It turns out to be caused by missing SELinux permissions. As soon as I set selinux to permissive it started to work.
Now, I've solved a few fcontext issues. samba-dcerpcd does not crash anymore. Still there are more things blocked by selinux, which I'm investigatign right now. -- Kees On 17-10-2022 11:45, Kees Bakker via FreeIPA-users wrote:
Hi, This weekend I installed CentOS 9 stream on a server that had CentOS 7 on it. One on it's main tasks is to be a Samba server. I completely reinstalled and set up Samba. I used ipasam before and it was working. I copied the smb.conf from the old system. But now it gives me a fatal error. Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.614868, 0] ipa_sam.c:5174(pdb_init_ipasam) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: Failed to get base DN. Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615001, 0] ../../source3/passdb/pdb_interface.c:181(make_pdb_method_name) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: pdb backend ipasam:ldaps://rotte.example.com did not correctly init (error was NT_STATUS_UNSUCCESSFUL) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615111, 0] ../../lib/util/fault.c:172(smb_panic_log) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: =============================================================== Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615185, 0] ../../lib/util/fault.c:173(smb_panic_log) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: INTERNAL ERROR: pdb_get_methods: failed to get pdb methods for backend ipasam:ldaps://rotte.example.com Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: in pid 271493 (4.16.4) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615268, 0] ../../lib/util/fault.c:177(smb_panic_log) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615322, 0] ../../lib/util/fault.c:182(smb_panic_log) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: =============================================================== Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615373, 0] ../../lib/util/fault.c:183(smb_panic_log) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: PANIC (pid 271493): pdb_get_methods: failed to get pdb methods for backend ipasam:ldaps://rotte.example.com Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: in 4.16.4 Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.615940, 0] ../../lib/util/fault.c:287(log_stack_trace) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: BACKTRACE: 13 stack frames: Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #0 /lib64/libsamba-util.so.0(log_stack_trace+0x34) [0x7f2c94aebd74] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #1 /lib64/libsamba-util.so.0(smb_panic+0xd) [0x7f2c94aebfcd] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #2 /lib64/libsamba-passdb.so.0(+0x1c6df) [0x7f2c94a8f6df] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #3 /lib64/libsamba-passdb.so.0(pdb_get_aliasinfo+0x16) [0x7f2c94a8ff86] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #4 /usr/libexec/samba/samba-dcerpcd(finalize_local_nt_token+0x16a) [0x559ea4bed72a] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #5 /usr/libexec/samba/samba-dcerpcd(create_local_nt_token_from_info3+0x30c) [0x559ea4bee03c] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #6 /usr/libexec/samba/samba-dcerpcd(+0x175f3) [0x559ea4bf05f3] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #7 /usr/libexec/samba/samba-dcerpcd(+0x1f42c) [0x559ea4bf842c] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #8 /usr/libexec/samba/samba-dcerpcd(init_guest_session_info+0x21) [0x559ea4beaa71] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #9 /usr/libexec/samba/samba-dcerpcd(main+0x54a) [0x559ea4be5dba] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #10 /lib64/libc.so.6(+0x3feb0) [0x7f2c94333eb0] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #11 /lib64/libc.so.6(__libc_start_main+0x80) [0x7f2c94333f60] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: #12 /usr/libexec/samba/samba-dcerpcd(_start+0x25) [0x559ea4be78e5] Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: [2022/10/17 09:23:21.616354, 0] ../../source3/lib/dumpcore.c:317(dump_core) Oct 17 09:23:21 waal.example.com samba-dcerpcd[271493]: coredump is handled by helper binary specified at /proc/sys/kernel/core_pattern The versions of some packages: ############################################################# # dnf list samba\* ipa\* Last metadata expiration check: 0:30:46 ago on Mon 17 Oct 2022 11:04:25 AM CEST. Installed Packages ipa-client.x86_64 4.10.0-6.el9 @appstream ipa-client-common.noarch 4.10.0-6.el9 @appstream ipa-client-samba.x86_64 4.10.0-6.el9 @appstream ipa-common.noarch 4.10.0-6.el9 @appstream ipa-healthcheck-core.noarch 0.9-3.el9 @appstream ipa-selinux.noarch 4.10.0-6.el9 @appstream ipa-server.x86_64 4.10.0-6.el9 @appstream ipa-server-common.noarch 4.10.0-6.el9 @appstream ipa-server-trust-ad.x86_64 4.10.0-6.el9 @appstream samba.x86_64 4.16.4-101.el9 @baseos samba-client.x86_64 4.16.4-101.el9 @appstream samba-client-libs.x86_64 4.16.4-101.el9 @anaconda samba-common.noarch 4.16.4-101.el9 @anaconda samba-common-libs.x86_64 4.16.4-101.el9 @anaconda samba-common-tools.x86_64 4.16.4-101.el9 @baseos samba-libs.x86_64 4.16.4-101.el9 @baseos samba-winbind.x86_64 4.16.4-101.el9 @baseos samba-winbind-modules.x86_64 4.16.4-101.el9 @baseos ############################################################# The smb.conf, the [global] part ############################################################# # Global parameters [global] create krb5 conf = No dedicated keytab file = /etc/samba/samba.keytab disable spoolss = Yes domain logons = Yes domain master = Yes kerberos method = dedicated keytab ldap debug level = 99 ldap group suffix = cn=groups,cn=accounts ldap machine suffix = cn=computers,cn=accounts ldap ssl = no ldap suffix = dc=example,dc=com ldap user suffix = cn=users,cn=accounts #ldap admin dn = uid=samba_admin,cn=users,cn=accounts,dc=example,dc=com #log level = 99 log level = 1 log file = /var/log/samba/log.%m max log size = 100000 passdb backend = ipasam:ldaps://rotte.example.com realm = EXAMPLE.COM registry shares = Yes security = USER workgroup = EXAMPLE rpc_daemon:lsasd = fork rpc_daemon:epmd = fork rpc_server:tcpip = yes rpc_server:netlogon = external rpc_server:samr = external rpc_server:lsasd = external rpc_server:lsass = external rpc_server:lsarpc = external #rpc_server:epmapper = external ldapsam:trusted = yes idmap config * : backend = tdb ############################################################# Unfortunately I couldn't really find much documentation about ipasam. Is this still the best approach for a Samba server in a FreeIPA environment? -- Kees _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
