[Samba] Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed

L.P.H. van Belle belle at bazuin.nl
Thu Dec 31 08:45:44 UTC 2015 

Ok, 

First things is see. 

NTP
drwxr-x---   2 root root         4096 Dec 28 21:12 ntp_signd 
should be root:ntp 

SYVOL
drwxrwx---+  3 root BUILTIN\administrators    4096 Apr 28  2015 sysvol
your shows 300000 while mine gives : BUILTIN\administrators     
but i have winbind/nsswitch etc configured on my DC, dont ask why, but i need it, and it works good for me.  

so besides your ntp folder this looks all ok. 

Can you tell more about the hardware failure? 
Disk problems, power outage etc what exact happend? 
Did you see an filesystem check the first time starting up after the failuere?

I asume its the only server, do no other DC's. 
Stop all samba processes and backup at least these folders. 
/etc/samba
/var/lib/samba
/var/cache/samba

When you run :  samba-tool fsmo show
You probely get an error, so try the following. 
samba-tool fsmo sieze 

( i dont think i will work, but give it a try, any outputs is most welkom  ) 

These do worry me. 
Failed to find object DC=one,DC=cliffbells,DC=com for attribute fsmoRoleOwner - Cannot find DN DC=one,DC=cliffbells,DC=com to get attribute fsmoRoleOwner for reference dn: (null)

./source4/dsdb/common/util.c:1877(samdb_is_pdc)
  Failed to find if we are the PDC for this ldb: Searching for fSMORoleOwner in DC=one,DC=cliffbells,DC=com failed: Cannot find DN DC=one,DC=cliffbells,DC=com to get attribute fsmoRoleOwner for reference
dn: (null)

which looks like you samba DB is corrected, probely due to the hardware failure. 

Do you have a backup, made with samba_backup ? 
( shown here :  https://wiki.samba.org/index.php/Backup_and_restore_an_Samba_AD_DC  )

Because i think you db is corrected and beyond recovery. 

If you have  backupped : 
/etc/samba
/var/lib/samba
/var/cache/samba

You can remove the content of 
/var/lib/samba
/var/cache/samba

And reprovision, bases on the posts here and the things i see. 
If you have a backup "any" which have also the samba databases, thats the first you can try. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens JS
> Verzonden: woensdag 30 december 2015 23:42
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4 AD - Samba Fails to Start,
> hdb_samba4_create_kdc (setup KDC database) failed
> 
>  <=?windows-1252?Q?L.P.H._van_Belle?=> writes:
> 
> >
> > Hai,
> >
> > Can be incorrect rights, of corrupted db.
> >
> > Can you give the output of
> >
> > ls -al /var/lib/samba/
> > ls -al /var/lib/samba/private
> > ls -al /var/lib/samba/private/dns
> >
> > Greetz,
> >
> > Louis
> >
> 
> 
> 
> Hi Louis, thanks for your reply, here is the info you requested:
> 
> ls -al /var/lib/samba/
> total 1376
> drwxr-xr-x   8 root root         4096 Dec 13 21:07 .
> drwxr-xr-x  59 root root         4096 Dec 13 20:16 ..
> -rw-------   1 root root       421888 Dec 13 21:07 account_policy.tdb
> drwxr-x---   2 root root         4096 Dec 28 21:12 ntp_signd
> drwxr-xr-x  10 root root         4096 Dec 13 20:51 printers
> drwxr-xr-x   6 root root         4096 Dec 28 21:12 private
> -rw-------   1 root root       528384 Dec 13 21:07 registry.tdb
> -rw-------   1 root root       421888 Dec 13 21:07 share_info.tdb
> drwxrwx---+  6 root    3000000   4096 Dec 13 21:59 sysvol
> drwxrwx--T   2 root sambashare   4096 Dec 13 20:36 usershares
> drwxr-x---   2 root root         4096 Dec 28 21:12 winbindd_privileged
> 
> 
> ls -al /var/lib/samba/private/
> total 11220
> drwxr-xr-x 6 root root    4096 Dec 28 21:12 .
> drwxr-xr-x 8 root root    4096 Dec 13 21:07 ..
> -rw------- 1 root root    2085 Dec 13 21:07 dns_update_cache
> -rw-r--r-- 1 root root    3183 Dec 13 21:03 dns_update_list
> -rw------- 1 root root 1286144 Dec 13 21:02 hklm.ldb
> -rw------- 1 root root 1609728 Dec 23 20:15 idmap.ldb
> -rw-r--r-- 1 root root      99 Dec 13 21:03 krb5.conf
> srwxrwxrwx 1 root root       0 Dec 28 21:12 ldapi
> drwxr-x--- 2 root root    4096 Dec 28 21:12 ldap_priv
> -r--r--r-- 1 root root     242 Dec 13 21:07 named.conf.update
> -rw------- 1 root root 1286144 Dec 13 21:41 privilege.ldb
> -rw------- 1 root root     696 Dec 13 21:07 randseed.tdb
> -rw------- 1 root root 4247552 Dec 28 07:22 sam.ldb
> drwx------ 2 root root    4096 Dec 13 21:02 sam.ldb.d
> -rw------- 1 root root     696 Dec 28 21:12 schannel_store.tdb
> -rw------- 1 root root    1212 Dec 13 21:03 secrets.keytab
> -rw------- 1 root root 1286144 Dec 13 21:03 secrets.ldb
> -rw------- 1 root root  430080 Dec 13 21:03 secrets.tdb
> -rw------- 1 root root 1286144 Dec 13 21:02 share.ldb
> drwxr-xr-x 3 root root    4096 Dec 13 21:07 smbd.tmp
> -rw-r--r-- 1 root root     955 Dec 13 21:03 spn_update_list
> drwx------ 2 root root    4096 Dec 13 21:07 tls
> 
> 
> I have no /var/lib/samba/private/dns directory.  Note that I am using
> Samba's internal DNS server as opposed to Bind9 or anything else.
> 
> JS
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list