[Samba] Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
Rowland penny
rpenny at samba.org
Wed Dec 30 09:38:39 UTC 2015
On 30/12/15 03:36, IT Admin wrote:
> Hello to the Samba Mailing List,
>
> This is my first post, so please, should I commit any faux pas, nudge me in
> the right direction and I will adjust accordingly.
>
> I'm experiencing a complete failure of the PDC in a Samba 4 AD Domain I've
> deployed for a client. Samba failed a few days ago and I've been unable to
> resolve the issue on my own. Google searches are leading me in circles,
> I'm hoping the list can help me get this deployment back in working order.
>
> Some details on the failing machine:
>
> Release: 15.10
> Linux 4.2.0-22-generic #27-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux
> Samba Version: 4.1.17-Ubuntu
>
> I provisioned this domain a few months ago, everything was going smoothly
> until a hardware failure forced me to reprovision a couple of weeks ago.
> Having just got their network stable again I was rather disheartened to
> discover Samba had taken a nosedive for Christmas.
>
> Relevant info from Samba's logs (debug level 4):
>
> /var/log/samba/log/samba:
>
> samba version 4.1.17-Ubuntu started.
> Copyright Andrew Tridgell and the Samba Team 1992-2013
> [2015/12/28 21:12:05.907126, 3]
> ../source4/smbd/server.c:381(binary_smbd_main)
> Becoming a daemon.
> [2015/12/28 21:12:05.919238, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2015/12/28 21:12:05.919327, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2015/12/28 21:12:05.919360, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2015/12/28 21:12:05.919437, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'schannel' registered
> [2015/12/28 21:12:05.919472, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'spnego' registered
> [2015/12/28 21:12:05.919503, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2015/12/28 21:12:05.919537, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'krb5' registered
> [2015/12/28 21:12:05.919567, 3]
> ../auth/gensec/gensec_start.c:870(gensec_register)
> GENSEC backend 'fake_gssapi_krb5' registered
> [2015/12/28 21:12:05.919643, 3]
> ../source4/ntptr/ntptr_base.c:67(ntptr_register)
> NTPTR backend 'simple_ldb'
> [2015/12/28 21:12:05.919714, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'default' for type 1 registered
> [2015/12/28 21:12:05.919753, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'posix' for type 1 registered
> [2015/12/28 21:12:05.919791, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'unixuid' for type 1 registered
> [2015/12/28 21:12:05.919821, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'unixuid' for type 3 registered
> [2015/12/28 21:12:05.919852, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'unixuid' for type 2 registered
> [2015/12/28 21:12:05.919884, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'cifs' for type 1 registered
> [2015/12/28 21:12:05.919915, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'smb2' for type 1 registered
> [2015/12/28 21:12:05.919946, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'simple' for type 1 registered
> [2015/12/28 21:12:05.919977, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'cifsposix' for type 1 registered
> [2015/12/28 21:12:05.920010, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'default' for type 3 registered
> [2015/12/28 21:12:05.920041, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'default' for type 2 registered
> [2015/12/28 21:12:05.920078, 3]
> ../source4/ntvfs/ntvfs_base.c:79(ntvfs_register)
> NTVFS backend 'nbench' for type 1 registered
> [2015/12/28 21:12:05.921420, 3]
> ../source4/smbd/process_model.c:97(register_process_model)
> PROCESS_MODEL 'single' registered
> [2015/12/28 21:12:05.921479, 3]
> ../source4/smbd/process_model.c:97(register_process_model)
> PROCESS_MODEL 'standard' registered
> [2015/12/28 21:12:05.921510, 3]
> ../source4/smbd/process_model.c:97(register_process_model)
> PROCESS_MODEL 'onefork' registered
> [2015/12/28 21:12:05.921540, 3]
> ../source4/smbd/process_model.c:97(register_process_model)
> PROCESS_MODEL 'prefork' registered
> [2015/12/28 21:12:06.064097, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'sam' registered
> [2015/12/28 21:12:06.064187, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'sam_ignoredomain' registered
> [2015/12/28 21:12:06.064220, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'anonymous' registered
> [2015/12/28 21:12:06.064251, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'winbind' registered
> [2015/12/28 21:12:06.064284, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'winbind_wbclient' registered
> [2015/12/28 21:12:06.064316, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'name_to_ntstatus' registered
> [2015/12/28 21:12:06.064347, 3]
> ../source4/auth/ntlm/auth.c:673(auth_register)
> AUTH backend 'unix' registered
> [2015/12/28 21:12:06.064401, 3]
> ../source4/param/share.c:124(share_register)
> SHARE backend [classic] registered.
