Leap15 - samba not starting code=exited, status=1/FAILURE

I see the following boot error:

smb.service: Unit entered failed stat
smb.service: Failed with result 'exit-code'.
smb.service: Main process exited, code=exited, status=1/FAILURE
Failed to start Samba Daemon

and

nmb.service: Unit entered failed stat
nmb.service: Failed with result 'exit-code'.
nmb.service: Main process exited, code=exited, status=1/FAILURE
Failed to start NMB Daemon

I tried to start manual via cmd line – same result.

In Yast I tried to enable/disable services for smb and nmb but got the same error.

Any help is appreciated – I am at loss, since the errors do not give a clue.

It is always interesting for those who try to help to provide some background information.

Are you just trying to use those daemons for the first time? Or did everything work to your satisfaction earlier and is this “all of a sudden”. And when it is just now but not earlier, what are the differences in your system? Did you do an update, or changed some (SAMBA) configuration? You were there all the time, but we …

Trying to use the daemons … (upgrade from 42.3 - everything was working - incl. samba)

I have setup a brandnew smb.conf … & now the smb service(s) seems to start (nmb not there anymore?), but still I cannot see groups in the network - no other machines or shares.

Secondly I noticed firewalld does not start in LEAP15 even though the service was set to do so … only via cmd “systemctl start firewalld”. After a reboot all is forgotten Overall a really annoying experience.

Samba still seems to be blocked when it comes to outgoing requests.

My personal opinion – handling and simplicity of the firewall used to be easy – & firewalld seems to be confusing.
I always liked openSuse – however lately I spend more and more time debugging the system (basically after every smaller update) then using it.
Well, if that is how it will be then this distro is not for me.

It seems openSuse spend more time on color schemes & layout then on actuall simplicity & functioning. Every update or upgrade causes a major headache since essential services start to have issues. – Sorry, but this is not fun. Sometimes less – is more.

See if this thread helps…
https://forums.opensuse.org/showthread.php/528981-smb-doesn-t-show-workgroup/page2

Secondly I noticed firewalld does not start in LEAP15 even though the service was set to do so … only via cmd “systemctl start firewalld”. After a reboot all is forgotten Overall a really annoying experience.

Enable the service permanently so that it starts at boot…

systemctl enable firewalld

Samba still seems to be blocked when it comes to outgoing requests

See this thread (post #12 onwards)…
https://forums.opensuse.org/showthread.php/531702-Configure-Samba-for-a-Workgroup-in-the-local-LAN-Leap-15-firewall-blocks-outgoing-samba

Ok, thx for the reply … I had a look at both posts

I enabled the service

systemctl enable firewalld

but after reboot:

 root# systemctl status firewalld.service   
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

I then restarted the firewall 8to be sure, since it said “inactive (dead)”

 root# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-07-28 21:31:36 CEST; 4s ago
     Docs: man:firewalld(1)
 Main PID: 4585 (firewalld)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/firewalld.service
           └─4585 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Not sure why it says vendor preset disabled??

For samba, I stopped, started and restarted smb, nmb.

root# systemctl status smb.service 
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-07-28 21:15:39 CEST; 14min ago
  Process: 2635 ExecStartPre=/usr/share/samba/update-apparmor-samba-profile (code=exited, status>
 Main PID: 2791 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4 (limit: 4915)
   CGroup: /system.slice/smb.service
           ├─2791 /usr/sbin/smbd
           ├─2816 /usr/sbin/smbd
           ├─2817 /usr/sbin/smbd
           └─2921 /usr/sbin/smbd

root# systemctl status nmb.service
● nmb.service - Samba NMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-07-28 21:34:29 CEST; 17min ago
 Main PID: 24476 (nmbd)
   Status: "nmbd: ready to serve connections..."
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/nmb.service
           ├─24476 /usr/sbin/nmbd
           └─24477 /usr/sbin/nmbd

Jul 28 21:34:28 linux.fritz.box systemd[1]: Starting Samba NMB Daemon...
Jul 28 21:34:29 linux.fritz.box systemd[1]: nmb.service: Supervising process 24476 which is not our child. We'll most likely not notice when it exi>
Jul 28 21:34:29 linux.fritz.box nmbd[24476]: [2018/07/28 21:34:29.144370,  0] ../source3/nmbd/asyncdns.c:158(start_async_dns)
Jul 28 21:34:29 linux.fritz.box nmbd[24476]:   started asyncdns process 24477
Jul 28 21:34:29 linux.fritz.box nmbd[24476]: [2018/07/28 21:34:29.150961,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jul 28 21:34:29 linux.fritz.box systemd[1]: Started Samba NMB Daemon.
Jul 28 21:34:29 linux.fritz.box nmbd[24476]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
lines 1-17/17

I checked aswell

I tried the smb.conf

client max protocol = NT1 (SMB3) 

both. I can do nmblookup other machines, but I still do not see any workgroup.
Same result when I shutdown the firewall.

