openvpn is started after samba (smbd, nmbd)

Bug #613999 reported by dzs on 2010-08-05
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ifupdown (Ubuntu)
Low
Unassigned
openvpn (Ubuntu)
Low
Unassigned
samba (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: openvpn

After boot the smbd and nmbd services are not bound to the tap interface created by openvpn. I think this is because openvpn is started after samba, because after a
# service nmbd restart
# service smbd restart
everything works fine.

I saw the samba services were already converted to upstart jobs but openvpn was not yet. Probably the rc scripts are executed after or parallel to the other upstart jobs.

Changed in openvpn (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Clint Byrum (clint-fewbar) wrote :

Confirmed on maverick, this is a problem with /etc/init/smbd.conf using

start on local-filesystems

I have not tested this, but one work around may be to change this to

start on started rc

which will cause smbd to come up after all of the traditional init.d scripts have been started.

For the long term, services which create or change network topologies will need to be started as a group and then emit a signal that controls when network-aware services (like nmbd especially) are started.

Clint Byrum (clint-fewbar) wrote :

Associating to ifupdown because this is where the current net-device-up signal is emitted, which is insufficient for network-aware services when other services / jobs may in fact bring interfaces up.

Changed in samba (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Changed in ifupdown (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Clint Byrum (clint-fewbar) wrote :

Associating to samba because nmbd is vulnerable to this problem.

BAGArt (bagart) wrote :

i make local fix for this problem:
open smbd on all interface(0.0.0.0) and use internal(hosts allow) and external protect
alternative: portforwarding onenVPN => 127.0.0.1 for smb working port on iface-up may help for difficult situation(i think, restart deman is bad for active users on other iface)
; IMPORTANT! default value and not work with 'bind only'
        bind interfaces only = no
; disabled interfaces for bind on 0.0.0.0
; interfaces = 192.168.0.0/24 127.0.0.0/16
; permission for disablet external access. important: protect this port with firewall for posible smbd bug(ddos?)
        hosts allow = 192.168.0. 127.

; check:
ps ax | grep -P 'sa?mb';echo 'netstat:';sudo netstat -ntpl | grep '139'

; must close: hosts allow
$ telnet external_ip 139
Connection closed by foreign host.

;accept
$ telnet openvpn_ip 139

Stéphane Graber (stgraber) wrote :

Mark as Invalid for ifupdown as I don't see what we can do here to help that kind of corner case.

If this is indeed a common use case (and I doubt it's), it might be worth updating samba to ship a job (or ifupdown hook) reloading the service when a new interface is brought up.

Alternatively, once openvpn is ported to upstart (if that hasn't been done yet), it should be possible for the system administrator to simply add a condition to samba (and net-device-up=tap0 or similar).

Changed in ifupdown (Ubuntu):
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers