# Jail does not autostart Samba



## niellusNL (Nov 22, 2012)

Hi Guys,

I'm having troubles getting Samba to autostart from within a jail. I'll provide you with the following info:

My host rc.conf file:


```
hostname="area50.hilderink"
ifconfig_ale0=" inet 192.168.0.50 netmask 255.255.255.0"
defaultrouter="192.168.0.1"

ifconfig_ale0_alias0="192.168.0.51 netmask 255.255.255.0"

syslogd_flags="-b 192.168.0.50"
sshd_enable="YES"
zfs_enable="YES"

jail_enable="YES"
jail_list="docs"
jail_set_hostname_allow="NO"

jail_docs_rootdir="/root/jails/docs/"
jail_docs_hostname="docs.area50.hilderink"
jail_docs_ip="192.168.0.51"
jail_docs_exec_start="/usr/local/bin/bash /etc/rc"
jail_docs_devfs_enable="YES"
jail_docs_devfs_ruleset="devfsrules_jail"
jail_docs_mount_enable="YES"
```

My host sysctl.conf file

```
security.jail.allow_raw_sockets=1
```

Created a jail using the following method:
- Untar base.txz in to /root/jails/docs/;
- Chroot into the /root/jails/docs/ folder;
- Use sysinstall to update timezone settings and stuff;
- Updated rooted rc.conf, resolv.conf;
- Installed Bash into the rooted environment;
- Installed Samba into the rooted environment.

For the jail the rc.conf looks like:


```
network_interfaces=""
samba_enable="YES"
sshd_enable="YES"
syslogd_flags="-b 192.168.0.51"
```

The problem is when is restart the jail, Samba isn't started. I tried 

```
ps -aux
```
 from within the jail right after it restarted:
It shows:

```
USER    PID  %CPU %MEM    VSZ    RSS  TT  STAT STARTED    TIME COMMAND
root   4824   0.0  0.0  12184   1404  ??  SsJ  11:56AM 0:00.00 /usr/sbin/syslog
root   4935   0.0  0.1  46876   3752  ??  SsJ  11:56AM 0:00.00 /usr/sbin/sshd
root   4942   0.0  0.1  20380   3308  ??  SsJ  11:56AM 0:00.00 sendmail: accept
smmsp  4946   0.0  0.1  20380   3228  ??  IsJ  11:56AM 0:00.00 sendmail: Queue
root   4952   0.0  0.0  14260   1396  ??  IsJ  11:56AM 0:00.00 /usr/sbin/cron -
root   4977   0.0  0.1  68016   4236  ??  SsJ  11:56AM 0:00.02 sshd: niels [pri
niels  4980   0.0  0.1  68016   4240  ??  SJ   11:56AM 0:00.00 sshd: niels@pts/
niels  4981   0.0  0.1  17580   2404   1  SsJ  11:56AM 0:00.00 -bash (bash)
root   4982   0.0  0.0  41304   1712   1  SJ   11:56AM 0:00.00 su
root   4983   0.0  0.1  17580   2372   1  SJ   11:56AM 0:00.00 su (bash)
root   4985   0.0  0.0  14328   1120   1  R+J  11:56AM 0:00.00 ps -aux
```
.

Next I run 

```
sockstat -4
```
from within the jail, just to be sure. It outputs the following:

```
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
niels    sshd       4980  3  tcp4   192.168.0.51:22       192.168.0.15:51144
root     sshd       4977  3  tcp4   192.168.0.51:22       192.168.0.15:51144
root     sendmail   4942  3  tcp4   192.168.0.51:25       *:*
root     sshd       4935  3  tcp4   192.168.0.51:22       *:*
root     syslogd    4824  6  udp4   192.168.0.51:514      *:*
```

And the command

```
service samba status
```
shows:

```
nmbd is not running.
smbd is not running.
```
No traces of Samba unfortunately. 

After these checks i'm starting Samba manually using:

```
service samba start
```

When i check the status of Samba afterwards I see:

```
nmbd is not running.
smbd is running as pid 5492.
```

After manually starting Samba from within the jail I am able to connect to the server via IP address. Still, I want the server to autostart and nmbd working.

I can also provice the jail log file from the hosts' end, located at: 

```
/var/log/jail_docs_console.log
```

It contains the following:


```
stty: stdin isn't a terminal
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/local/lib
32-bit compatibility ldconfig path: /usr/lib32
Creating and/or trimming log files.
Starting syslogd.
Clearing /tmp (X related).
/etc/rc: ERROR: USAGE: load_rc_config name
Updating motd:.
/etc/rc.d/nscd: line 43: setvar: command not found
/etc/rc.d/nscd: line 43: setvar: command not found
/etc/rc.d/nscd: line 43: setvar: command not found
Starting sshd.
Starting cron.
```

Can anyone point me in the right direction here? Basically what i want to accomplish:
- Have jail with a Samba server in it;
- Have the Samba server start automatically and properly after a host1/jail reboot.

