On la, 25 huhti 2020, lejeczek via FreeIPA-users wrote:
On 14/02/2020 12:32, Alexander Bokovoy wrote:
On pe, 14 helmi 2020, lejeczek via FreeIPA-users wrote:
hi everyone,
I did something pretty vanilla:
$ ipa-adtrust-install --unattended --admin-password=xxx
Process showed first some warning about "unattended" but
then this:
Configuring CIFS
[1/24]: validate server hostname
[2/24]: stopping smbd
[3/24]: creating samba domain object
[4/24]: retrieve local idmap range
[5/24]: creating samba config registry
[6/24]: writing samba config file
[7/24]: adding cifs Kerberos principal
[8/24]: adding cifs and host Kerberos principals to the
adtrust agents
group
[9/24]: check for cifs services defined on other replicas
[10/24]: adding cifs principal to S4U2Proxy targets
[11/24]: adding admin(group) SIDs
[12/24]: adding RID bases
[13/24]: updating Kerberos config
'dns_lookup_kdc' already set to 'true', nothing to do.
[14/24]: activating CLDAP plugin
[15/24]: activating sidgen task
[16/24]: map BUILTIN\Guests to nobody group
[17/24]: configuring smbd to start on boot
[18/24]: adding special DNS service records
[19/24]: restarting Directory Server to take MS PAC and
LDAP plugins
changes into account
[20/24]: adding fallback group
[21/24]: adding Default Trust View
[22/24]: setting SELinux booleans
[23/24]: starting CIFS services
ipaserver.install.adtrustinstance: CRITICAL CIFS services
failed to start
[24/24]: restarting smbd
Done configuring CIFS.
Now, Samba would not start and I wonder what that might
have to do with
the above:
tarting Samba SMB Daemon...
[2020/02/14 11:21:34.801358, 0]
../../source3/passdb/pdb_interface.c:171(make_pdb_method_name)
No builtin nor plugin backend for ipasam found
smb.service: Main process exited, code=exited,
status=1/FAILURE
smb.service: Failed with result 'exit-code'.
Failed to start Samba SMB Daemon.
Or is is it unrelated? Hot to troubleshoot & fix it?
I'm on Centos 8 with
ipa-server-4.8.0-13.module_el8.1.0+265+e1e65be4.x86_64
There was an issue in CentOS 8.1 build that ipa was built
before samba
was build and thus ABI was different and failed.
https://bugs.centos.org/view.php?id=16929
Okey. Does it mean that only IPA would have to be re/built?
Any other things which need special attention?
Yes, idm:DL1 module needs to be rebuilt. Nothing else, I think, needs to
be rebuilt.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
