[Freeipa-users] IPA wont start, all services fail

[Alexander Bokovoy]

On Thu, 21 Jan 2016, Simpson Lachlan wrote:
>> -----Original Message-----
>> From: Simpson Lachlan
>
>> I would like to test a few things, but I'm finding it hard to find good examples.
>>
>>  How can I test that the one way trust relationship between the FreeIPA server
>>    and the AD DC is still in effect? (FreeIPA trusts AD, AD does not trust
>> FreeIIPA).
>>    I presume there is an ldapsearch or sssd command that should connect directly
>> to
>>    the AD server?
>
>I should have asked for what I wanted, because of course I found the solution to what
>I *did* ask almost immediately.
>
>Real question: If I get the SID for the "SMB Default Group", is it just a matter of editing
>the ldap directory via ldapmodify?
The SID is generated by sidgen plugin but you can edit it with
ldapmodify yes.

>
>No, because that's again not the issue.
No, it *is* the issue for Samba to start.
>
>The samba error I get is
>
>pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-UNIX-CO-ORG-AU.socket did not correctly init (error was NT_STATUS_INVALID_PARAMETER)
>
>pbdedit fails on the same problem.
Sure, because it cannot initialize its ipasam LDAP driver which requires
properly set up LDAP data which is supposed to be set up by
ipa-adtrust-install.

I would appreciate you concentrating on the right issue instead of
jumping around to pretend Samba can start without fixing the real issue
at hand.


>How can I set the SID of the default group manually - by which I mean,
>using a command line tool to manipulate text (rather than a shell
>script or ipa-adtrust).
At this point let us do a different look. Can you provide
/var/log/ipaserver-install.log and /var/log/ipaupgrade.log somehow off
the mailing list to see what exactly had happened to your environment
when it was installed and when ipa-adtrust-install was run?

I'm pretty busy with other stuff so analyzing these files might take
several days.
-- 
/ Alexander Bokovoy