"Stefan Günther"
2015-Oct-06 12:40 UTC
[Samba] Failed to obtain server credentials, perhaps a standalone server?
Hello,
we are running Samba 4.1.6 on Ubuntu 14.04 LTS 64 bit.
Out of a sudden we weren't able to access the server. After we restarted the
server, we found a running samba process, but no dns and kerberos.
Starting Samba with "samba -i -M single" returned the following
output:
dreplsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded
dreplsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded
ldb_wrap open of secrets.ldb
ldb_wrap open of idmap.ldb
kccsrv_partition[DC=companynet,DC=net] loaded
kccsrv_partition[CN=Configuration,DC=companynet,DC=net] loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=companynet,DC=net] loaded
kccsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded
kccsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded
Calling DNS name update script
Calling SPN name update script
task_server_terminate: [Failed to obtain server credentials, perhaps a
standalone server?: NT_STATUS_NOT_FOUND
]
/usr/sbin/smbd: smbd version 4.1.6-Ubuntu started.
/usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013
/usr/sbin/smbd: Registered MSG_REQ_POOL_USAGE
/usr/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
/usr/sbin/smbd: lp_load_ex: refreshing parameters
/usr/sbin/smbd: Initialising global parameters
/usr/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows
limit (16384)
/usr/sbin/smbd: params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
/usr/sbin/smbd: Processing section "[global]"
/usr/sbin/smbd: Processing section "[netlogon]"
/usr/sbin/smbd: Processing section "[sysvol]"
/usr/sbin/smbd: Processing section "[profiles]"
/usr/sbin/smbd: Processing section "[users]"
/usr/sbin/smbd: Processing section "[kuris]"
/usr/sbin/smbd: Processing section "[pdm]"
/usr/sbin/smbd: Processing section "[scanfront]"
/usr/sbin/smbd: Processing section "[formatsoftware]"
/usr/sbin/smbd: Processing section "[edv]"
/usr/sbin/smbd: Processing section "[dokumente]"
/usr/sbin/smbd: Processing section "[printers]"
/usr/sbin/smbd: Processing section "[Test]"
/usr/sbin/smbd: adding IPC service
/usr/sbin/smbd: added interface em2 ip=192.168.194.7 bcast=192.168.194.255
netmask=255.255.255.0
/usr/sbin/smbd: added interface em1 ip=10.20.30.40 bcast=10.20.30.255
netmask=255.255.255.0
/usr/sbin/smbd: loaded services
/usr/sbin/smbd: Becoming a daemon.
/usr/sbin/smbd: ldb_wrap open of idmap.ldb
samba_terminate: Failed to obtain server credentials, perhaps a standalone
server?: NT_STATUS_NOT_FOUND
Nevertheless, samba has started, but doesn't offer any services:
15561 ? S 0:00 samba -D
15563 ? Ss 0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
15578 ? S 0:00 /usr/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
The file idmap.ldb is readable via ldbedit and the files secrets.ldb and
secrets.keytab (which I assume have something to do with credentials) are also
there and readable.
Where does Samba look for credentials and what could be the reason that it does
not finde them?
[global]
workgroup = COMPANYNET
realm = COMPANYNET.NET
netbios name = DBSRV
server role = active directory domain controller
dns forwarder = 192.168.194.6
idmap_ldb:use rfc2307 = yes
server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl
+winbind +ntp_signd +kcc
acl:search = no
remote announce = 192.168.194.255/COMPANYNET
syslog = no
socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY
min receivefile size = 16384
use sendfile = true
aio read size = 16384
aio write size = 16384
map to guest = never
log file = /var/log/samba/%U.log
log level = 3
Thanks for any hints or suggestions,
Stefan
Rowland Penny
2015-Oct-06 14:12 UTC
[Samba] Failed to obtain server credentials, perhaps a standalone server?
