The Samba-Bugzilla – Bug 13792
Jailed DC fails to start
Last modified: 2019-02-18 23:19:59 UTC
On several FreeBSD 11.2/amd64 servers, I've got a jail dedicated to running Samba as an AD DC.
Some days ago I upgraded one of them from 4.8.7 to 4.8.9 and suddenly everything stopped working.
Since it was a production box, I immediately restored the whole jail from a backup, with no chance to better investigate.
Today, with more time, I tried on another server and again I run into trouble (although I'm not sure the details are exactly the same).
After the upgrade Samba would not start at all, with the following in the logs:
> [2019/02/17 18:15:35.200206, 0] ../source4/smbd/server.c:502(binary_smbd_main)
> samba version 4.8.9 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2018
> root@dc1:~ # [2019/02/17 18:15:35.379881, 0] ../source4/smbd/server.c:674(binary_smbd_main)
> binary_smbd_main: samba: using 'standard' process model
> [2019/02/17 18:15:35.384663, 0] ../source4/nbt_server/interfaces.c:228(nbtd_add_socket)
> Failed to bind to 10.1.2.34:137 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
> [2019/02/17 18:15:35.384752, 0] ../source4/smbd/service_task.c:36(task_server_terminate)
> task_server_terminate: task_server_terminate: [nbtd failed to setup interfaces]
> [2019/02/17 18:15:35.396234, 0] ../lib/util/become_daemon.c:138(daemon_ready)
> daemon_ready: STATUS=daemon 'samba' finished starting up and ready to serve connections
> [2019/02/17 18:15:35.397963, 0] ../source4/smbd/server.c:288(samba_terminate)
> samba_terminate: samba_terminate of samba 98006: nbtd failed to setup interfaces
10.1.2.34 is the jail's own IP and I'm sure nothing is running on port 137 there.
Relevant part of my smb4.conf
> allow dns updates=nonsecure
> log level=1
> workgroup = XXXXX
> realm = xxxxx.xxxxxxxx.xx
> netbios name = DC1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder=10.1.2.13 10.1.2.15
> interfaces=vlan1 10.1.2.34/24
> bind interfaces only=yes
> ntlm auth=YES
After a web search I found a workaround: adding
> server services=-nbt
will let Samba start.
Jailed non-DC instances don't seem to be affected.