[Samba] Failed to obtain server credentials, perhaps a standalone server?

Rowland Penny rowlandpenny241155 at gmail.com
Tue Oct 6 14:12:40 UTC 2015 

On 06/10/15 13:40, "Stefan Günther" wrote:
> Hello,
>
> we are running Samba 4.1.6 on Ubuntu 14.04 LTS 64 bit.
>
> Out of a sudden we weren't able to access the server. After we restarted the server, we found a running samba process, but no dns and kerberos.
>
> Starting Samba with "samba -i -M single" returned the following output:
>
> dreplsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded
> dreplsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded
> ldb_wrap open of secrets.ldb
> ldb_wrap open of idmap.ldb
> kccsrv_partition[DC=companynet,DC=net] loaded
> kccsrv_partition[CN=Configuration,DC=companynet,DC=net] loaded
> kccsrv_partition[CN=Schema,CN=Configuration,DC=companynet,DC=net] loaded
> kccsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded
> kccsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded
> Calling DNS name update script
> Calling SPN name update script
> task_server_terminate: [Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND
> ]
> /usr/sbin/smbd: smbd version 4.1.6-Ubuntu started.
> /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013
> /usr/sbin/smbd: Registered MSG_REQ_POOL_USAGE
> /usr/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> /usr/sbin/smbd: lp_load_ex: refreshing parameters
> /usr/sbin/smbd: Initialising global parameters
> /usr/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> /usr/sbin/smbd: params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> /usr/sbin/smbd: Processing section "[global]"
> /usr/sbin/smbd: Processing section "[netlogon]"
> /usr/sbin/smbd: Processing section "[sysvol]"
> /usr/sbin/smbd: Processing section "[profiles]"
> /usr/sbin/smbd: Processing section "[users]"
> /usr/sbin/smbd: Processing section "[kuris]"
> /usr/sbin/smbd: Processing section "[pdm]"
> /usr/sbin/smbd: Processing section "[scanfront]"
> /usr/sbin/smbd: Processing section "[formatsoftware]"
> /usr/sbin/smbd: Processing section "[edv]"
> /usr/sbin/smbd: Processing section "[dokumente]"
> /usr/sbin/smbd: Processing section "[printers]"
> /usr/sbin/smbd: Processing section "[Test]"
> /usr/sbin/smbd: adding IPC service
> /usr/sbin/smbd: added interface em2 ip=192.168.194.7 bcast=192.168.194.255 netmask=255.255.255.0
> /usr/sbin/smbd: added interface em1 ip=10.20.30.40 bcast=10.20.30.255 netmask=255.255.255.0
> /usr/sbin/smbd: loaded services
> /usr/sbin/smbd: Becoming a daemon.
> /usr/sbin/smbd: ldb_wrap open of idmap.ldb
> samba_terminate: Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND
>
>
> Nevertheless, samba has started, but doesn't offer any services:
>
>
> 15561 ?        S      0:00 samba -D
> 15563 ?        Ss     0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
> 15578 ?        S      0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>
> The file idmap.ldb is readable via ldbedit and the files secrets.ldb and secrets.keytab (which I assume have something to do with credentials) are also there and readable.
>
> Where does Samba look for credentials and what could be the reason that it does not finde them?
>
> [global]
>          workgroup = COMPANYNET
>          realm = COMPANYNET.NET
>          netbios name = DBSRV
>          server role = active directory domain controller
>          dns forwarder = 192.168.194.6
>          idmap_ldb:use rfc2307 = yes
>          server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc
>          acl:search = no
>          remote announce = 192.168.194.255/COMPANYNET
>          syslog = no
>          socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY
>          min receivefile size = 16384
>          use sendfile = true
>          aio read size = 16384
>          aio write size = 16384
>          map to guest = never
>          log file =/var/log/samba/%U.log
>          log level = 3
>
> Thanks for any hints or suggestions,
>
> Stefan
>
> -- To unsubscribe from this list go to the following URL and read the 
> instructions: https://lists.samba.org/mailman/options/samba

Hi, I would remove these lines from your smb.conf:

         server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc 
+drepl +winbind +ntp_signd +kcc
         acl:search = no
         remote announce = 192.168.194.255/COMPANYNET
         socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY

The first is not needed as you seem to be running with the internal dns 
and I have never seen it entered like you have. you might as well remove 
all the plus signs and then you would have the defaults and as such you 
do not need to have the line.
the second doesn't seem to exist
you do not need the third, it is aimed at nmdb and you do not use nmdb 
with an AD DC
the last is just pure voodoo

Do you have file called 'sam.ldb' ?
It should be in /var/lib/samba/private

How did you provision the DC?

Rowland

More information about the samba mailing list