Hi Andreas, Both Debian and Ubuntu like to install services with a working default > configuration, and it is expected that a service is running after it is > installed. That's why winbind is started right after it is installed.
I have three concerns with apt interfering with services- - systems theory suggests package and service managers have different functions. - Mission critical systems design expects this. - The pillar of Reactive Systems theory demands *non-blocking* communication between subsystems - no polling! The expectation "a service is running after it is installed" is not in question - it is principle of least surprise. I dislike fact apt is moving into user space daemon management space. If a user space daemon fails - who cares! If a system management technology breaks - everyone cares - it is a devastating event. Regarding the specific Bug I will gather the information you requested. Here the context is an Infrastructure-as-code ( https://github.com/saltstack-formulas/samba-formula) installation which is heavily automated but joining the domain, for security reasons, is not automated. Please let me know if anything jumps out. I will try to retest when I get time. thanks Noel -- <INFRA-AS-CODE start> --- ... automate dns ... automate chrony ... automate nss ... automate kerberos ... etc.. apt install -y samba systemctl start samba cp smb.conf.custom /etc/samba/smb.conf systemctl start samba apt-get install -y samba-client apt install -y samba-winbind apt install -y libpam-winbind smbldap-tools cifs-utils cp winbind.conf.custom /etc/samba/winbind.conf systemctl start winbind *fails on 16.04 but I have control and package manager is not broken* systemctl start nmb systemctl start samba systemctl start nmb systemctl start winbind *never works* --- <INFRA AS CODE end> --- net ads join EXAMPLE.COM -U domainadmin kinit -k HOST\$@EXAMPLE.COM systemctl restart winbind *always works* --- <INFRA AS CODE start> --- automate Active Directory pam/nss automate Citrix Linux VDA --- <INFRA AS CODE end> --- On Thu, Mar 7, 2019 at 8:20 PM Andreas Hasenack <andr...@canonical.com> wrote: > Hello Noel, thanks for filing this bug in Ubuntu. > > Both Debian and Ubuntu like to install services with a working default > configuration, and it is expected that a service is running after it is > installed. That's why winbind is started right after it is installed. > > During upgrades, the same principle applies: in order to have the new > version of the service available after an upgrade, it must be restarted. > If the restart fails, it should be investigated. > > When you say this: > """ > Ubuntu 18.04 is regression: The `winbind` package breaks APT/DPGK package > manager because `/var/lib/dpkg/info/winbind.postinst` is trying to start > the service - that's bad regression. > """ > > Could you elaborate a bit on which steps you took for the winbind > service to fail to run? The logs show it is complaining that it didn't > join the domain, or somehow lost the secret. > > As an example, I just did the following on a fresh bionic container: > > sudo apt update > sudo apt dist-upgrade -y > sudo apt install samba winbind -y > > And it worked just fine: > root@bionic-winbind:~# systemctl status winbind > ● winbind.service - Samba Winbind Daemon > Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor > preset: enabled) > Active: active (running) since Thu 2019-03-07 20:09:32 UTC; 18s ago > Docs: man:winbindd(8) > man:samba(7) > man:smb.conf(5) > Main PID: 2793 (winbindd) > Status: "winbindd: ready to serve connections..." > Tasks: 4 (limit: 4915) > CGroup: /system.slice/winbind.service > ├─2793 /usr/sbin/winbindd --foreground --no-process-group > ├─2795 /usr/sbin/winbindd --foreground --no-process-group > ├─2960 /usr/sbin/winbindd --foreground --no-process-group > └─2961 /usr/sbin/winbindd --foreground --no-process-group > > > Can you please share your /etc/samba/smb.conf? The logs from > /var/log/samba/log* would also help. > > ** Changed in: samba (Ubuntu) > Status: New => Incomplete > > ** Changed in: samba (Ubuntu) > Importance: High => Undecided > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1818431 > > Title: > Winbind failing to start leads to postinst erroring out > > Status in samba package in Ubuntu: > Incomplete > > Bug description: > Ubuntu 16.04 just works: Winbind was a smooth experience. We install > `winbind`, `libnss-winbind`, and `libpam-winbind` using APT > successfully, join the Domain/Realm, and start winbind with systemd! > > Ubuntu 18.04 is regression: The `winbind` package breaks APT/DPGK > package manager because `/var/lib/dpkg/info/winbind.postinst` is > trying to start the service - that's bad regression. > > I need package-manager (apt/dpkg) to handle packages, and service- > manager (systemd/upstart) to manage services. Can the winbind package > maintainer do anything to reverse the regression? > > I have been reading up on debhelper but cannot find a way to prevent > breaking apt. > > ``` > ~$ dpkg-query --list | grep winbind > iU libnss-winbind:amd64 > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 amd64 Samba nameservice > integration plugins > iU libpam-winbind:amd64 > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 amd64 Windows domain > authentication integration plugin > ii libwbclient0:amd64 > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 amd64 Samba winbind client > library > iF winbind > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6 amd64 service to resolve user > and gro > > ... trace ... > > Active: failed (Result: exit-code) since Sun 2019-03-03 11:30:11 MST; > 19ms ago > Docs: man:winbindd(8) > man:samba(7) > man:smb.conf(5) > Process: 43699 ExecStart=/usr/sbin/winbindd --foreground > --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE) > Main PID: 43699 (code=exited, status=1/FAILURE) > > Mar 03 11:30:11 myhost1 systemd[1]: Starting Samba Winbind Daemon... > Mar 03 11:30:11 myhost1 winbindd[43699]: [2019/03/03 11:30:11.597251, > 0] ../source3/winbindd/winbindd_cache.c:3170(initialize_winbindd_cache) > Mar 03 11:30:11 myhost1 winbindd[43699]: initialize_winbindd_cache: > clearing cache and re-creating with version number 2 > Mar 03 11:30:11 myhost1 winbindd[43699]: [2019/03/03 11:30:11.600710, > 0] ../source3/winbindd/winbindd_util.c:891(init_domain_list) > Mar 03 11:30:11 myhost1 winbindd[43699]: Could not fetch our SID - did > we join? > Mar 03 11:30:11 myhost1 winbindd[43699]: [2019/03/03 11:30:11.600854, > 0] ../source3/winbindd/winbindd.c:1366(winbindd_register_handlers) > Mar 03 11:30:11 myhost1 winbindd[43699]: unable to initialize domain > list > Mar 03 11:30:11 myhost1 systemd[1]: winbind.service: Main process > exited, code=exited, status=1/FAILURE > Mar 03 11:30:11 myhost1 systemd[1]: winbind.service: Failed with result > 'exit-code'. > Mar 03 11:30:11 myhost1 systemd[1]: Failed to start Samba Winbind Daemon. > dpkg: error processing package winbind (--configure): > installed winbind package post-installation script subprocess returned > error exit status 1 > dpkg: dependency problems prevent configuration of libpam-winbind:amd64: > libpam-winbind:amd64 depends on winbind (= > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6); however: > Package winbind is not configured yet. > > dpkg: error processing package libpam-winbind:amd64 (--configure): > dependency problems - leaving unconfigured > dpkg: dependency problems prevent configuration of libnss-winbind:amd64: > libnss-winbind:amd64 depends on winbind (= > 2:4.7.6+dfsg~ubuntu-0ubuntu2.6); however: > Package winbind is not configured yet. > > dpkg: error processing package libnss-winbind:amd64 (--configure): > dependency problems - leaving unconfigured > Processing triggers for libc-bin (2.27-3ubuntu1) ... > Errors were encountered while processing: > winbind > libpam-winbind:amd64 > libnss-winbind:amd64 > ``` > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1818431/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1818431 Title: Winbind failing to start leads to postinst erroring out To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1818431/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
