[Freeipa-users] IPA wont start, all services fail
Alexander Bokovoy
abokovoy at redhat.com
Mon Jan 18 22:36:43 UTC 2016
On Mon, 18 Jan 2016, Simpson Lachlan wrote:
>[root at vmts-linuxidm ~]# systemctl status smb.service -l
>● smb.service - Samba SMB Daemon
> Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
> Active: failed (Result: exit-code) since Tue 2016-01-19 08:20:14 AEDT; 43s ago
> Process: 14240 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE)
> Main PID: 14240 (code=exited, status=1/FAILURE)
> Status: "Starting process..."
>
>smbd[14240]: [2016/01/19 08:20:14.288659, 0] ipa_sam.c:3654(get_fallback_group_sid)
>smbd[14240]: Missing mandatory attribute ipaNTSecurityIdentifier.
>smbd[14240]: [2016/01/19 08:20:14.288716, 0] ipa_sam.c:4606(pdb_init_ipasam)
>smbd[14240]: Cannot find SID of fallback group.
>smbd[14240]: [2016/01/19 08:20:14.288734, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
>smbd[14240]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-co-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER)
>systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
>systemd[1]: Failed to start Samba SMB Daemon.
>systemd[1]: Unit smb.service entered failed state.
>systemd[1]: smb.service failed.
>
>
>Same error as previously:
>
>[2016/01/19 08:26:31, 0] ../source3/smbd/server.c:1241(main)
> smbd version 4.2.3 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2014
>[2016/01/19 08:26:32.037071, 0] ipa_sam.c:3654(get_fallback_group_sid)
> Missing mandatory attribute ipaNTSecurityIdentifier.
>[2016/01/19 08:26:32.037122, 0] ipa_sam.c:4606(pdb_init_ipasam)
> Cannot find SID of fallback group.
>[2016/01/19 08:26:32.037140, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
> pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER)
>
>
>My reading is that I haven't got the SIDs properly aligned for any user
>(including the admin user set up when installing freeipa) since joining
>the domain, and samba is failing on that. Can I retrospectively add
>SIDs to an entry?
This error says you don't have 'Default SMB Group' with a SID in it.
Re-run ipa-adtrust-install to re-create working setup.
ipa-adtrust-install will attempt to fix those parts that are missing.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list