[Samba] Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
Andrew Bartlett
abartlet at samba.org
Sun Jan 3 09:34:07 UTC 2016
On Sun, 2016-01-03 at 06:00 +0000, JS wrote:
>
>
> Other than the python error I received after running samba-tool fsmo
> show, I
> believe I've built a pretty solid case for poor backup strategy being
> the
> cause of this failure, and that reprovisioning the domain is my only
> course
> of action at this time. If you believe I'm getting ahead of myself,
> or if
> you think that Python error could lead to another failure after I've
> reprovisioned, please let me know. I intend to execute the new
> domain
> provisioning tomorrow (Sunday Jan 03 2016) in the late
> afternoon/early
> evening (EST), and would hate to go through the process of rebuilding
> their
> infrastructure only to have a Python issue trash the domain again.
I've not seen an error like yours before. It suggests one of the key
objects that the KDC needs to start is not present in the DB.
This particular error is pretty damming:
> Failed to find object DC=one,DC=cliffbells,DC=com for attribute
> fsmoRoleOwner - Cannot find DN DC=one,DC=cliffbells,DC=com to get
> attribute
> fsmoRoleOwner for reference dn: (null)
That is, it can't find the base object for the whole domain.
What does 'samba-tool dbcheck' say? After a backup, does running it
with --fix resolve the issue or at least run clear?
If that is fixed (somehow), then what does 'samba-tool domain
exportkeytab' or 'pdbedit -L -v' say? Try turning up the debug level
to get a failure message if it fails.
But all said and done, it seems unlikely that that domain is in a
'good' enough state to continue.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list