[Samba] classicupgrade cannot start winbind

igorfk at ig.com.br igorfk at ig.com.br
Mon Sep 15 09:52:10 MDT 2014


Hi everybody, 

I have to migrate a member samba3 + openldap to a samba4 pdc 

In another server I'd compiled samba 4.2 from git with the following
# ./configure --with-winbind --with-ads --with-ldap --with-pam_smbpass
--with-quotas --with-utmp --enable-pthreadpool --with-acl-support
--with-aio-support --with-fam --enable-selftest --enable-cups

compiling, testing (make quicktest) and installing were ok, no errors. 

Then I imported the ldap base from the original samba server to the new
server without any problem with "# slapadd -l

With apache directory studio I removed the duplicate sid's, confliting
names, etc 

After that I executed the migration via samba-tool with these
# /usr/local/samba/bin/samba-tool domain classicupgrade
--dbdir=/root/original_ldap_bk/var/lib/samba/ --use-xattrs=yes
--dns-backend=BIND9_DLZ --realm=domain.com.br

The base is migrated an administrator password is generated and dlz
generate the proper zones 

After I start the samba server, with "# samba" I can query successfully
the dns for "# host -t SRV _ldap._tcp.domain.com.br.", "# host -t SRV
_kerberos._udp.domain.com.br." , "# host -t A dc1.domain.com.br." just
like the wiki suggest.

But it cannot start kerberos, kinit always return "Cannot contact any
KDC for realm 'DOMAIN.COM.BR while getting > initial credentials" 

When I start samba with "# samba -i -M single -d 9" winbind dies with
the following warnings: 

/usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
join password for winbindd's internal use
/usr/local/samba/sbin/winbindd: unable to initialize domain list
Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation
not permitted

Does anybody have a clue to what I have to do to proper initialize
winbind, kerberos? 

More information about the samba mailing list