Re: [Freeipa-users] IPA wont start, all services fail

Mon, 18 Jan 2016 14:40:52 -0800 

On Mon, 18 Jan 2016, Simpson Lachlan wrote:

[root@vmts-linuxidm ~]# systemctl status smb.service -l
● smb.service - Samba SMB Daemon
  Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: 
disabled)
  Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago
 Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, 
status=1/FAILURE)
Main PID: 14240 (code=exited, status=1/FAILURE)
  Status: "Starting process..."

smbd[14240]: [2016/01/19 08:20:14.288659,  0] 
ipa_sam.c:3654(get_fallback_group_sid)
smbd[14240]:   Missing mandatory attribute ipaNTSecurityIdentifier.
smbd[14240]: [2016/01/19 08:20:14.288716,  0] ipa_sam.c:4606(pdb_init_ipasam)
smbd[14240]:   Cannot find SID of fallback group.
smbd[14240]: [2016/01/19 08:20:14.288734,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
smbd[14240]:   pdb backend 
ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly 
init (error was NT_STATUS_INVALID_PARAMETER)
systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start Samba SMB Daemon.
systemd[1]: Unit smb.service entered failed state.
systemd[1]: smb.service failed.


Same error as previously:

[2016/01/19 08:26:31,  0] ../source3/smbd/server.c:1241(main)
 smbd version 4.2.3 started.
 Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/01/19 08:26:32.037071,  0] ipa_sam.c:3654(get_fallback_group_sid)
 Missing mandatory attribute ipaNTSecurityIdentifier.
[2016/01/19 08:26:32.037122,  0] ipa_sam.c:4606(pdb_init_ipasam)
 Cannot find SID of fallback group.
[2016/01/19 08:26:32.037140,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
 pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not 
correctly init (error was NT_STATUS_INVALID_PARAMETER)


My reading is that I haven't got the SIDs properly aligned for any user
(including the admin user set up when installing freeipa) since joining
the domain, and samba is failing on that. Can I retrospectively add
SIDs to an entry?

This error says you don't have 'Default SMB Group' with a SID in it.
Re-run ipa-adtrust-install to re-create working setup.

ipa-adtrust-install will attempt to fix those parts that are missing.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to