[Samba] Unable to start winbindd, Could not fetch our SID - did we join?

Sun Apr 24 17:15:47 UTC 2016

On 24/04/16 17:19, Andrew Scott wrote:
> I've been searching this lists archives and using the Googles for two days
> now, and keep coming across the same messages from before 2012 with the
> errors I'm getting, so either I'm seeing something new, or I've missed
> something stupid.
>
> I've been following the HOWTOs here from Samba.org. In each case below, I
> uninstalled the provided Samba packages and built from source. Version is
> 4.4.2
>
> I successfully got an AD DC running on my raspberry Pi using this tutorial:
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> This completed successfully and without errors. All the little checks for
> AD DNS work, I can query the directory with ldap tools and net ads, all
> looks exactly like the tutorial says it should.
>
> Then I stepped over to the Ubuntu 14.04 machine I wanted to join to the
> domain for use as a file server. I've been following this HOWTO:
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> I get through the domain join process with no errors:
>
> root at cloud:/var/log/samba# kinit administrator at HOME.ANDREWDSCOTT.COM
> administrator at HOME.ANDREWDSCOTT.COM's Password:
> root at cloud:/var/log/samba# klist
> Credentials cache: FILE:/tmp/krb5cc_0
>          Principal: administrator at HOME.ANDREWDSCOTT.COM
>
>    Issued                Expires               Principal
> Apr 24 11:42:48 2016  Apr 24 21:42:43 2016  krbtgt/
> HOME.ANDREWDSCOTT.COM at HOME.ANDREWDSCOTT.COM
>
> root at cloud:/var/log/samba# net ads join -UAdministrator
> Enter Administrator's password:
> Using short domain name -- HOME
> Joined 'CLOUD' to dns domain 'home.andrewdscott.com'
>
> All good, right?
>
> But winbindd will not start:
>
> root at cloud:/var/log/samba# winbindd -SFd 9
> INFO: Current debug levels:
>    all: 9
>    tdb: 9
>    printdrivers: 9
>    lanman: 9
>    smb: 9
>    rpc_parse: 9
>    rpc_srv: 9
>    rpc_cli: 9
>    passdb: 9
>    sam: 9
>    auth: 9
>    winbind: 9
>    vfs: 9
>    idmap: 9
>    quota: 9
>    acls: 9
>    locking: 9
>    msdfs: 9
>    dmapi: 9
>    registry: 9
>    scavenger: 9
>    dns: 9
>    ldb: 9
>    tevent: 9
> Maximum core file size limits now 16777216(soft) -1(hard)
> winbindd version 4.4.2 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2016
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
>    all: 9
>    tdb: 9
>    printdrivers: 9
>    lanman: 9
>    smb: 9
>    rpc_parse: 9
>    rpc_srv: 9
>    rpc_cli: 9
>    passdb: 9
>    sam: 9
>    auth: 9
>    winbind: 9
>    vfs: 9
>    idmap: 9
>    quota: 9
>    acls: 9
>    locking: 9
>    msdfs: 9
>    dmapi: 9
>    registry: 9
>    scavenger: 9
>    dns: 9
>    ldb: 9
>    tevent: 9
> Processing section "[global]"
> doing parameter netbios name = CLOUD
> doing parameter security = ADS
> doing parameter workgroup = HOME
> doing parameter realm = HOME.ANDREWDSCOTT.COM
> doing parameter log file = /var/log/samba/%m.log
> doing parameter log level = 1
> doing parameter dedicated keytab file = /etc/krb5.keytab
> doing parameter kerberos method = secrets and keytab
> doing parameter winbind refresh tickets = yes
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 2000-9999
> doing parameter idmap config HOME:backend = ad
> doing parameter idmap config HOME:schema_mode = rfc2307
> doing parameter idmap config HOME:range = 10000-99999
> doing parameter winbind nss info = rfc2307
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Maximum core file size limits now 16777216(soft) -1(hard)
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> lp_load_ex: refreshing parameters
> Freeing parametrics:
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
>    all: 9
>    tdb: 9
>    printdrivers: 9
>    lanman: 9
>    smb: 9
>    rpc_parse: 9
>    rpc_srv: 9
>    rpc_cli: 9
>    passdb: 9
>    sam: 9
>    auth: 9
>    winbind: 9
>    vfs: 9
>    idmap: 9
>    quota: 9
>    acls: 9
>    locking: 9
>    msdfs: 9
>    dmapi: 9
>    registry: 9
>    scavenger: 9
>    dns: 9
>    ldb: 9
>    tevent: 9
> Processing section "[global]"
> doing parameter netbios name = CLOUD
> doing parameter security = ADS
> doing parameter workgroup = HOME
> doing parameter realm = HOME.ANDREWDSCOTT.COM
> doing parameter log file = /var/log/samba/%m.log
> doing parameter log level = 1
> doing parameter dedicated keytab file = /etc/krb5.keytab
> doing parameter kerberos method = secrets and keytab
> doing parameter winbind refresh tickets = yes
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 2000-9999
> doing parameter idmap config HOME:backend = ad
> doing parameter idmap config HOME:schema_mode = rfc2307
> doing parameter idmap config HOME:range = 10000-99999
> doing parameter winbind nss info = rfc2307
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
> netmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="CLOUD"
> added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast=
> netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
> netmask=255.255.255.0
> fcntl_lock 10 6 0 1 1
> fcntl_lock: Lock call successful
> TimeInit: Serverzone is 14400
> initialize_winbindd_cache: clearing cache and re-creating with version
> number 2
> check lock order 2 for /usr/local/samba/var/lock/serverid.tdb
> release lock order 2 for /usr/local/samba/var/lock/serverid.tdb
> Registering messaging pointer for type 33 - private_data=(nil)
> Registering messaging pointer for type 13 - private_data=(nil)
> Registering messaging pointer for type 1028 - private_data=(nil)
> Registering messaging pointer for type 1027 - private_data=(nil)
> Registering messaging pointer for type 1029 - private_data=(nil)
> Registering messaging pointer for type 1036 - private_data=(nil)
> Registering messaging pointer for type 1035 - private_data=(nil)
> Registering messaging pointer for type 1280 - private_data=(nil)
> Registering messaging pointer for type 1032 - private_data=(nil)
> Registering messaging pointer for type 1033 - private_data=(nil)
> Registering messaging pointer for type 1034 - private_data=(nil)
> Registering messaging pointer for type 1 - private_data=(nil)
> Overriding messaging pointer for type 1 - private_data=(nil)
> Added domain BUILTIN (null) S-1-5-32
> Added domain CLOUD (null) S-1-5-21-3482572668-4024874448-1988079025
> Could not fetch our SID - did we join?
> unable to initialize domain list
>
>
> Any clues as to what I'm doing wrong here?
> Thanks!
> Andrew

There appears to be just one thing wrong with your post subject 'Unable 
to start winbindd' and this is:

winbindd version 4.4.2 started.

So it appears that winbindd is starting, try this:

ps ax | grep winbind

It should return something like this:

  2952 ?        Ss     0:07 /usr/sbin/winbindd -D
  3030 ?        S      1:57 /usr/sbin/winbindd -D
  3321 ?        S      0:00 /usr/sbin/winbindd -D
  3333 ?        S      0:01 /usr/sbin/winbindd -D
  3334 ?        S      0:00 /usr/sbin/winbindd -D
22544 pts/2    S+     0:00 grep winbind

Can you post your /etc/krb5.conf, /etc/resolv.conf and /etc/hosts files

Rowland