Tia!
Niels


----------



## mamalos (Nov 22, 2012)

Since *nmbd* isn't running on your system, you must have an issue with your smb.conf; so, first of all, check your samba logs. Secondly, I'll post you my working config's jailed-samba settings: So, in my samba jail I have the following on the host's /etc/rc.conf:

```
jail_samba_hostname="samba.localhost"
jail_samba_rootdir="/jails/j/samba"
jail_samba_devfs_enable="YES"
jail_samba_ip="192.168.12.11"
jail_samba_interface="lo1"
jail_samba_flags="-l -U root -n samba"
```

and the following on my jail's /etc/rc.conf:

```
smbd_enable="YES"
nmbd_enable="YES"
winbindd_enable="YES"
```

I don't know what's wrong with your case, but I'll mention the differences vs my config: 

In my config I don't use the alias interface (hence lo1 - which plays no role), I don't have any security.jail.allow_raw_sockets=1 sysctl value set, I haven't messed with the jail's exec_start, I haven't added any extra devfs-rules (except for the defaults for jails, found in /etc/defaults/devfs_rules which I've copied in /etc/devfs.rules (which is superfluous, I assume)). Moreover, inside my jail, I have included in /etc/hosts all fqdns used inside my /usr/local/etc/smb.conf.


----------



## niellusNL (Nov 22, 2012)

Hey Mamalos,

thanks for your reply, I'm ready to dive in some more into my jail.. Just a quick question before I begin; since you're mentioning that your lo1 interface plays no role, would that mean I could leave it out?


----------



## mamalos (Nov 22, 2012)

Your configuration uses an alias interface on your ale0 interface (probably your external interface). My setup is a bit different with respect to the network configuration (I route the samba's subnet through my lo1 interface), which should play no role for correctly auto-starting the jail. So, you'll just have to omit my jail_samba_interface="lo1" line.


----------



## niellusNL (Nov 22, 2012)

I have done some comparing between what you and I did. Also done a bit of reading in order to understand your choices.

I altered my host rc.conf to:

```
jail_enable="YES"
jail_list="docs"
jail_set_hostname_allow="NO"

jail_docs_hostname="docs.area50"
jail_docs_rootdir="/root/jails/docs"
jail_docs_devfs_enable="YES"
jail_docs_ip="192.168.0.51"
jail_docs_flags="-l -U root -n docs"
```

On my jail i kept the rc.conf the same, including:

```
samba_enabled="YES"
```

When I test it with these settings; a jail restart and even a complete reboot, Samba seems to fire up.


```
service samba status
```
In the jail then reports:

```
nmbd is not running.
smbd is running as pid 2061.
```

I know that Samba will now work and will be accesible via IP, but something feels wrong about nmbd. I checked the log.nmbd and it reads:


```
[2012/11/22 14:38:10,  0] nmbd/nmbd_subnetdb.c:127(make_subnet)
  nmbd_subnetdb:make_subnet()
    Failed to open nmb bcast socket on interface 192.168.0.255 for port 137.  Error was Can't assign requested address
[2012/11/22 14:38:10,  0] nmbd/nmbd.c:975(main)
  ERROR: Failed when creating subnet lists. Exiting.
```

What I make of this is, is exactly what it show, and I do understand the error message. Just not how to solve it 

I'm thinking nmbd doesn't get the right permissions for something... ?


----------



## niellusNL (Nov 22, 2012)

Orum seems to have "solved" this problem somehow, in this post.

Although I don't fully understand his writings, I also kind of solved the nmbd problem in another way.

Since I figured I don't really need nmbd, I turned it off with:

```
samba_enable="YES"
smbd_enable="YES"
nmbd_enable="NO"
```

Can't say solved to be honest, but hey, things work now!
Hopefully someone can elaborate the nmbd problem with the broadcast address? Sometime I would still like this fixed


----------



## mamalos (Nov 22, 2012)

As acheron states in the post you're referring to, set:

```
nmbd bind explicit broadcast = no
```
in your /usr/local/etc/rc.d/smb.conf and *nmbd* will listen to your local address only (not broadcast), which will make your configuration work (at least for non-broadcast packets).

I assume that there must be a way someone can allow a jail to connect to its broadcast address.


----------



## niellusNL (Nov 22, 2012)

Hi Mamalos,

right about that indeed! Just wanted to say a big thank you for your attention to my post.

I've been learning unix from scratch since about august last year now. It's been a hell of a steap learning curve at time, but solving stuff like this makes it so much fun!

Next on my wishlist are those things about Samba (what do all the directives mean?? have... to ... figure... out!!1  and probably PF with NAT.



Edit:
Adding more jails tonight, just to seperate the things I am familiar with plus some spaces where I can break stuff


----------

