[Samba] classicupgrade cannot start winbind
igorfk at ig.com.br
igorfk at ig.com.br
Mon Sep 15 09:52:10 MDT 2014
Hi everybody,
I have to migrate a member samba3 + openldap to a samba4 pdc
In another server I'd compiled samba 4.2 from git with the following
options:
# ./configure --with-winbind --with-ads --with-ldap --with-pam_smbpass
--with-quotas --with-utmp --enable-pthreadpool --with-acl-support
--with-aio-support --with-fam --enable-selftest --enable-cups
--enable-avahi
compiling, testing (make quicktest) and installing were ok, no errors.
Then I imported the ldap base from the original samba server to the new
server without any problem with "# slapadd -l
backup_from_original_ldap.ldif"
With apache directory studio I removed the duplicate sid's, confliting
names, etc
After that I executed the migration via samba-tool with these
parameters:
# /usr/local/samba/bin/samba-tool domain classicupgrade
--dbdir=/root/original_ldap_bk/var/lib/samba/ --use-xattrs=yes
--dns-backend=BIND9_DLZ --realm=domain.com.br
/root/original_ldap_bk/etc/samba/smb.conf
The base is migrated an administrator password is generated and dlz
generate the proper zones
After I start the samba server, with "# samba" I can query successfully
the dns for "# host -t SRV _ldap._tcp.domain.com.br.", "# host -t SRV
_kerberos._udp.domain.com.br." , "# host -t A dc1.domain.com.br." just
like the wiki suggest.
But it cannot start kerberos, kinit always return "Cannot contact any
KDC for realm 'DOMAIN.COM.BR while getting > initial credentials"
When I start samba with "# samba -i -M single -d 9" winbind dies with
the following warnings:
/usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
join password for winbindd's internal use
/usr/local/samba/sbin/winbindd: unable to initialize domain list
Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation
not permitted
Does anybody have a clue to what I have to do to proper initialize
winbind, kerberos?
More information about the samba
mailing list