> -----Original Message-----
> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> > - /etc/nsswitch.conf is all "files sss" - there's no winbind anywhere.
> winbindd has multiple operations and we are using trust topology part of it, 
> not
> identity management.

Ok, thanks. 

> >My syntax was all wrong. (Does anyone know how can I clear out bad
> >syntax from the systemctld output?)
> what bad output?

It's ok, systemctl has cleaned itself up.


>  systemctl start dirsrv@INSTANCE
> is the correct syntax where INSTANCE is the same for /etc/dirsrv/slapd-
> INSTANCE or /var/log/dirsrv/slapd-INSTANCE.
> The name of instance is produced from the realm by replacing dots with -.

Yep, as I discovered.
 
> So, start KDC.
> 
> You can at this point simply try 'ipactl restart' -- it will attempt to 
> shutdown and
> restart all required IPA services, including KDC.

First thing I did this AM. Still fails on samba:


[root@vmts-linuxidm ~]# ipactl restart
Starting Directory Service
Starting krb5kdc Service
Starting kadmin Service
Starting ipa_memcached Service
Starting httpd Service
Starting pki-tomcatd Service
Starting smb Service
Job for smb.service failed because the control process exited with error code. 
See "systemctl status smb.service" and "journalctl -xe" for details.
Failed to start smb Service
Shutting down
Aborting ipactl

[root@vmts-linuxidm ~]# systemctl status smb.service -l
‚óŹ smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor 
preset: disabled)
   Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s 
ago
  Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, 
status=1/FAILURE)
 Main PID: 14240 (code=exited, status=1/FAILURE)
   Status: "Starting process..."

smbd[14240]: [2016/01/19 08:20:14.288659,  0] 
ipa_sam.c:3654(get_fallback_group_sid)
smbd[14240]:   Missing mandatory attribute ipaNTSecurityIdentifier.
smbd[14240]: [2016/01/19 08:20:14.288716,  0] ipa_sam.c:4606(pdb_init_ipasam)
smbd[14240]:   Cannot find SID of fallback group.
smbd[14240]: [2016/01/19 08:20:14.288734,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
smbd[14240]:   pdb backend 
ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly 
init (error was NT_STATUS_INVALID_PARAMETER)
systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start Samba SMB Daemon.
systemd[1]: Unit smb.service entered failed state.
systemd[1]: smb.service failed.


Same error as previously:

[2016/01/19 08:26:31,  0] ../source3/smbd/server.c:1241(main)
  smbd version 4.2.3 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/01/19 08:26:32.037071,  0] ipa_sam.c:3654(get_fallback_group_sid)
  Missing mandatory attribute ipaNTSecurityIdentifier.
[2016/01/19 08:26:32.037122,  0] ipa_sam.c:4606(pdb_init_ipasam)
  Cannot find SID of fallback group.
[2016/01/19 08:26:32.037140,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
  pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not 
correctly init (error was NT_STATUS_INVALID_PARAMETER)


My reading is that I haven't got the SIDs properly aligned for any user 
(including the admin user set up when installing freeipa) since joining the 
domain, and samba is failing on that. Can I retrospectively add SIDs to an 
entry?

Cheers
L.


This email (including any attachments or links) may contain 
confidential and/or legally privileged information and is 
intended only to be read or used by the addressee.  If you 
are not the intended addressee, any use, distribution, 
disclosure or copying of this email is strictly 
prohibited.  
Confidentiality and legal privilege attached to this email 
(including any attachments) are not waived or lost by 
reason of its mistaken delivery to you.
If you have received this email in error, please delete it 
and notify us immediately by telephone or email.  Peter 
MacCallum Cancer Centre provides no guarantee that this 
transmission is free of virus or that it has not been 
intercepted or altered and will not be liable for any delay 
in its receipt.


-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to