okay, I see. the below line caused a *new* keytab to be created and caused smb from starting.
1) ipa-getkeytab -s ipaserver -p cifs/ipaserver.my.lan -k /etc/krb5.keytab I've fixed this and now ipa starts fine again. 2015-01-08 20:31 GMT+01:00 John Obaterspok <john.obaters...@gmail.com>: > Hello, > > I was trying out cifs mount when I ran into some problem where smb failed > to load. What I've done was: > > 1) ipa-getkeytab -s ipaserver -p cifs/ipaserver.my.lan -k /etc/krb5.keytab > > 2) pdbedit -L on ipaserver (which failed since I'm using registry) > > Then I got strange errors and tried reboot. Now initially smb failed to > start, then after a minute or two ipa + kadmin also fails. > > I've noticed selinux complains about: > - SELinux is preventing /usr/sbin/krb5kdc from write access on the > sock_file /var/lib/sss/pipes/pac. > - SELinux is preventing /usr/sbin/krb5kdc from connectto access on the > unix_stream_socket /var/lib/sss/pipes/pac. > > I see the following in journal -b > > 20:19:44 smbd[2065]: [2015/01/08 20:19:44.736247, 0] > ../source3/smbd/server.c:1269(main) > 20:19:44 smbd[2065]: standard input is not a socket, assuming -D option > 20:19:44 systemd[1]: smb.service: Supervising process 2066 which is not > our child. We'll most likely not notice when it exits. > 20:19:44 smbd[2066]: [2015/01/08 20:19:44.803085, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:44 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:44 smbd[2066]: [2015/01/08 20:19:44.803985, 0] > ../source3/lib/smbldap.c:998(smbldap_connect_system) > 20:19:44 smbd[2066]: failed to bind to server > ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket with dn="[Anonymous bind]" > Error: Local error > 20:19:44 smbd[2066]: (unknown) > 20:19:45 smbd[2066]: [2015/01/08 20:19:45.815968, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:45 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:46 smbd[2066]: [2015/01/08 20:19:46.826820, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:46 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:47 smbd[2066]: [2015/01/08 20:19:47.837775, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:47 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:48 smbd[2066]: [2015/01/08 20:19:48.848497, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:48 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:49 smbd[2066]: [2015/01/08 20:19:49.859177, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:49 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:50 smbd[2066]: [2015/01/08 20:19:50.869958, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:50 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:51 smbd[2066]: [2015/01/08 20:19:51.880575, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:51 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:52 smbd[2066]: [2015/01/08 20:19:52.890531, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:52 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:53 smbd[2066]: [2015/01/08 20:19:53.901092, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:53 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:54 smbd[2066]: [2015/01/08 20:19:54.912209, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:54 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:55 smbd[2066]: [2015/01/08 20:19:55.922373, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:55 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:56 smbd[2066]: [2015/01/08 20:19:56.932368, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:56 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:57 smbd[2066]: [2015/01/08 20:19:57.942731, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:57 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:58 smbd[2066]: [2015/01/08 20:19:58.953319, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:58 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed > (0x04091068) > 20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal: > Error = 0x000000C0 > 20:19:59 named-pkcs11[1536]: OSSLRSA.cpp(999): RSA verify failed > (0x04091068) > 20:19:59 named-pkcs11[1536]: pkcs11rsa_link.c:496: pkcs_C_VerifyFinal: > Error = 0x000000C0 > 20:19:59 smbd[2066]: [2015/01/08 20:19:59.963057, 0] > ipa_sam.c:4128(bind_callback_cleanup) > 20:19:59 smbd[2066]: kerberos error: code=-1765328366, message=Clients > credentials have been revoked > 20:20:00 smbd[2066]: [2015/01/08 20:20:00.964313, 0] > ipa_sam.c:4440(pdb_init_ipasam) > 20:20:00 smbd[2066]: Failed to get base DN. > 20:20:00 smbd[2066]: [2015/01/08 20:20:00.964644, 0] > ../source3/passdb/pdb_interface.c:178(make_pdb_method_name) > 20:20:00 smbd[2066]: pdb backend > ipasam:ldapi://%2fvar%2frun%2fslapd-MY-LAN.socket did not correctly init > (error was NT_STATUS_UNSUCCESSFUL) > 20:20:00 systemd[1]: smb.service: main process exited, code=exited, > status=1/FAILURE > 20:20:00 systemd[1]: Failed to start Samba SMB Daemon. > 20:20:00 systemd[1]: Unit smb.service entered failed state. > 20:20:00 systemd[1]: smb.service failed. > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project