Bug 1496307

Systemctl status samba shows the following as well:

feddc samba[658]:   task_server_terminate: [KDC: no network interfaces configured]

It seems to correspond to samba/source4/kdc/kdc-service-mit.c

/* Load interfaces for kpasswd */
	load_interface_list(task, task->lp_ctx, &ifaces);
	if (iface_list_count(ifaces) == 0) {
		task_server_terminate(task,
				      "KDC: no network interfaces configured",
				      false);
		return;
	}


But I have no skills to fix it

Same problem here:

[root@server-addc ~]# rpm -q samba samba-dc krb5-server
samba-4.7.1-0.fc27.x86_64
samba-dc-4.7.1-0.fc27.x86_64
krb5-server-1.15.2-4.fc27.x86_64

This happens always after a server reboot:

[root@server-addc ~]# kinit administrator
kinit: Cannot contact any KDC for realm 'DOGMA-TO.LOC' while getting initial credentials
[root@server-addc ~]# klist -e
klist: No credentials cache found (filename: /tmp/krb5cc_0)
[root@server-addc ~]# systemctl status samba
● samba.service - Samba AD Daemon
   Loaded: loaded (/usr/lib/systemd/system/samba.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-11-23 00:14:26 CET; 1min 1s ago
 Main PID: 816 (samba)
   Status: "smbd: ready to serve connections..."
    Tasks: 18 (limit: 4915)
   CGroup: /system.slice/samba.service
           ├─816 /usr/sbin/samba
           ├─866 /usr/sbin/samba
           ├─867 /usr/sbin/samba
           ├─869 /usr/sbin/samba
           ├─870 /usr/sbin/samba
           ├─871 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─872 /usr/sbin/samba
           ├─875 /usr/sbin/samba
           ├─877 /usr/sbin/samba
           ├─878 /usr/sbin/samba
           ├─879 /usr/sbin/samba
           ├─880 /usr/sbin/samba
           ├─881 /usr/sbin/samba
           ├─882 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─933 /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
           ├─934 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           ├─935 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
           └─936 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground

nov 23 00:14:26 server-addc.dogma-to.loc samba[874]:   task_server_terminate: [KDC: no network interfaces configured]
nov 23 00:14:26 server-addc.dogma-to.loc systemd[1]: Started Samba AD Daemon.
nov 23 00:14:26 server-addc.dogma-to.loc samba[816]: [2017/11/23 00:14:26.839804,  0] ../lib/util/become_daemon.c:124(da
nov 23 00:14:26 server-addc.dogma-to.loc samba[816]:   STATUS=daemon 'samba' finished starting up and ready to serve con
nov 23 00:14:27 server-addc.dogma-to.loc winbindd[882]: [2017/11/23 00:14:27.178668,  0] ../source3/winbindd/winbindd_ca
nov 23 00:14:27 server-addc.dogma-to.loc winbindd[882]:   initialize_winbindd_cache: clearing cache and re-creating with
nov 23 00:14:27 server-addc.dogma-to.loc winbindd[882]: [2017/11/23 00:14:27.488890,  0] ../lib/util/become_daemon.c:124
nov 23 00:14:27 server-addc.dogma-to.loc winbindd[882]:   STATUS=daemon 'winbindd' finished starting up and ready to ser
nov 23 00:14:27 server-addc.dogma-to.loc smbd[871]: [2017/11/23 00:14:27.619248,  0] ../lib/util/become_daemon.c:124(dae
nov 23 00:14:27 server-addc.dogma-to.loc smbd[871]:   STATUS=daemon 'smbd' finished starting up and ready to serve conne


If I restart samba and rerun kinit all work fine:

[root@server-addc ~]# klist -e
klist: No credentials cache found (filename: /tmp/krb5cc_0)
[root@server-addc ~]# kinit administrator
Password for administrator: 
[root@server-addc ~]# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator

Valid starting       Expires              Service principal
23/11/2017 00:18:58  23/11/2017 10:18:58  krbtgt/DOGMA-TO.LOC
        renew until 24/11/2017 00:18:51, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 

Some suggest?

I have try to modify in samba.service After= parameter like this:

After=syslog.target network.target NetworkManager.service named.service

(wait NetworkManager.service and named.service)

and now when I restart my server samba start property.

Can this simple modify a solution?

Thanks

Dario

move to the right component , samba4 last commit was in 2012 .

Shouldn't network.target be enough?

Created attachment 1363818 [details]
boot sequence with samba.service with After= standard

Created attachment 1363819 [details]
boot sequence with samba.service with After= + NetworkManager.service

Created attachment 1363820 [details]
boot sequence with samba.service with After= + named.service

No.
I have try to add only NetworkManager.service but it's not sufficient.

The trick is add named.service, (or a pre exec command sleep some second) because MIT kerberos started from samba service, want network interface up.

I have noticed that starting samba after named kerberos fount the interface up and ready. I do not know why the interface become ready after a while...

I attach the 3 kind of boot After standard, After with NM and After with named.

NOTE: SElinux is permissive because there is a selinux conflict between samba + named + winbind
https://bugzilla.redhat.com/show_bug.cgi?id=1476187

Could you please test with the following change:

--- a/packaging/systemd/samba.service
+++ b/packaging/systemd/samba.service
@@ -1,6 +1,7 @@
 [Unit]
 Description=Samba AD Daemon
-After=syslog.target network.target
+Wants=network-online.target
+After=syslog.target network.target network-online.target
 
 [Service]
 Type=notify

I have try this patch and now, when I stop/start the server, all work fine.

I have remove my workaround and replace the original samba.service file.

Then I have try to stop and start the addc server: krb5kdc wont start with "KDC: no network interfaces configured" error like as expected.

Then I have add the "network-online.target" string to After= without add the Wants= directive.

Stop the server and start it and krb5kdc start and all work fine.

Then I have add also the Wants= directive, and the story is the same, krb5kdc start correctly.

I thing the first modify (network-online.target) is sufficiet.

At this point I have remove Wants= directive and try to stop/start the server many time and always krb5kdc is started.

NOTE:
a) after all modify to samba.service I have run "systemctl daemon-reload",
b) only a reboot it's not sufficient to check the problem, the server must be stop and started because the server is a Kvm/Qemu virtual server and the problem occur when the host destroy and recreate the interface for the virtual server.

Many thanks Andreas, I hope this help.

Dario

Wants= is needed that systemd check that the specified service is running/enabled.

Robbie, I think you want to add the changes from comment #10 also to krb5kdc.service.

(In reply to Andreas Schneider from comment #12)
> Wants= is needed that systemd check that the specified service is
> running/enabled.

Ok, thank for the clarification.
Now I have also add Wants= to my samba.service.

> External Bug ID: Samba Project 13184
https://bugzilla.samba.org/show_bug.cgi?id=13184

Now I'm waiting for the official fix

Thank
Dario

On this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1525230
this problem it has been fixed.

When will be fixed also into samba-dc for Fedora 27 ?

Thanks
Dario

Some news?

I think this has only been fixed in f28.

Yes, I can confirm:

[lesca@dodo ~]$ rpm -q samba-dc
samba-dc-4.8.3-2.fc28.x86_64

[lesca@dodo tmp]$ head /usr/lib/systemd/system/samba.service
[Unit]
Description=Samba AD Daemon
Documentation=man:samba(8) man:samba(7) man:smb.conf(5)
Wants=network-online.target
After=network.target network-online.target

[Service]
Type=notify
NotifyAccess=all
PIDFile=/run/samba.pid

Many thanks to all

Dario

Closing the bug report based on comment #17