[Freeipa-users] Samba Failing to start (Causing FreeIPA to not start!)
Alexander Bokovoy
abokovoy at redhat.com
Wed Jul 22 19:53:21 UTC 2015
On Wed, 22 Jul 2015, William Graboyes wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>Hi All,
>
>I have been messing around with AD trust installs mainly around doing
>ntlm_auth for a radius server.
>
>However, as I was unable to see some of the needed resources, I
>thought maybe IPA may need a kick.
>
This is your problem:
>Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: [2015/07/22
>11:03:19.824614, 0] ipa_sam.c:3574(get_fallback_group_sid)
>Jul 22 11:03:19 ipa-server-1.foo.bar smbd[16903]: Missing mandatory
>attribute ipaNTSecurityIdentifier.
What did you do?
Try to search as admin and as cifs/`hostname`:
# kinit admin
# ldapsearch -Y GSSAPI '(cn=Default SMB Group)'
# kdestroy
# kinit -kt /etc/samba/samba.keytab cifs/`hostname`
# ldapsearch -Y GSSAPI '(cn=Default SMB Group)'
If the first one gives you a proper entry with ipaNTSecurityIdentifier
and the second one does not return the same entry, you've broke ACIs.
If both of them are failing, you need to re-run
ipa-adtrust-install --add-sids
to fix that.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list