> [2015/12/28 21:12:06.697309, 3]
> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> ldb_wrap open of privilege.ldb
> [2015/12/28 21:12:06.748805, 0]
> ../source4/smbd/server.c:488(binary_smbd_main)
> samba: using 'standard' process model
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> [2015/12/28 21:12:06.779495, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'rpcecho' registered
> [2015/12/28 21:12:06.764776, 0]
> ../source4/dsdb/common/util.c:1693(samdb_reference_dn_is_our_ntdsa)
> Failed to find object DC=one,DC=cliffbells,DC=com for attribute
> fsmoRoleOwner - Cannot find DN DC=one,DC=cliffbells,DC=com to get attribute
> fsmoRoleOwner for reference dn: (null)
> [2015/12/28 21:12:06.780250, 1]
> ../source4/dsdb/common/util.c:1877(samdb_is_pdc)
> Failed to find if we are the PDC for this ldb: Searching for
> fSMORoleOwner in DC=one,DC=cliffbells,DC=com failed: Cannot find DN
> DC=one,DC=cliffbells,DC=com to get attribute fsmoRoleOwner for reference
> dn: (null)
> [2015/12/28 21:12:06.788717, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'epmapper' registered
> [2015/12/28 21:12:06.789079, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'remote' registered
> [2015/12/28 21:12:06.789535, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'srvsvc' registered
> [2015/12/28 21:12:06.789597, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'wkssvc' registered
> [2015/12/28 21:12:06.789634, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'unixinfo' registered
> [2015/12/28 21:12:06.790292, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'samr' registered
> [2015/12/28 21:12:06.790372, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'winreg' registered
> [2015/12/28 21:12:06.790410, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'netlogon' registered
> [2015/12/28 21:12:06.790654, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'dssetup' registered
> [2015/12/28 21:12:06.790702, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'lsarpc' registered
> [2015/12/28 21:12:06.790739, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'backupkey' registered
> [2015/12/28 21:12:06.790783, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'spoolss' registered
> [2015/12/28 21:12:06.790818, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'drsuapi' registered
> [2015/12/28 21:12:06.790864, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'browser' registered
> [2015/12/28 21:12:06.790897, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'eventlog6' registered
> [2015/12/28 21:12:06.790941, 3]
> ../source4/rpc_server/dcerpc_server.c:1208(dcerpc_register_ep_server)
> DCERPC endpoint server 'dnsserver' registered
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> [2015/12/28 21:12:06.842176, 3]
> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> ldb_wrap open of secrets.ldb
> [2015/12/28 21:12:06.843155, 3]
> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> ldb_wrap open of idmap.ldb
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> [2015/12/28 21:12:06.865340, 1]
> ../source4/kdc/db-glue.c:1956(samba_kdc_setup_db_ctx)
> samba_kdc_fetch: could not find own KRBTGT in DB: (null)
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> [2015/12/28 21:12:06.869471, 2]
> ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
> dreplsrv_partition[CN=Configuration,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.869600, 2]
> ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
>
> dreplsrv_partition[CN=Schema,CN=Configuration,DC=one,DC=cliffbells,DC=com]
> loaded
> [2015/12/28 21:12:06.869648, 2]
> ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
> dreplsrv_partition[DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.869742, 2]
> ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
> dreplsrv_partition[DC=DomainDnsZones,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.869789, 2]
> ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
> dreplsrv_partition[DC=ForestDnsZones,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.865437, 0]
> ../source4/smbd/service_task.c:35(task_server_terminate)
> task_server_terminate: [kdc: hdb_samba4_create_kdc (setup KDC database)
> failed]
> [2015/12/28 21:12:06.878911, 3]
> ../source4/dsdb/dns/dns_update.c:340(dnsupdate_check_names)
> Calling DNS name update script
> [2015/12/28 21:12:06.888121, 3]
> ../source4/dsdb/dns/dns_update.c:355(dnsupdate_check_names)
> Calling SPN name update script
> samba: setproctitle not initialized, please either call setproctitle_init()
> or link against libbsd-ctor.
