> -----Original Message----- > > My syntax was all wrong. (Does anyone know how can I clear out bad syntax from > the systemctld output?) > > Anyway, I have a running dirsrv, but SMB still fails, and it's failing on > winbind first > (see notes below). It looks like it's because there's no Kerberos server > available. > Indeed, kinit admin is still failing. I think that when I ran > ipa-adtrust-install I said no > to creating sids for local users. > > I'm beginning to think that is the root error, but have a feeling that > winbind isn't > helping either. > > > Does this seem more likely?
After some more work on this, I see from this documentation that winbind is required: http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf (although we are only using one way trusts - does that change anything?) Also, after getting a lot of errors that looked like krb5kdc: cannot initialize realm UNIX.CO.ORG.AU - see log file for details Server error - while fetching master key K/M for realm UNIX.CO.ORG.AU I thought maybe it was because I'd created the realm with lower case - I had a file /var/kerberos/krb5kdc/.k5.unix.co.org.au So I tried destroying that and creating a UNIX.CO.ORG.AU although now I have a new problem - add_principal: Kerberos database constraints violated while creating UNIX.CO.ORG.AU I discover that I'm meant to use ipa service-add (I presume cifs/UNIX.CO.ORG.AU), but that fails bc no Kerberos credentials. Now everything I google takes me, essentially, to the "install ipa" page. Should I just run ipa-server-install and ipa-adtrust-install again? Does that re-write all the important things? Or should I yum remove, then yum install again? (if this is the solution I should try).... Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project