[Samba] Unable to start winbindd, Could not fetch our SID - did we join?

Sun Apr 24 16:19:56 UTC 2016

I've been searching this lists archives and using the Googles for two days
now, and keep coming across the same messages from before 2012 with the
errors I'm getting, so either I'm seeing something new, or I've missed
something stupid.

I've been following the HOWTOs here from Samba.org. In each case below, I
uninstalled the provided Samba packages and built from source. Version is
4.4.2

I successfully got an AD DC running on my raspberry Pi using this tutorial:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

This completed successfully and without errors. All the little checks for
AD DNS work, I can query the directory with ldap tools and net ads, all
looks exactly like the tutorial says it should.

Then I stepped over to the Ubuntu 14.04 machine I wanted to join to the
domain for use as a file server. I've been following this HOWTO:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

I get through the domain join process with no errors:

root at cloud:/var/log/samba# kinit administrator at HOME.ANDREWDSCOTT.COM
administrator at HOME.ANDREWDSCOTT.COM's Password:
root at cloud:/var/log/samba# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: administrator at HOME.ANDREWDSCOTT.COM

  Issued                Expires               Principal
Apr 24 11:42:48 2016  Apr 24 21:42:43 2016  krbtgt/
HOME.ANDREWDSCOTT.COM at HOME.ANDREWDSCOTT.COM

root at cloud:/var/log/samba# net ads join -UAdministrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'CLOUD' to dns domain 'home.andrewdscott.com'

All good, right?

But winbindd will not start:

root at cloud:/var/log/samba# winbindd -SFd 9
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
Maximum core file size limits now 16777216(soft) -1(hard)
winbindd version 4.4.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2016
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
Processing section "[global]"
doing parameter netbios name = CLOUD
doing parameter security = ADS
doing parameter workgroup = HOME
doing parameter realm = HOME.ANDREWDSCOTT.COM
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 1
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config HOME:backend = ad
doing parameter idmap config HOME:schema_mode = rfc2307
doing parameter idmap config HOME:range = 10000-99999
doing parameter winbind nss info = rfc2307
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Maximum core file size limits now 16777216(soft) -1(hard)
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 9
  tdb: 9
  printdrivers: 9
  lanman: 9
  smb: 9
  rpc_parse: 9
  rpc_srv: 9
  rpc_cli: 9
  passdb: 9
  sam: 9
  auth: 9
  winbind: 9
  vfs: 9
  idmap: 9
  quota: 9
  acls: 9
  locking: 9
  msdfs: 9
  dmapi: 9
  registry: 9
  scavenger: 9
  dns: 9
  ldb: 9
  tevent: 9
Processing section "[global]"
doing parameter netbios name = CLOUD
doing parameter security = ADS
doing parameter workgroup = HOME
doing parameter realm = HOME.ANDREWDSCOTT.COM
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 1
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config HOME:backend = ad
doing parameter idmap config HOME:schema_mode = rfc2307
doing parameter idmap config HOME:range = 10000-99999
doing parameter winbind nss info = rfc2307
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="CLOUD"
added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast=
netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
fcntl_lock 10 6 0 1 1
fcntl_lock: Lock call successful
TimeInit: Serverzone is 14400
initialize_winbindd_cache: clearing cache and re-creating with version
number 2
check lock order 2 for /usr/local/samba/var/lock/serverid.tdb
release lock order 2 for /usr/local/samba/var/lock/serverid.tdb
Registering messaging pointer for type 33 - private_data=(nil)
Registering messaging pointer for type 13 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1029 - private_data=(nil)
Registering messaging pointer for type 1036 - private_data=(nil)
Registering messaging pointer for type 1035 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1032 - private_data=(nil)
Registering messaging pointer for type 1033 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Overriding messaging pointer for type 1 - private_data=(nil)
Added domain BUILTIN (null) S-1-5-32
Added domain CLOUD (null) S-1-5-21-3482572668-4024874448-1988079025
Could not fetch our SID - did we join?
unable to initialize domain list

Any clues as to what I'm doing wrong here?
Thanks!
Andrew