Bill, Can you let us know what version of FreeIPA you're using? The most likely due to the occurrence of "NT_STATUS_INVALID_PARAMETER" which is most likely a time skew issue between AD and IPA. Can you verify this? Thanks!
-- Dave ----- Original Message ----- > From: "William Graboyes" <wgrabo...@cenic.org> > To: "freeipa-users" <freeipa-users@redhat.com> > Sent: Wednesday, July 22, 2015 2:14:51 PM > Subject: [Freeipa-users] Samba Failing to start (Causing FreeIPA to not > start!) > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Hi All, > > I have been messing around with AD trust installs mainly around doing > ntlm_auth for a radius server. > > However, as I was unable to see some of the needed resources, I > thought maybe IPA may need a kick. > > So I ran the following command > > `ipactl restart` > > # ipactl restart > Restarting Directory Service > Restarting krb5kdc Service > Restarting kadmin Service > Restarting ipa_memcached Service > Restarting httpd Service > Restarting ipa-otpd Service > Starting smb Service > Job for smb.service failed. See 'systemctl status smb.service' and > 'journalctl -xn' for details. > Failed to start smb Service > Shutting down > Aborting ipactl > > # systemctl status smb.service > smb.service - Samba SMB Daemon > Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled) > Active: failed (Result: exit-code) since Wed 2015-07-22 11:01:44 > PDT; 20s ago > Process: 16752 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, > status=1/FAILURE) > Main PID: 16752 (code=exited, status=1/FAILURE) > Status: "Starting process..." > CGroup: /system.slice/smb.service > > Jul 22 11:01:43 ipa-server-1.foo.bar systemd[1]: Starting Samba SMB > Daemon... > Jul 22 11:01:43 ipa-server-1.foo.bar smbd[16751]: [2015/07/22 > 11:01:43.956721, 0] ../source3/smbd/server.c:1269(main) > Jul 22 11:01:44 ipa-server-1.foo.bar smbd[16752]: GSSAPI client step 1 > Jul 22 11:01:44 ipa-server-1.foo.bar smbd[16752]: GSSAPI client step 1 > Jul 22 11:01:44 ipa-server-1.foo.bar smbd[16752]: GSSAPI client step 1 > Jul 22 11:01:44 ipa-server-1.foo.bar smbd[16752]: GSSAPI client step 2 > Jul 22 11:01:44 ipa-server-1.foo.bar systemd[1]: smb.service: main > process exited, code=exited, status=1/FAILURE > Jul 22 11:01:44 ipa-server-1.foo.bar systemd[1]: Failed to start Samba > SMB Daemon. > Jul 22 11:01:44 ipa-server-1.foo.bar systemd[1]: Unit smb.service > entered failed state. > > journalctl -xn provides no useful information, however journalctl > does... sorta: > > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: [2015/07/22 > 11:03:19.824614, 0] ipa_sam.c:3574(get_fallback_group_sid) > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: Missing mandatory > attribute ipaNTSecurityIdentifier. > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: [2015/07/22 > 11:03:19.824829, 0] ipa_sam.c:4526(pdb_init_ipasam) > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: Cannot find SID of > fallback group. > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: [2015/07/22 > 11:03:19.824878, 0] > ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) > Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: pdb backend > ipasam:ldapi://%2fvar%2frun%2fslapd-CENIC-ORG.socket did not correctly > init (error was NT_STATUS_INVALID_PARAMETER) > Jul 22 11:03:19 ipa-server-1.foo.bar systemd[1]: smb.service: main > process exited, code=exited, status=1/FAILURE > Jul 22 11:03:19 ipa-server-1.foo.bar systemd[1]: Failed to start Samba > SMB Daemon. > Jul 22 11:03:19 ipa-server-1.foo.bar systemd[1]: Unit smb.service > entered failed state. > > > Thanks, > Bill > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG/MacGPG2 v2 > Comment: GPGTools - https://gpgtools.org > > iQIcBAEBCgAGBQJVr92bAAoJEJFMz73A1+zrgmAQAJp9DXynmqX89gWlacRmS/Hy > HiwAaiHXmCG7cpWY0PE68l8XgUmpBtOWQJ7hPv83BG1DAyPX267npnFgtJ8t50j7 > mwr9OyuKNiQs0ki4wOnnyNt2xGTgQimugQG0bQsIbP0QBoVAOu6RjK+ucGpagWv8 > zcdIjVP1jjf7I9KtgYzSBT1siFfcP1NAVnd47WC7ombL0db0KIi9oWNy6xXx5rkq > cSmfonN7jFmkn4gHPzNcqZAIVG+IFJfpqU/OAQrELjkcCXM57BRuzwffnI0DFt6d > Wm7liuoZHRABlaQ+L9OazCFPGOzpTWKCICdW4Vq6ixpnBG5eRR24Yfqn0z+86R4u > WmCz2aJEDa2zlZ4IYXZNnIxWkANg+cAxutBKPvyCmQxjxNz9YbPshhQBGG3JVf66 > B3CquNAXNw5O5N/vlKl8RtA4/xArRfvvXtofVrOgRAsjLw2Xdw8tahfIJKptNyYO > 86CDmyxgoK2ucdncJ5dC8GhX1ajBf5Mu8YnFC7MlfrS72TxsjCBMs5Y5rRmwZwA6 > ZF8TkfaZJmQc/bNe9V/+Ol/qXZM28ZrvZTs68/jTlRlruNc2D9458mdajKxUZB3n > OaIdE/hXqH7HB32qp9733TCtFxRoJlrD5tVURkHl9kqgnqKxcDZ56VPmNYRn4GYu > Y7j1+rZUNTtgDUJDk+Jk > =xQLh > -----END PGP SIGNATURE----- > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project