[Samba] classicupgrade cannot start winbind

Rowland Penny rowlandpenny at googlemail.com
Tue Sep 16 01:15:16 MDT 2014 

On 15/09/14 22:13, igorfk at ig.com.br wrote:
>
> I'm installing it on a Linux Debian 7.6.0
>
In that case, if you use backports, you can get samba 4.1.11

> Sorry I should post some network configuration before.
>
>
> # cat /etc/resolv.conf
> domain dc1.domain.com.br
> search domain.com.br
> nameserver 172.17.0.4
>
>
 From 'man resolv.conf':

        The  domain and search keywords are mutually exclusive.  If more 
than one
        instance of these keywords is present, the last instance wins.

So domain dc1.domain.com.br is ignored.

> # cat /etc/hosts
> 127.0.0.1     localhost
> 172.17.0.4   dc1.domain.com.br dc1
>
You seem to be using a static ip, which is good but have you altered 
/etc/network/interfaces ?

> /etc/krb5.conf is a symbolic link to 
> /usr/local/samba/private/krb5.conf and there is a symbolic link 
> /etc/krb5.keytab of /usr/local/samba
>

If you install the following packages from backports, everything will 
get put into the right place:

samba attr krb5-config krb5-user ntp bind9 bind9utils dnsutils winbind 
libpam-winbind libpam-krb5 libnss-winbind libsmbclient smbclient

Rowland

> /private/dns.keytab too
> # cat /etc/krb5.conf
> [libdefaults]
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = DOMAIN.COM.BR
>
> I tried to play with admin_server and default_domain options in a 
> [realms] section but that was a no go either.
>
> Remark, if I make a new domain with "# samba-tool domain provision 
> --use-rfc2307 --interactive" everything wents fine
>
> Em 15/09/2014 16:41, Rowland Penny escreveu:
>
>> On 15/09/14 16:52,igorfk at ig.com.br  <mailto:igorfk at ig.com.br>wrote:
>>> Hi everybody, I have to migrate a member samba3 + openldap to a 
>>> samba4 pdc In another server I'd compiled samba 4.2 from git with 
>>> the following options: # ./configure --with-winbind --with-ads 
>>> --with-ldap --with-pam_smbpass --with-quotas --with-utmp 
>>> --enable-pthreadpool --with-acl-support --with-aio-support 
>>> --with-fam --enable-selftest --enable-cups --enable-avahi
>> OK, firstly I do not recommend using using 4.2 from git, this is the
>> development branch and could have problems, I would suggest that you use
>> the latest samba4 tarball instead.
>> Next your configure options could be reduced to ./configure
>> --enable-selftest, all the rest are the defaults and you do not really
>> need ' --enable-selftest'
>> Finally, what OS are you using, is there a recent samba4 package available?
>>> compiling, testing (make quicktest) and installing were ok, no 
>>> errors. Then I imported the ldap base from the original samba server 
>>> to the new server without any problem with "# slapadd -l 
>>> backup_from_original_ldap.ldif" With apache directory studio I 
>>> removed the duplicate sid's, confliting names, etc After that I 
>>> executed the migration via samba-tool with these parameters: # 
>>> /usr/local/samba/bin/samba-tool domain classicupgrade 
>>> --dbdir=/root/original_ldap_bk/var/lib/samba/ --use-xattrs=yes 
>>> --dns-backend=BIND9_DLZ --realm=domain.com.br 
>>> /root/original_ldap_bk/etc/samba/smb.conf The base is migrated an 
>>> administrator password is generated and dlz generate the proper 
>>> zones After I start the samba server, with "# samba" I can query 
>>> successfully the dns for "# host -t SRV _ldap._tcp.domain.com.br.", 
>>> "# host -t SRV _kerberos._udp.domain.com.br." , "# host -t A 
>>> dc1.domain.com.br." just like the wiki suggest. But it cannot start 
>>> kerberos, kinit always return "Cannot contact any KDC for realm 
>>> 'DOMAIN.COM.BR while getting > initial credentials" When I start 
>>> samba with "# samba -i -M single -d 9" winbind dies with the 
>>> following warnings: /usr/local/samba/sbin/winbindd: Failed to fetch 
>>> our own, local AD domain join password for winbindd's internal use 
>>> /usr/local/samba/sbin/winbindd: unable to initialize domain list 
>>> Child /usr/local/samba/sbin/winbindd exited with status 1 - 
>>> Operation not permitted Does anybody have a clue to what I have to 
>>> do to proper initialize winbind, kerberos?
>> What is in /etc/resolv.conf and /etc/krb5.conf
>>
>> Rowland

More information about the samba mailing list