FreeBSD-12.1p7
iocage thick jail
I have a samba based AD domain running on two DCs in separate jails. However, the only way I can get samba_server to start is if I disable the
The problem arises when attempting to run
If the
My guess is that there is some setting in the jail configuration that prevents the netbios protocol from binding to a socket. The settings that I have for the jail are:
Does anyone know if it is possible to configure a jail to allow
iocage thick jail
I have a samba based AD domain running on two DCs in separate jails. However, the only way I can get samba_server to start is if I disable the
nbt service, by adding either disable netbios = yes or server services = -nbt in /usr/local/etc/smb4.conf. The problem arises when attempting to run
samba-tool domain backup . . .. This always fails with an error that strongly suggests that the missing nbt service is to blame:
Code:
samba-tool domain backup online --server=smb4-2 --targetdir=/tmp
ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/domain_backup.py", line 249, in run
backend_store=backend_store)
. . .
File "/usr/local/lib/python3.7/site-packages/samba/join.py", line 361, in find_dc_site
flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)If the
nbt service is not disabled then samba_server fails to start:
Code:
[2020/07/22 15:16:13.982634, 0] ../../source4/smbd/server.c:773(binary_smbd_main)
binary_smbd_main: samba: using 'standard' process model
[2020/07/22 15:16:14.005187, 0] ../../source4/nbt_server/interfaces.c:228(nbtd_add_socket)
Failed to bind to 127.0.162.1:137 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
[2020/07/22 15:16:14.005561, 0] ../../source4/smbd/service_task.c:36(task_server_terminate)
task_server_terminate: task_server_terminate: [nbtd failed to setup interfaces]
[2020/07/22 15:16:14.048842, 0] ../../lib/util/become_daemon.c:136(daemon_ready)
daemon_ready: daemon 'samba' finished starting up and ready to serve connections
[2020/07/22 15:16:14.067908, 0] ../../source4/smbd/server.c:371(samba_terminate)
samba_terminate: samba_terminate of samba 90675: nbtd failed to setup interfacesMy guess is that there is some setting in the jail configuration that prevents the netbios protocol from binding to a socket. The settings that I have for the jail are:
Code:
iocage get all smb4-2
CONFIG_VERSION:27
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:1
allow_sysvipc:1
allow_tun:0
allow_vmm:0
assign_localhost:1
available:readonly
basejail:0
boot:0
bpf:0
children_max:0
comment:none
compression:lz4
compressratio:readonly
coredumpsize:off
count:1
cpuset:off
cputime:off
datasize:off
dedup:off
defaultrouter:auto
defaultrouter6:auto
depends:none
devfs_ruleset:1002
dhcp:0
enforce_statfs:2
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:smb4-2.brockley.harte-lyne.ca
host_hostuuid:smb4-2
host_time:1
hostid:b4cdc46c-7e7a-11de-87df-0011d8a408ed
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:em0|192.168.18.162,em0|192.168.216.162
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/smb4-2/data
jail_zfs_mountpoint:none
last_started:2020-07-22 14:56:48
localhost_ip:127.0.162.1
login_flags:-f root
mac_prefix:001cc0
maxproc:off
memorylocked:off
memoryuse:off
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:off
msgqsize:off
nat:0
nat_backend:ipfw
nat_forwards:none
nat_interface:none
nat_prefix:172.16
nmsgq:off
notes:none
nsem:off
nsemop:off
nshm:off
nthr:off
openfiles:off
origin:readonly
owner:root
pcpu:off
plugin_name:none
plugin_repository:none
priority:99
pseudoterminals:off
quota:none
readbps:off
readiops:off
release:12.1-RELEASE-p7
reservation:none
resolver:search brockley.harte-lyne.ca hamilton.harte-lyne.ca harte-lyne.ca;nameserver 192.168.18.162;nameserver 192.168.18.161;nameserver 216.185.71.33;options edns0 timeout:3 attempts:2
rlimits:off
rtsold:0
securelevel:2
shmsize:off
stacksize:off
state:up
stop_timeout:30
swapuse:off
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:jail
used:readonly
vmemoryuse:off
vnet:0
vnet0_mac:none
vnet1_mac:none
vnet2_mac:none
vnet3_mac:none
vnet_default_interface:auto
vnet_interfaces:none
wallclock:off
writebps:off
writeiops:offDoes anyone know if it is possible to configure a jail to allow
netbios to bind to a socket? And, if so, then what settings are required?