[Freeipa-users] IPA wont start, all services fail

Alexander Bokovoy abokovoy at redhat.com
Mon Jan 18 22:36:43 UTC 2016 

On Mon, 18 Jan 2016, Simpson Lachlan wrote:
>[root at vmts-linuxidm ~]# systemctl status smb.service -l
>● smb.service - Samba SMB Daemon
>   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
>   Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago
>  Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE)
> Main PID: 14240 (code=exited, status=1/FAILURE)
>   Status: "Starting process..."
>
>smbd[14240]: [2016/01/19 08:20:14.288659,  0] ipa_sam.c:3654(get_fallback_group_sid)
>smbd[14240]:   Missing mandatory attribute ipaNTSecurityIdentifier.
>smbd[14240]: [2016/01/19 08:20:14.288716,  0] ipa_sam.c:4606(pdb_init_ipasam)
>smbd[14240]:   Cannot find SID of fallback group.
>smbd[14240]: [2016/01/19 08:20:14.288734,  0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
>smbd[14240]:   pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER)
>systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
>systemd[1]: Failed to start Samba SMB Daemon.
>systemd[1]: Unit smb.service entered failed state.
>systemd[1]: smb.service failed.
>
>
>Same error as previously:
>
>[2016/01/19 08:26:31,  0] ../source3/smbd/server.c:1241(main)
>  smbd version 4.2.3 started.
>  Copyright Andrew Tridgell and the Samba Team 1992-2014
>[2016/01/19 08:26:32.037071,  0] ipa_sam.c:3654(get_fallback_group_sid)
>  Missing mandatory attribute ipaNTSecurityIdentifier.
>[2016/01/19 08:26:32.037122,  0] ipa_sam.c:4606(pdb_init_ipasam)
>  Cannot find SID of fallback group.
>[2016/01/19 08:26:32.037140,  0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
>  pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER)
>
>
>My reading is that I haven't got the SIDs properly aligned for any user
>(including the admin user set up when installing freeipa) since joining
>the domain, and samba is failing on that. Can I retrospectively add
>SIDs to an entry?
This error says you don't have 'Default SMB Group' with a SID in it.
Re-run ipa-adtrust-install to re-create working setup.

ipa-adtrust-install will attempt to fix those parts that are missing.

-- 
/ Alexander Bokovoy

More information about the Freeipa-users mailing list