 netmask=255.255.0.0 [2016/05/17 09:56:52.566286, 2] ../source3/lib/interface.c:341(add_interface) added interface eth0 ip=10.10.10.32 bcast=10.10.10.255 netmask=255.255.255.0 [2016/05/17 09:56:52.566510, 0] ../source3/smbd/server.c:1297(main) server role = 'active directory domain controller' not compatible with running smbd standalone. You should start 'samba' instead, and it will control starting smbd if required
log.nmbd
root@r2d2:/var/log/samba# cat log.nmbd [2016/05/17 09:56:19, 0] ../source3/nmbd/nmbd.c:908(main) nmbd version 4.2.10-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2016/05/17 09:56:19, 0] ../lib/param/loadparm.c:743(lpcfg_map_parameter) Unknown parameter encountered: "password level" [2016/05/17 09:56:19, 0] ../lib/param/loadparm.c:1626(lpcfg_do_global_parameter) Ignoring unknown parameter "password level" [2016/05/17 09:56:19, 0] ../lib/param/loadparm.c:743(lpcfg_map_parameter) Unknown parameter encountered: "update encrypted" [2016/05/17 09:56:19, 0] ../lib/param/loadparm.c:1626(lpcfg_do_global_parameter) Ignoring unknown parameter "update encrypted" root@r2d2:/var/log/samba#
我目前正在使用这启动脚本(我在问题出现后添加的),这似乎会导致生成一个新文件(请注意,时间戳与前 2 个片段不重叠),log.samba其中包含:
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2016/05/17 13:18:22.069201, 0] ../lib/util/util_runcmd.c:324(samba_runcmd_io_handler)
/usr/sbin/winbindd: Failed to exec child - No such file or directory
[2016/05/17 13:18:22.070100, 0] ../source4/winbind/winbindd.c:49(winbindd_done)
winbindd daemon exited normally
task_server_terminate: [winbindd child process exited]
[2016/05/17 13:18:22.074784, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.075325, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Schema,CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.075730, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.076810, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=DomainDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.077271, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=ForestDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.084895, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085188, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085368, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[CN=Schema,CN=Configuration,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085508, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=DomainDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.085635, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=ForestDnsZones,DC=longmanrd,DC=infoforum,DC=co,DC=uk] loaded
[2016/05/17 13:18:22.088057, 0] ../lib/util/become_daemon.c:124(daemon_ready)
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
STATUS=daemon 'samba' finished starting up and ready to serve connections
[2016/05/17 13:18:22.094641, 0] ../source4/smbd/server.c:211(samba_terminate)
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba_terminate: winbindd child process exited
答案1
/usr/sbin/winbindd: Failed to exec child - No such file or directory
她也有类似的问题http://www.spinics.net/lists/samba/msg133552.html
解决方案是安装 winbind http://www.spinics.net/lists/samba/msg133589.html
你需要一个单独的 winbind winh samba 4.2 + http://www.spinics.net/lists/samba/msg133595.html
答案2
我猜这些问题与为修复Badlock 漏洞。完整修复列表列于Samba 安全版本每个补丁集的公告都提供了有关发生了什么变化的有用信息。
升级我的旧 CentOS 5 系统后,我在将 Winbind 连接到 AD 域控制器时遇到了问题,而修复这些问题的线索就在CVE-2016-2115 公告–IPC 流量的 SMB 客户端连接不受完整性保护。
这记录了新的 smb.conf 选项client ipc signing。虽然文档建议明确将此选项设置为mandatory,但我发现这auto也解决了这些问题,因此我将以下行添加到我的smb.conf(在[global]部分下):
client ipc signing = auto
我正在运行 Samba 3.6.23,所以我不能说这是否会对你有帮助,但在已经提到的各种公告中应该有相关信息。祝你好运(我花了 3 个多小时才搞清楚这些事情)。