[Bug 923201] New: nmb.service failed
http://bugzilla.opensuse.org/show_bug.cgi?id=923201 Bug ID: 923201 Summary: nmb.service failed Classification: openSUSE Product: openSUSE Factory Version: 201502* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Samba Assignee: samba-maintainers@SuSE.de Reporter: gorgoglione@gmail.com QA Contact: samba-maintainers@SuSE.de Found By: --- Blocker: --- Starting from Tumbleweed version 20150316:
systemctl status nmb.service
reports: nmb.service - Samba NMB Daemon Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled) Active: failed (Result: exit-code) since Thu 2015-03-19 15:20:30 CET; 10min ago Process: 5811 ExecStart=/usr/sbin/nmbd $NMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 5811 (code=exited, status=1/FAILURE) and:
systemctl restart nmb.service
ends with: Job for nmb.service failed. See "systemctl status nmb.service" and "journalctl -xn" for details. but system logs don't show any message related to the failed service. Side effects: it's no more possible to access Linux samba-shared folders from a Windows box using the \\hostname\folder URI, while \\ipaddress\folder URI still works. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #1 from Lars Müller
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
Martin Pluskal
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #2 from Giuseppe Gorgoglione
Thanks for the report. Please first check if AppArmor is enabled.
If that's the case set the profile for nmbd into complain mode
aa-complain /etc/apparmor.d/usr.sbin.nmbd
and check if the nmb service is now able to start up.
Yes, you are right: AppArmor is enabled and putting nmbd in complain mode completely fixes the problem. Thanks a lot! -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
David Disseldorp
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #5 from Giuseppe Gorgoglione
Actually this is not an exact duplicate - you have problems with nmbd, while bug 921098 is about winbindd ;-)
Assuming you are still running the nmbd profile in complain mode, can you please attach the relevant log entries? This means - grep nmb /var/log/audit/audit.log if you use auditd - grep nmb /var/log/messages if you use a syslog daemon - journalctl -b | grep nmb if you only have journald logging
Sure. Here you are: nausicaa:/home/giuseppe # journalctl -b | grep nmb Mar 31 20:49:35 nausicaa nmbd[1692]: [2015/03/31 20:49:35.301660, 0] ../lib/util/become_daemon.c:124(daemon_ready) Mar 31 20:49:35 nausicaa nmbd[1692]: STATUS=daemon 'nmbd' finished starting up and ready to serve connections Mar 31 20:49:35 nausicaa unknown[1]: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=nmb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 31 20:49:58 nausicaa nmbd[1692]: [2015/03/31 20:49:58.394604, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Mar 31 20:49:58 nausicaa nmbd[1692]: ***** Mar 31 20:49:58 nausicaa nmbd[1692]: Mar 31 20:49:58 nausicaa nmbd[1692]: Samba name server NAUSICAA is now a local master browser for workgroup WORKGROUP on subnet 192.168.199.128 Mar 31 20:49:58 nausicaa nmbd[1692]: Mar 31 20:49:58 nausicaa nmbd[1692]: ***** -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
Christian Boltz
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #7 from Giuseppe Gorgoglione
hmm, that log doesn't contain anything AppArmor-related.
Can you please check your older logs (ideally from the time when you reported this bug)? You can filter them with grep -i apparmor to find the relevant lines - I'd expect some lines containing DENIED or ALLOWED.
Unfortunately after the upgrade of systemd to version 219 there is another bug on-going (# 924830) which prevents AppArmor to start at boot. In fact
systemctl status apparmor
shows: ● apparmor.service - LSB: AppArmor initialization Loaded: loaded (/etc/init.d/boot.apparmor) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) Mar 31 21:55:48 nausicaa systemd[1]: Job apparmor.service/start deleted to break ordering cycle starting with sysinit.target/start Anyway, after running:
systemctl restart apparmor.service
I get: ● apparmor.service - LSB: AppArmor initialization Loaded: loaded (/etc/init.d/boot.apparmor) Active: active (exited) since Tue 2015-03-31 22:01:49 CEST; 3s ago Docs: man:systemd-sysv-generator(8) Process: 2189 ExecStart=/etc/init.d/boot.apparmor start (code=exited, status=0/SUCCESS) Mar 31 22:01:48 nausicaa systemd[1]: Starting LSB: AppArmor initialization... Mar 31 22:01:49 nausicaa boot.apparmor[2189]: Starting AppArmor ..done Mar 31 22:01:49 nausicaa systemd[1]: Started LSB: AppArmor initialization. Then I run:
aa-enforce /etc/apparmor.d/usr.sbin.nmbd
After that, typing \\nausicaa in my host Windows box I get the view of the Linux virtual machine shared folders, while the expected behaviour was to see my search to fail. And typing:
journalctl -b | grep nmb
I get: Mar 31 21:56:35 nausicaa systemd[1]: nmb.service: Supervising process 1671 which is not our child. We'll most likely not notice when it exits. Mar 31 21:56:36 nausicaa nmbd[1671]: [2015/03/31 21:56:36.048194, 0] ../lib/util/become_daemon.c:124(daemon_ready) Mar 31 21:56:36 nausicaa nmbd[1671]: STATUS=daemon 'nmbd' finished starting up and ready to serve connections Mar 31 21:56:36 nausicaa unknown[1]: <audit-1130> pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=nmb comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' Mar 31 21:56:59 nausicaa nmbd[1671]: [2015/03/31 21:56:59.564554, 0] ../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2) Mar 31 21:56:59 nausicaa nmbd[1671]: ***** Mar 31 21:56:59 nausicaa nmbd[1671]: Mar 31 21:56:59 nausicaa nmbd[1671]: Samba name server NAUSICAA is now a local master browser for workgroup WORKGROUP on subnet 192.168.199.128 Mar 31 21:56:59 nausicaa nmbd[1671]: Mar 31 21:56:59 nausicaa nmbd[1671]: ***** Mar 31 22:01:49 nausicaa apparmor_parser[2322]: <audit-1400> apparmor="STATUS" operation="profile_load" name="/usr/sbin/nmbd" pid=2322 comm="apparmor_parser" Mar 31 22:03:31 nausicaa apparmor_parser[2391]: <audit-1400> apparmor="STATUS" operation="profile_replace" name="/usr/sbin/nmbd" pid=2391 comm="apparmor_parser" So, I cannot reproduce the original failure I reported, maybe because of bug # 924830. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #8 from Giuseppe Gorgoglione
So, I cannot reproduce the original failure I reported, maybe because of bug # 924830.
I need to add to my conclusion that:
grep nmb /var/log/audit/audit.log
shows a lot of DENIED and ALLOWED. Log file sent in attachment. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
--- Comment #9 from Giuseppe Gorgoglione
http://bugzilla.opensuse.org/show_bug.cgi?id=923201
Christian Boltz
participants (1)
-
bugzilla_noreply@novell.com