> -----Original Message-----
> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> > - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere.
> winbindd has multiple operations and we are using trust topology part of it,
> identity management.
> >My syntax was all wrong. (Does anyone know how can I clear out bad
> >syntax from the systemctld output?)
> what bad output?
It's ok, systemctl has cleaned itself up.
> systemctl start dirsrv@INSTANCE
> is the correct syntax where INSTANCE is the same for /etc/dirsrv/slapd-
> INSTANCE or /var/log/dirsrv/slapd-INSTANCE.
> The name of instance is produced from the realm by replacing dots with -.
Yep, as I discovered.
> So, start KDC.
> You can at this point simply try 'ipactl restart' -- it will attempt to
> shutdown and
> restart all required IPA services, including KDC.
First thing I did this AM. Still fails on samba:
[root@vmts-linuxidm ~]# ipactl restart
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error code.
See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
[root@vmts-linuxidm ~]# systemctl status smb.service -l
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor
Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s
Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited,
Main PID: 14240 (code=exited, status=1/FAILURE)
Status: "Starting process..."
smbd: [2016/01/19 08:20:14.288659, 0]
smbd: Missing mandatory attribute ipaNTSecurityIdentifier.
smbd: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam)
smbd: Cannot find SID of fallback group.
smbd: [2016/01/19 08:20:14.288734, 0]
smbd: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly
init (error was NT_STATUS_INVALID_PARAMETER)
systemd: smb.service: main process exited, code=exited, status=1/FAILURE
systemd: Failed to start Samba SMB Daemon.
systemd: Unit smb.service entered failed state.
systemd: smb.service failed.
Same error as previously:
[2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main)
smbd version 4.2.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid)
Missing mandatory attribute ipaNTSecurityIdentifier.
[2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam)
Cannot find SID of fallback group.
[2016/01/19 08:26:32.037140, 0]
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not
correctly init (error was NT_STATUS_INVALID_PARAMETER)
My reading is that I haven't got the SIDs properly aligned for any user
(including the admin user set up when installing freeipa) since joining the
domain, and samba is failing on that. Can I retrospectively add SIDs to an
This email (including any attachments or links) may contain
confidential and/or legally privileged information and is
intended only to be read or used by the addressee. If you
are not the intended addressee, any use, distribution,
disclosure or copying of this email is strictly
Confidentiality and legal privilege attached to this email
(including any attachments) are not waived or lost by
reason of its mistaken delivery to you.
If you have received this email in error, please delete it
and notify us immediately by telephone or email. Peter
MacCallum Cancer Centre provides no guarantee that this
transmission is free of virus or that it has not been
intercepted or altered and will not be liable for any delay
in its receipt.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project