On Mon, 18 Jan 2016, Simpson Lachlan wrote:
[root@vmts-linuxidm ~]# systemctl status smb.service -l
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset:
disabled)
Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago
Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited,
status=1/FAILURE)
Main PID: 14240 (code=exited, status=1/FAILURE)
Status: "Starting process..."
smbd[14240]: [2016/01/19 08:20:14.288659, 0]
ipa_sam.c:3654(get_fallback_group_sid)
smbd[14240]: Missing mandatory attribute ipaNTSecurityIdentifier.
smbd[14240]: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam)
smbd[14240]: Cannot find SID of fallback group.
smbd[14240]: [2016/01/19 08:20:14.288734, 0]
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
smbd[14240]: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly
init (error was NT_STATUS_INVALID_PARAMETER)
systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
systemd[1]: Failed to start Samba SMB Daemon.
systemd[1]: Unit smb.service entered failed state.
systemd[1]: smb.service failed.
Same error as previously:
[2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main)
smbd version 4.2.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2014
[2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid)
Missing mandatory attribute ipaNTSecurityIdentifier.
[2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam)
Cannot find SID of fallback group.
[2016/01/19 08:26:32.037140, 0]
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not
correctly init (error was NT_STATUS_INVALID_PARAMETER)
My reading is that I haven't got the SIDs properly aligned for any user
(including the admin user set up when installing freeipa) since joining
the domain, and samba is failing on that. Can I retrospectively add
SIDs to an entry?
This error says you don't have 'Default SMB Group' with a SID in it.
Re-run ipa-adtrust-install to re-create working setup.
ipa-adtrust-install will attempt to fix those parts that are missing.
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project