> -----Original Message-----
> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> Sent: Thursday, 21 January 2016 9:22 AM
> To: Simpson Lachlan
> Cc: email@example.com
> Subject: Re: [Freeipa-users] IPA wont start, all services fail
> On Wed, 20 Jan 2016, Simpson Lachlan wrote:
> >> -----Original Message-----
> >> From: Alexander Bokovoy [mailto:aboko...@redhat.com]
> >> Sent: Thursday, 21 January 2016 8:44 AM
> >> To: Simpson Lachlan
> >> Cc: tbor...@redhat.com; firstname.lastname@example.org
> >> Subject: Re: [Freeipa-users] IPA wont start, all services fail
> >> On Wed, 20 Jan 2016, Simpson Lachlan wrote:
> >> >> -----Original Message-----
> >> >>
> >> >> Is there any coredump available with 389-ds crashing? I've asked
> >> >> you to use
> >> >> http://www.port389.org/docs/389ds/FAQ/faq.html#debugging-crashes
> >> >> to
> >> enable coredumps for 389-ds in one of previous discussions, was it done?
> >> >> You seemed to get diverted to winbindd core (which was expected to
> >> >> coredump as 389-ds was not available), but if you see 389-ds
> >> >> disappearing in several hours without any logging, this means
> >> >> there was a crash and we'd like to see the coredump of it.
> >> >
> >> >Hi Alex,
> >> >
> >> >I did perform the "Debugging Crashes" steps when you asked, but
> >> >there are still no core dumps in /var/log/dirsrv/slapd-INSTANCENAME.
> >> Well, perhaps it takes longer to get a crash than what you are expecting.
> >> >> You can check also /var/log/audit/audit.log to see if there is a
> >> >> trace of a crash. It may take different ways but one crash type is
> >> >> following:
> >> >
> >> >> type=ANOM_ABEND msg=audit(1453212583.746:2337): auid=4294967295
> >> >> uid=983
> >> >> gid=980 ses=4294967295 subj=system_u:system_r:dirsrv_t:s0
> >> >> pid=26079 comm="ns-slapd" exe="/usr/sbin/ns-slapd" sig=11
> >> >
> >> >There are no instances of ns-slap in the audit.log, there are a
> >> >dozen sig=11s, all of them relate to a "memory violation" in
> >> >httpd_t, and all references to dirsrv look like this:
> >> >
> >> >type=SERVICE_STOP msg=audit(1453174960.933:209): pid=1 uid=0
> >> >auid=4294967295 ses=4294967295 subj=kernel
> >> >msg='unit=dirsrv@UNIX-CO-ORG-AU comm="systemd"
> >> >exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=?
> >> >res=success'
> >> What are the memory violation for httpd_t? Can you show exact line
> >> from audit.log?
> >type=ANOM_ABEND msg=audit(1452818553.235:5394): auid=4294967295
> >gid=48 ses=4294967295 subj=system_u:system_r:httpd_t:s0 pid=32704
> >comm="httpd" reason="memory violation" sig=11 type=ANOM_ABEND
> Ok, I see two problems above and they may be related to recently fixed issue
> python-cryptography's use of python-cffi. However, this issue should not
> CentOS 7.2 as the broken python-cryptography code is not in RHEL 7.2 at all,
> I'm a bit puzzled.
Me too. I can't even give SIDs to the smb default group with
ipa-adtrust-install --add-sids (as mentioned in another email thread this
I tried this bc it reflects an obvious solution to the problem I seem to have?
That everything starts except smb, and ipa also fails as a result of smb
Smb fails with the error
smbd: [2016/01/21 08:32:37.519517, 0]
smbd: Missing mandatory attribute ipaNTSecurityIdentifier.
smbd: [2016/01/21 08:32:37.519572, 0] ipa_sam.c:4606(pdb_init_ipasam)
smbd: Cannot find SID of fallback group.
smbd: [2016/01/21 08:32:37.519593, 0]
smbd: pdb backend
ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly
init (error was NT_STATUS_INVALID_PARAMETER)
systemd: smb.service: main process exited, code=exited, status=1/FAILURE
systemd: Failed to start Samba SMB Daemon.
I know I keep coming back to this, but it really does seem to be the error that
I am seeing most often.
This email (including any attachments or links) may contain
confidential and/or legally privileged information and is
intended only to be read or used by the addressee. If you
are not the intended addressee, any use, distribution,
disclosure or copying of this email is strictly
Confidentiality and legal privilege attached to this email
(including any attachments) are not waived or lost by
reason of its mistaken delivery to you.
If you have received this email in error, please delete it
and notify us immediately by telephone or email. Peter
MacCallum Cancer Centre provides no guarantee that this
transmission is free of virus or that it has not been
intercepted or altered and will not be liable for any delay
in its receipt.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project