> [2015/12/28 21:12:06.902840, 2]
> ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
> kccsrv_partition[DC=ONE,DC=CLIFFBELLS,DC=COM] loaded
> [2015/12/28 21:12:06.902998, 2]
> ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
> kccsrv_partition[CN=Configuration,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.903036, 2]
> ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
> kccsrv_partition[CN=Schema,CN=Configuration,DC=one,DC=cliffbells,DC=com]
> loaded
> [2015/12/28 21:12:06.903072, 2]
> ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
> kccsrv_partition[DC=DomainDnsZones,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.903107, 2]
> ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
> kccsrv_partition[DC=ForestDnsZones,DC=one,DC=cliffbells,DC=com] loaded
> [2015/12/28 21:12:06.884922, 0]
> ../lib/util/become_daemon.c:136(daemon_ready)
> STATUS=daemon 'samba' finished starting up and ready to serve
> connectionssamba_terminate: kdc: hdb_samba4_create_kdc (setup KDC database)
> failed
> [2015/12/28 21:12:06.930079, 3]
> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> ldb_wrap open of secrets.ldb
> [2015/12/28 21:12:07.752016, 0]
> ../file_server/file_server.c:48(file_server_smbd_done)
> file_server smbd daemon exited normally
> [2015/12/28 21:12:07.752994, 0]
> ../source4/smbd/service_task.c:35(task_server_terminate)
> task_server_terminate: [smbd child process exited]
>
>
> /var/log/samba/log.smbd:
>
> smbd version 4.1.17-Ubuntu started.
> Copyright Andrew Tridgell and the Samba Team 1992-2013
> [2015/12/28 21:12:06, 2]
> ../source3/lib/tallocmsg.c:124(register_msg_pool_usage)
> Registered MSG_REQ_POOL_USAGE
> [2015/12/28 21:12:06, 2]
> ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2015/12/28 21:12:06.975569, 3]
> ../source3/param/loadparm.c:4839(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2015/12/28 21:12:06.975630, 3]
> ../source3/param/loadparm.c:750(init_globals)
> Initialising global parameters
> [2015/12/28 21:12:06.975672, 2]
> ../source3/param/loadparm.c:543(max_open_files)
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> [2015/12/28 21:12:06.975752, 3] ../lib/util/params.c:550(pm_process)
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2015/12/28 21:12:06.975787, 3]
> ../source3/param/loadparm.c:3565(do_section)
> Processing section "[global]"
> [2015/12/28 21:12:06.976003, 2]
> ../source3/param/loadparm.c:3582(do_section)
> Processing section "[netlogon]"
> [2015/12/28 21:12:06.976125, 2]
> ../source3/param/loadparm.c:3582(do_section)
> Processing section "[sysvol]"
> [2015/12/28 21:12:06.976193, 2]
> ../source3/param/loadparm.c:3582(do_section)
> Processing section "[accounting]"
> [2015/12/28 21:12:06.976277, 2]
> ../source3/param/loadparm.c:3582(do_section)
> Processing section "[data]"
> [2015/12/28 21:12:06.976359, 2]
> ../source3/param/loadparm.c:3582(do_section)
> Processing section "[backups]"
> [2015/12/28 21:12:06.976472, 3]
> ../source3/param/loadparm.c:1774(lp_add_ipc)
> adding IPC service
> [2015/12/28 21:12:06.976790, 2]
> ../source3/lib/interface.c:341(add_interface)
> added interface eth0 ip=192.168.37.2 bcast=192.168.37.255
> netmask=255.255.255.0
> [2015/12/28 21:12:06.976876, 3] ../source3/smbd/server.c:1248(main)
> loaded services
> [2015/12/28 21:12:06.977004, 3] ../source3/smbd/server.c:1280(main)
> Becoming a daemon.
> [2015/12/28 21:12:07.738688, 3]
> ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> ldb_wrap open of idmap.ldb
> [2015/12/28 21:12:07.740665, 0]
> ../source3/passdb/pdb_interface.c:178(make_pdb_method_name)
> pdb backend samba_dsdb did not correctly init (error was
> NT_STATUS_UNSUCCESSFUL)
>
>
> I am at a loss, Samba simply does not start. Any help/guidance the list
> could provide to assist me in restoring Samba to a working state would be
> greatly appreciated.
>
> Regards,
>
> JS
> -- To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Why are you using ntvfs ?
Also how are you starting the Samba deamons ?
Rowland
More information about the samba
mailing list