I am trying to get a file server set up using RHEL 7.5, Samba, and Red Hat IdM 4.5.0 I have an older file server that works and hav been using it as a template for build this new one from scratch. However, right now I can't get smb to start. I keep getting errors about ipasam.c in journalctl:
Jun 06 13:53:30 fileserver1.cpms.byu.edu smbd[11624]: kerberos error: code=-1765328203, message=Keytab contains no suitable keys for cifs/ fileserver1.cpms.byu....@cpms.byu.edu Jun 06 13:53:31 fileserver1.cpms.byu.edu smbd[11624]: [2018/06/06 13:53:31.815713, 0] ipa_sam.c:4245(bind_callback_cleanup) Jun 06 15:26:05 fileserver1.cpms.byu.edu smbd[12372]: Failed to get base DN. I have made sure that the cifs service is set up in IPA for fileserver1 and did an ipa-getkeytab to get a keytab for the service on fileserver1 as well which is why a was surprised to see a message about the keytab in the journal. A little earlier in the journal it also talks about being unable to do an anonymous bind to LDAP. It doesn't surprise me that it failed, but I tried supplying the LDAP bind creds using smbpasswd and that didn't seem to make any difference. It still tries an anonymous bind anyway which will never work. I have also already set up a role for giving fileserver1 the permissions necessary to allow it to read the ipaNTHash. P.S.: Before I sent this email to the list I upgraded one of my IPA servers to the new kernel in RHEL 7.5 and smb broke in what looks like the same way on that machine as well. It makes me wonder if this isn't a kernel problem rather than an IPA problem. The errors I got on that machine before rolling back to a working snapshot are below: Jun 06 16:27:05 ipa1.cpms.byu.edu smbd[12179]: kerberos error: code=-1765328360, message=Preauthentication failed Jun 06 16:27:06 ipa1.cpms.byu.edu smbd[12179]: [2018/06/06 16:27:06.332266, 0] ipa_sam.c:4556(pdb_init_ipasam) Jun 06 16:27:06 ipa1.cpms.byu.edu smbd[12179]: Failed to get base DN. Jun 06 16:27:06 ipa1.cpms.byu.edu smbd[12179]: [2018/06/06 16:27:06.332318, 0] ../source3/passdb/pdb_interface.c:180(make_pdb_method_name) Jun 06 16:27:06 ipa1.cpms.byu.edu smbd[12179]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-CPMS-BYU-EDU.socket did not correctly init -- Kristian Petersen System Administrator BYU Dept. of Chemistry and Biochemistry
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/XEBQTP2FXMKMNKDKX63HB6OYVXQQAFW7/