So somehow, I am at loss.

smbtree -L or -D

provides no output,

I’m not sure why the firewall isn’t remaining active at boot (if enabled). You’d need to examine the log to find that out…

sudo journalctl -u firewalld

So, it now appears that smb and nmb are running on this host (so acting as a samba server), but you cannot see other samba hosts via this host, is that correct?

I tried the smb.conf
Code:
client max protocol = NT1 (SMB3)
both. I can do nmblookup other machines, but I still do not see any workgroup.
Same result when I shutdown the firewall.

There should be no need to explicitly set ‘client max protocol’ unless you have a host that still requires the insecure NT1 protocol, and it will prevent access to hosts requiring SMB2 or higher anyway.

Upgrades do not r3emove SuSEfirewall2. Think about that you really would not want it to by default since you may have things dependent on the old firwall

Yes, see the following firewalld guide (specifically the troubleshooting section). It’s equally applicable to those upgrading from Leap 42.3 to 15.0.

Ok – it seems that my kinux machine can connect to e.g a windows share

by typing in Dolphin

smb://nameofmachine…xxx.yyy

However in Dolphin, the network → samba menu disappeared, nor does it show workgroup machines when typing smb:// … really annoying.
Or is this a feature?


After every restart:

root# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)

Why does it say Active: inactive (dead)?

Nevertheless, this whole thing is annoying. Many basics / essential things simply do not work just work right away — Sorry, but this is disappointing.

Post:

zypper se -si firewall

It’s a consequence of samba security upgrades really. The network discovery relied on using NT1 (SMB v1) protocol (but as I mentioned before it can be re-implemented, but there are security implications with doing so). You can still ‘smbtree’ thoough. It still relies on using NetBIOS discovery mechanism to find workgroups on the LAN.

FWIW, I would like to see Dolphin smb-kio employ other discovery mechanisms such as avahi employed as a replacement.

S  | Name                       | Typ       | Version            | Arch   | Repository            
---+----------------------------+-----------+--------------------+--------+-----------------------
i+ | Firewall                   | Anwendung |                    | noarch | Main Repository (OSS) 
i+ | SuSEfirewall2              | Paket     | 3.6.378-lp150.1.15 | noarch | Main Repository (OSS) 
i+ | firewall-config            | Paket     | 0.5.3-lp150.2.3.1  | noarch | Main Update Repository
i+ | firewall-macros            | Paket     | 0.5.3-lp150.2.3.1  | noarch | Main Update Repository
i+ | firewalld                  | Paket     | 0.5.3-lp150.2.3.1  | noarch | Main Update Repository
i+ | firewalld-lang             | Paket     | 0.5.3-lp150.2.3.1  | noarch | Main Update Repository
i+ | python3-firewall           | Paket     | 0.5.3-lp150.2.3.1  | noarch | Main Update Repository
i+ | susefirewall2-to-firewalld | Paket     | 0.0.2-lp150.1.1    | noarch | Main Repository (OSS) 
i+ | yast2-firewall             | Paket     | 4.0.25-lp150.1.1   | noarch | Main Repository (OSS) 

Hmm,—

smbtree

provides no output whatsoever.

What shall I do?

Are the firewalls active?

systemctl status SuSEfirewall2
systemctl status firewalld

Here:

linux> systemctl status SuSEfirewall2
● SuSEfirewall2.service - SuSEfirewall2 phase 2
   Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Sat 2018-08-04 18:45:39 CEST; 5h 44min ago
  Process: 23038 ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop (code=exited, status=0/SUCCESS)
 Main PID: 1890 (code=exited, status=0/SUCCESS)
systemctl status firewalld

and here:


● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-08-04 18:45:40 CEST; 5h 46min ago
     Docs: man:firewalld(1)
 Main PID: 23039 (firewalld)
    Tasks: 2 (limit: 4915)
   CGroup: /system.slice/firewalld.service
           └─23039 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Stop and disable SuSEfirewall2…

systemctl stop SuSEfirewall2

systemctl disable SuSEfirewall2

Now since you have firewalld running, you will need to configure it to enable connection tracking (so that NetBIOS communication is allowed). I did already link to the thread that could help you with that. Here it is again…

https://forums.opensuse.org/showthread.php/531702-Configure-Samba-for-a-Workgroup-in-the-local-LAN-Leap-15-firewall-blocks-outgoing-samba?p=2870109#post2870109

How come that SuseFirewall2 is running and not disabled during / after upgrade?
It seems the settings are not saved properly - after a reboot I have to restart firewalld to get some service running again.

Pre 15 susefirwall2 was the fire wall openSUSE is moving to firewald which is different. If you upgrade susefirwall2 will still be used since you in general don’t want to pull the rug out from under anything a user may have the requires it. Moving forward things should be migrated to firewald and susefirewall2 should be removed of disabled.

If you do a fresh install firewald will be used since susefirewall2 will simply not be installed.

To be honest I don’t think the translation to firwald is as smooth as it might be. I see a lot of little problem here regarding it.