> -----Original Message----- > From: Alexander Bokovoy [mailto:aboko...@redhat.com] > > - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere. > winbindd has multiple operations and we are using trust topology part of it, > not > identity management.
Ok, thanks. > >My syntax was all wrong. (Does anyone know how can I clear out bad > >syntax from the systemctld output?) > what bad output? It's ok, systemctl has cleaned itself up. > systemctl start dirsrv@INSTANCE > is the correct syntax where INSTANCE is the same for /etc/dirsrv/slapd- > INSTANCE or /var/log/dirsrv/slapd-INSTANCE. > The name of instance is produced from the realm by replacing dots with -. Yep, as I discovered. > So, start KDC. > > You can at this point simply try 'ipactl restart' -- it will attempt to > shutdown and > restart all required IPA services, including KDC. First thing I did this AM. Still fails on samba: [root@vmts-linuxidm ~]# ipactl restart Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting ipa_memcached Service Starting httpd Service Starting pki-tomcatd Service Starting smb Service Job for smb.service failed because the control process exited with error code. See "systemctl status smb.service" and "journalctl -xe" for details. Failed to start smb Service Shutting down Aborting ipactl [root@vmts-linuxidm ~]# systemctl status smb.service -l ● smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 14240 (code=exited, status=1/FAILURE) Status: "Starting process..." smbd[14240]: [2016/01/19 08:20:14.288659, 0] ipa_sam.c:3654(get_fallback_group_sid) smbd[14240]: Missing mandatory attribute ipaNTSecurityIdentifier. smbd[14240]: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam) smbd[14240]: Cannot find SID of fallback group. smbd[14240]: [2016/01/19 08:20:14.288734, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) smbd[14240]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE systemd[1]: Failed to start Samba SMB Daemon. systemd[1]: Unit smb.service entered failed state. systemd[1]: smb.service failed. Same error as previously: [2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main) smbd version 4.2.3 started. Copyright Andrew Tridgell and the Samba Team 1992-2014 [2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid) Missing mandatory attribute ipaNTSecurityIdentifier. [2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam) Cannot find SID of fallback group. [2016/01/19 08:26:32.037140, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER) My reading is that I haven't got the SIDs properly aligned for any user (including the admin user set up when installing freeipa) since joining the domain, and samba is failing on that. Can I retrospectively add SIDs to an entry? Cheers L. This email (including any attachments or links) may contain confidential and/or legally privileged information and is intended only to be read or used by the addressee. If you are not the intended addressee, any use, distribution, disclosure or copying of this email is strictly prohibited. Confidentiality and legal privilege attached to this email (including any attachments) are not waived or lost by reason of its mistaken delivery to you. If you have received this email in error, please delete it and notify us immediately by telephone or email. Peter MacCallum Cancer Centre provides no guarantee that this transmission is free of virus or that it has not been intercepted or altered and will not be liable for any delay in its receipt. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project