On 06/10/15 13:40, "Stefan Günther" wrote:> Hello, > > we are running Samba 4.1.6 on Ubuntu 14.04 LTS 64 bit. > > Out of a sudden we weren't able to access the server. After we restarted the server, we found a running samba process, but no dns and kerberos. > > Starting Samba with "samba -i -M single" returned the following output: > > dreplsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded > dreplsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded > ldb_wrap open of secrets.ldb > ldb_wrap open of idmap.ldb > kccsrv_partition[DC=companynet,DC=net] loaded > kccsrv_partition[CN=Configuration,DC=companynet,DC=net] loaded > kccsrv_partition[CN=Schema,CN=Configuration,DC=companynet,DC=net] loaded > kccsrv_partition[DC=DomainDnsZones,DC=companynet,DC=net] loaded > kccsrv_partition[DC=ForestDnsZones,DC=companynet,DC=net] loaded > Calling DNS name update script > Calling SPN name update script > task_server_terminate: [Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND > ] > /usr/sbin/smbd: smbd version 4.1.6-Ubuntu started. > /usr/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2013 > /usr/sbin/smbd: Registered MSG_REQ_POOL_USAGE > /usr/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > /usr/sbin/smbd: lp_load_ex: refreshing parameters > /usr/sbin/smbd: Initialising global parameters > /usr/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > /usr/sbin/smbd: params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > /usr/sbin/smbd: Processing section "[global]" > /usr/sbin/smbd: Processing section "[netlogon]" > /usr/sbin/smbd: Processing section "[sysvol]" > /usr/sbin/smbd: Processing section "[profiles]" > /usr/sbin/smbd: Processing section "[users]" > /usr/sbin/smbd: Processing section "[kuris]" > /usr/sbin/smbd: Processing section "[pdm]" > /usr/sbin/smbd: Processing section "[scanfront]" > /usr/sbin/smbd: Processing section "[formatsoftware]" > /usr/sbin/smbd: Processing section "[edv]" > /usr/sbin/smbd: Processing section "[dokumente]" > /usr/sbin/smbd: Processing section "[printers]" > /usr/sbin/smbd: Processing section "[Test]" > /usr/sbin/smbd: adding IPC service > /usr/sbin/smbd: added interface em2 ip=192.168.194.7 bcast=192.168.194.255 netmask=255.255.255.0 > /usr/sbin/smbd: added interface em1 ip=10.20.30.40 bcast=10.20.30.255 netmask=255.255.255.0 > /usr/sbin/smbd: loaded services > /usr/sbin/smbd: Becoming a daemon. > /usr/sbin/smbd: ldb_wrap open of idmap.ldb > samba_terminate: Failed to obtain server credentials, perhaps a standalone server?: NT_STATUS_NOT_FOUND > > > Nevertheless, samba has started, but doesn't offer any services: > > > 15561 ? S 0:00 samba -D > 15563 ? Ss 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground > 15578 ? S 0:00 /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground > > The file idmap.ldb is readable via ldbedit and the files secrets.ldb and secrets.keytab (which I assume have something to do with credentials) are also there and readable. > > Where does Samba look for credentials and what could be the reason that it does not finde them? > > [global] > workgroup = COMPANYNET > realm = COMPANYNET.NET > netbios name = DBSRV > server role = active directory domain controller > dns forwarder = 192.168.194.6 > idmap_ldb:use rfc2307 = yes > server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc > acl:search = no > remote announce = 192.168.194.255/COMPANYNET > syslog = no > socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY > min receivefile size = 16384 > use sendfile = true > aio read size = 16384 > aio write size = 16384 > map to guest = never > log file =/var/log/samba/%U.log > log level = 3 > > Thanks for any hints or suggestions, > > Stefan > > -- To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaHi, I would remove these lines from your smb.conf: server services = +dns +s3fs +rpc +nbt +wrepl +ldap +cldap +kdc +drepl +winbind +ntp_signd +kcc acl:search = no remote announce = 192.168.194.255/COMPANYNET socket options=SO_RCVBUF=131072 SO_SNDBUF=131072 TCP_NODELAY The first is not needed as you seem to be running with the internal dns and I have never seen it entered like you have. you might as well remove all the plus signs and then you would have the defaults and as such you do not need to have the line. the second doesn't seem to exist you do not need the third, it is aimed at nmdb and you do not use nmdb with an AD DC the last is just pure voodoo Do you have file called 'sam.ldb' ? It should be in /var/lib/samba/private How did you provision the DC? Rowland
Maybe Matching Threads
- Samba 4 Kerberos: Failed to decrypt PA-DATA
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- 4.0 stopped working after updating xubuntu 13.04
- Samba 4: Workstations unable to join, "The specified network name is no longer available"
- Migration Problem