samba - Nov 2016 - Samba using pdb ldapsam fails upon startup

Dear all,

I freshly installed a new smb-server that should act as file server with 
some smb-shares.

The pdc is a Windows 2008 r2 server.

My smb.conf is as follows:

[global]
         workgroup = agroup
         server string = ssmbserver
         #passdb backend = tdbsam
         map to guest = Bad User
         usershare allow guests = No
         security = domain
         wins support = No
         domain logons = No
         domain master = No
         # LDAP
         idmap backend = ldap:ldap://apdc.agroup.privat
         ldap suffix = DC=agroup,DC=privat
         ldap admin dn = CN=Administrator,CN=users,DC=agroup,DC=privat
         ldap user suffix = ou=Users
         ldap group suffix = ou=Groups
         ldap idmap suffix = ou=Idmap
         ldap machine suffix = ou=Machines
         ldap passwd sync = Yes
         ldap ssl = Off
         passdb backend = ldapsam:ldap://apdc.agroup.privat
         idmap gid = 1000-20000
         idmap uid = 1000-20000
         username level = 1
         realm = AGROUP.PRIVAT
         template homedir = /home/%D/%U
         winbind refresh tickets = yes
         password server = *
[homes]
[...]

If I try to start samba, the error message will be as follows:

-- Logs begin at Thu 2016-09-08 15:01:19 CEST, end at Wed 2016-11-02 
16:28:57 CET. --
Nov 02 16:28:52 asmbserver systemd[1]: smb.service: Supervising process 
19785 which is not our child. We'll most likely not notice when it exits.
Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02 16:28:57.807635,  0] 
../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
Nov 02 16:28:57 asmbserver smbd[19785]: smbldap_search_domain_info: 
Adding domain info for ASMBSERVER failed with NT_STATUS_UNSUCCESSFUL
Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02 16:28:57.807745,  0] 
../source3/passdb/pdb_ldap.c:6558(pdb_ldapsam_init_common)
Nov 02 16:28:57 asmbserver smbd[19785]: pdb_init_ldapsam: WARNING: Could 
not get domain info, nor add one to the domain. We cannot work reliably 
without it.
Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02 16:28:57.807779,  0] 
../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
Nov 02 16:28:57 asmbserver smbd[19785]: pdb backend 
ldapsam:ldap://apdc.privat did not correctly init (error was 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
Nov 02 16:28:57 asmbserver systemd[1]: smb.service: main process exited, 
code=exited, status=1/FAILURE
Nov 02 16:28:57 asmbserver systemd[1]: Failed to start Samba SMB Daemon.
-- Subject: Unit smb.service has failed

When I use passwd tdbsam, it will work fine, but I guess I use the 
NIS-accounts instead.

Thanks in advance,

Karsten


-- 
_____________________________________________________
Karsten Voigt, Msc.
Institut für Genetik und Experimentelle Bioinformatik
University of Freiburg, BIO III
t: 0761-2036948
m: 0176-61110420
e: karsten.voigt at biologie.uni-freiburg.de
_____________________________________________________

On Wed, 2 Nov 2016 17:56:11 +0100
Karsten Voigt via samba <samba at lists.samba.org> wrote:
> Dear all,
> 
> I freshly installed a new smb-server that should act as file server
> with some smb-shares.
> 
> The pdc is a Windows 2008 r2 server.
> 
> My smb.conf is as follows:
> 
> [global]
>          workgroup = agroup
>          server string = ssmbserver
>          #passdb backend = tdbsam
>          map to guest = Bad User
>          usershare allow guests = No
>          security = domain
>          wins support = No
>          domain logons = No
>          domain master = No
>          # LDAP
>          idmap backend = ldap:ldap://apdc.agroup.privat
>          ldap suffix = DC=agroup,DC=privat
>          ldap admin dn = CN=Administrator,CN=users,DC=agroup,DC=privat
>          ldap user suffix = ou=Users
>          ldap group suffix = ou=Groups
>          ldap idmap suffix = ou=Idmap
>          ldap machine suffix = ou=Machines
>          ldap passwd sync = Yes
>          ldap ssl = Off
>          passdb backend = ldapsam:ldap://apdc.agroup.privat
>          idmap gid = 1000-20000
>          idmap uid = 1000-20000
>          username level = 1
>          realm = AGROUP.PRIVAT
>          template homedir = /home/%D/%U
>          winbind refresh tickets = yes
>          password server = *
> [homes]
> [...]
> 
> If I try to start samba, the error message will be as follows:
> 
> -- Logs begin at Thu 2016-09-08 15:01:19 CEST, end at Wed 2016-11-02 
> 16:28:57 CET. --
> Nov 02 16:28:52 asmbserver systemd[1]: smb.service: Supervising
> process 19785 which is not our child. We'll most likely not notice
> when it exits. Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02
> 16:28:57.807635,
> 0] ../source3/passdb/pdb_ldap_util.c:313(smbldap_search_domain_info)
> Nov 02 16:28:57 asmbserver smbd[19785]: smbldap_search_domain_info:
> Adding domain info for ASMBSERVER failed with NT_STATUS_UNSUCCESSFUL
> Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02 16:28:57.807745,
> 0] ../source3/passdb/pdb_ldap.c:6558(pdb_ldapsam_init_common) Nov 02
> 16:28:57 asmbserver smbd[19785]: pdb_init_ldapsam: WARNING: Could not
> get domain info, nor add one to the domain. We cannot work reliably
> without it. Nov 02 16:28:57 asmbserver smbd[19785]: [2016/11/02
> 16:28:57.807779,
> 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name) Nov 02
> 16:28:57 asmbserver smbd[19785]: pdb backend
> ldapsam:ldap://apdc.privat did not correctly init (error was
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO) Nov 02 16:28:57 asmbserver
> systemd[1]: smb.service: main process exited, code=exited,
> status=1/FAILURE Nov 02 16:28:57 asmbserver systemd[1]: Failed to
> start Samba SMB Daemon. -- Subject: Unit smb.service has failed
> 
> When I use passwd tdbsam, it will work fine, but I guess I use the 
> NIS-accounts instead.
> 
> Thanks in advance,
> 
> Karsten
> 
> 
Are you really running a 2008R2 as an NT4-style PDC ??
Or is it actually an AD DC ?

If the later, see here:

 https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member

Rowland