"Stefan Günther"
2015-Oct-06 12:40 UTC
[Samba] Failed to obtain server credentials, perhaps a standalone server?
Hello, we are running Samba 4.1.6 on Ubuntu 14.04 LTS 64 bit. Out of a sudden we weren't able to access the server. After we restarted the server, we found a running samba process, but no dns and kerberos. Starting Samba with "samba -i -M single" returned the following output: dreplsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded dreplsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded ldb_wrap open of secrets.ldb ldb_wrap open of idmap.ldb kccsrv_partition[DC=companynet,DC=net] loaded kccsrv_partition[CN=Configuration,DC=companynet,DC=net] loaded kccsrv_partition[CN=Schema,CN=Configuration,DC=companynet,DC=net] loaded kccsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded kccsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded Calling DNS name update script Calling SPN name update script task_server_terminate: [Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND ] /usr/sbin/smbd: smbd version 4.1.6-Ubuntu started. /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 /usr/sbin/smbd: Registered MSG_REQ_POOL_USAGE /usr/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED /usr/sbin/smbd: lp_load_ex: refreshing parameters /usr/sbin/smbd: Initialising global parameters /usr/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) /usr/sbin/smbd: params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" /usr/sbin/smbd: Processing section "[global]" /usr/sbin/smbd: Processing section "[netlogon]" /usr/sbin/smbd: Processing section "[sysvol]" /usr/sbin/smbd: Processing section "[profiles]" /usr/sbin/smbd: Processing section "[users]" /usr/sbin/smbd: Processing section "[kuris]" /usr/sbin/smbd: Processing section "[pdm]" /usr/sbin/smbd: Processing section "[scanfront]" /usr/sbin/smbd: Processing section "[formatsoftware]" /usr/sbin/smbd: Processing section "[edv]" /usr/sbin/smbd: Processing section "[dokumente]" /usr/sbin/smbd: Processing section "[printers]" /usr/sbin/smbd: Processing section "[Test]" /usr/sbin/smbd: adding IPC service /usr/sbin/smbd: added interface em2 ip=192.168.194.7 bcast=192.168.194.255 netmask=255.255.255.0 /usr/sbin/smbd: added interface em1 ip=10.20.30.40 bcast=10.20.30.255 netmask=255.255.255.0 /usr/sbin/smbd: loaded services /usr/sbin/smbd: Becoming a daemon. /usr/sbin/smbd: ldb_wrap open of idmap.ldb samba_terminate: Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND Nevertheless, samba has started, but doesn't offer any services: 15561 ? S 0:00 samba -D 15563 ? Ss 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground 15578 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground The file idmap.ldb is readable via ldbedit and the files secrets.ldb and secrets.keytab (which I assume have something to do with credentials) are also there and readable. Where does Samba look for credentials and what could be the reason that it does not finde them? [global] workgroup = COMPANYNET realm = COMPANYNET.NET netbios name = DBSRV server role = active directory domain controller dns forwarder = 192.168.194.6 idmap_ldb:use rfc2307 = yes server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc acl:search = no remote announce = 192.168.194.255/COMPANYNET syslog = no socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY min receivefile size = 16384 use sendfile = true aio read size = 16384 aio write size = 16384 map to guest = never log file = /var/log/samba/%U.log log level = 3 Thanks for any hints or suggestions, Stefan
Rowland Penny
2015-Oct-06 14:12 UTC
[Samba] Failed to obtain server credentials, perhaps a standalone server?
On 06/10/15 13:40, "Stefan Günther" wrote:> Hello, > > we are running Samba 4.1.6 on Ubuntu 14.04 LTS 64 bit. > > Out of a sudden we weren't able to access the server. After we restarted the server, we found a running samba process, but no dns and kerberos. > > Starting Samba with "samba -i -M single" returned the following output: > > dreplsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded > dreplsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded > ldb_wrap open of secrets.ldb > ldb_wrap open of idmap.ldb > kccsrv_partition[DC=companynet,DC=net] loaded > kccsrv_partition[CN=Configuration,DC=companynet,DC=net] loaded > kccsrv_partition[CN=Schema,CN=Configuration,DC=companynet,DC=net] loaded > kccsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded > kccsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded > Calling DNS name update script > Calling SPN name update script > task_server_terminate: [Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND > ] > /usr/sbin/smbd: smbd version 4.1.6-Ubuntu started. > /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 > /usr/sbin/smbd: Registered MSG_REQ_POOL_USAGE > /usr/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > /usr/sbin/smbd: lp_load_ex: refreshing parameters > /usr/sbin/smbd: Initialising global parameters > /usr/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > /usr/sbin/smbd: params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > /usr/sbin/smbd: Processing section "[global]" > /usr/sbin/smbd: Processing section "[netlogon]" > /usr/sbin/smbd: Processing section "[sysvol]" > /usr/sbin/smbd: Processing section "[profiles]" > /usr/sbin/smbd: Processing section "[users]" > /usr/sbin/smbd: Processing section "[kuris]" > /usr/sbin/smbd: Processing section "[pdm]" > /usr/sbin/smbd: Processing section "[scanfront]" > /usr/sbin/smbd: Processing section "[formatsoftware]" > /usr/sbin/smbd: Processing section "[edv]" > /usr/sbin/smbd: Processing section "[dokumente]" > /usr/sbin/smbd: Processing section "[printers]" > /usr/sbin/smbd: Processing section "[Test]" > /usr/sbin/smbd: adding IPC service > /usr/sbin/smbd: added interface em2 ip=192.168.194.7 bcast=192.168.194.255 netmask=255.255.255.0 > /usr/sbin/smbd: added interface em1 ip=10.20.30.40 bcast=10.20.30.255 netmask=255.255.255.0 > /usr/sbin/smbd: loaded services > /usr/sbin/smbd: Becoming a daemon. > /usr/sbin/smbd: ldb_wrap open of idmap.ldb > samba_terminate: Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND > > > Nevertheless, samba has started, but doesn't offer any services: > > > 15561 ? S 0:00 samba -D > 15563 ? Ss 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground > 15578 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground > > The file idmap.ldb is readable via ldbedit and the files secrets.ldb and secrets.keytab (which I assume have something to do with credentials) are also there and readable. > > Where does Samba look for credentials and what could be the reason that it does not finde them? > > [global] > workgroup = COMPANYNET > realm = COMPANYNET.NET > netbios name = DBSRV > server role = active directory domain controller > dns forwarder = 192.168.194.6 > idmap_ldb:use rfc2307 = yes > server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc > acl:search = no > remote announce = 192.168.194.255/COMPANYNET > syslog = no > socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY > min receivefile size = 16384 > use sendfile = true > aio read size = 16384 > aio write size = 16384 > map to guest = never > log file =/var/log/samba/%U.log > log level = 3 > > Thanks for any hints or suggestions, > > Stefan > > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaHi, I would remove these lines from your smb.conf: server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc acl:search = no remote announce = 192.168.194.255/COMPANYNET socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY The first is not needed as you seem to be running with the internal dns and I have never seen it entered like you have. you might as well remove all the plus signs and then you would have the defaults and as such you do not need to have the line. the second doesn't seem to exist you do not need the third, it is aimed at nmdb and you do not use nmdb with an AD DC the last is just pure voodoo Do you have file called 'sam.ldb' ? It should be in /var/lib/samba/private How did you provision the DC? Rowland
Reasonably Related Threads
- Samba 4 Kerberos: Failed to decrypt PA-DATA
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- 4.0 stopped working after updating xubuntu 13.04
- Samba 4: Workstations unable to join, "The specified network name is no longer available"
- Migration Problem