Andrew Scott
2016-Apr-24 16:19 UTC
[Samba] Unable to start winbindd, Could not fetch our SID - did we join?
I've been searching this lists archives and using the Googles for two days
now, and keep coming across the same messages from before 2012 with the
errors I'm getting, so either I'm seeing something new, or I've
missed
something stupid.
I've been following the HOWTOs here from Samba.org. In each case below, I
uninstalled the provided Samba packages and built from source. Version is
4.4.2
I successfully got an AD DC running on my raspberry Pi using this tutorial:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
This completed successfully and without errors. All the little checks for
AD DNS work, I can query the directory with ldap tools and net ads, all
looks exactly like the tutorial says it should.
Then I stepped over to the Ubuntu 14.04 machine I wanted to join to the
domain for use as a file server. I've been following this HOWTO:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
I get through the domain join process with no errors:
root at cloud:/var/log/samba# kinit administrator at HOME.ANDREWDSCOTT.COM
administrator at HOME.ANDREWDSCOTT.COM's Password:
root at cloud:/var/log/samba# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: administrator at HOME.ANDREWDSCOTT.COM
Issued Expires Principal
Apr 24 11:42:48 2016 Apr 24 21:42:43 2016 krbtgt/
HOME.ANDREWDSCOTT.COM at HOME.ANDREWDSCOTT.COM
root at cloud:/var/log/samba# net ads join -UAdministrator
Enter Administrator's password:
Using short domain name -- HOME
Joined 'CLOUD' to dns domain 'home.andrewdscott.com'
All good, right?
But winbindd will not start:
root at cloud:/var/log/samba# winbindd -SFd 9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Maximum core file size limits now 16777216(soft) -1(hard)
winbindd version 4.4.2 started.
Copyright Andrew Tridgell and the Samba Team 1992-2016
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter netbios name = CLOUD
doing parameter security = ADS
doing parameter workgroup = HOME
doing parameter realm = HOME.ANDREWDSCOTT.COM
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 1
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config HOME:backend = ad
doing parameter idmap config HOME:schema_mode = rfc2307
doing parameter idmap config HOME:range = 10000-99999
doing parameter winbind nss info = rfc2307
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Maximum core file size limits now 16777216(soft) -1(hard)
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter netbios name = CLOUD
doing parameter security = ADS
doing parameter workgroup = HOME
doing parameter realm = HOME.ANDREWDSCOTT.COM
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 1
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config HOME:backend = ad
doing parameter idmap config HOME:schema_mode = rfc2307
doing parameter idmap config HOME:range = 10000-99999
doing parameter winbind nss info = rfc2307
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8
bcastnetmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="CLOUD"
added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8
bcastnetmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
fcntl_lock 10 6 0 1 1
fcntl_lock: Lock call successful
TimeInit: Serverzone is 14400
initialize_winbindd_cache: clearing cache and re-creating with version
number 2
check lock order 2 for /usr/local/samba/var/lock/serverid.tdb
release lock order 2 for /usr/local/samba/var/lock/serverid.tdb
Registering messaging pointer for type 33 - private_data=(nil)
Registering messaging pointer for type 13 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1029 - private_data=(nil)
Registering messaging pointer for type 1036 - private_data=(nil)
Registering messaging pointer for type 1035 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1032 - private_data=(nil)
Registering messaging pointer for type 1033 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Overriding messaging pointer for type 1 - private_data=(nil)
Added domain BUILTIN (null) S-1-5-32
Added domain CLOUD (null) S-1-5-21-3482572668-4024874448-1988079025
Could not fetch our SID - did we join?
unable to initialize domain list
Any clues as to what I'm doing wrong here?
Thanks!
Andrew
Rowland penny
2016-Apr-24 17:15 UTC
[Samba] Unable to start winbindd, Could not fetch our SID - did we join?
On 24/04/16 17:19, Andrew Scott wrote:> I've been searching this lists archives and using the Googles for two days > now, and keep coming across the same messages from before 2012 with the > errors I'm getting, so either I'm seeing something new, or I've missed > something stupid. > > I've been following the HOWTOs here from Samba.org. In each case below, I > uninstalled the provided Samba packages and built from source. Version is > 4.4.2 > > I successfully got an AD DC running on my raspberry Pi using this tutorial: > https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller > > This completed successfully and without errors. All the little checks for > AD DNS work, I can query the directory with ldap tools and net ads, all > looks exactly like the tutorial says it should. > > Then I stepped over to the Ubuntu 14.04 machine I wanted to join to the > domain for use as a file server. I've been following this HOWTO: > https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member > > I get through the domain join process with no errors: > > root at cloud:/var/log/samba# kinit administrator at HOME.ANDREWDSCOTT.COM > administrator at HOME.ANDREWDSCOTT.COM's Password: > root at cloud:/var/log/samba# klist > Credentials cache: FILE:/tmp/krb5cc_0 > Principal: administrator at HOME.ANDREWDSCOTT.COM > > Issued Expires Principal > Apr 24 11:42:48 2016 Apr 24 21:42:43 2016 krbtgt/ > HOME.ANDREWDSCOTT.COM at HOME.ANDREWDSCOTT.COM > > root at cloud:/var/log/samba# net ads join -UAdministrator > Enter Administrator's password: > Using short domain name -- HOME > Joined 'CLOUD' to dns domain 'home.andrewdscott.com' > > All good, right? > > But winbindd will not start: > > root at cloud:/var/log/samba# winbindd -SFd 9 > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 9 > ldb: 9 > tevent: 9 > Maximum core file size limits now 16777216(soft) -1(hard) > winbindd version 4.4.2 started. > Copyright Andrew Tridgell and the Samba Team 1992-2016 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 9 > ldb: 9 > tevent: 9 > Processing section "[global]" > doing parameter netbios name = CLOUD > doing parameter security = ADS > doing parameter workgroup = HOME > doing parameter realm = HOME.ANDREWDSCOTT.COM > doing parameter log file = /var/log/samba/%m.log > doing parameter log level = 1 > doing parameter dedicated keytab file = /etc/krb5.keytab > doing parameter kerberos method = secrets and keytab > doing parameter winbind refresh tickets = yes > doing parameter winbind trusted domains only = no > doing parameter winbind use default domain = yes > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter idmap config *:backend = tdb > doing parameter idmap config *:range = 2000-9999 > doing parameter idmap config HOME:backend = ad > doing parameter idmap config HOME:schema_mode = rfc2307 > doing parameter idmap config HOME:range = 10000-99999 > doing parameter winbind nss info = rfc2307 > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Maximum core file size limits now 16777216(soft) -1(hard) > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 9 > tdb: 9 > printdrivers: 9 > lanman: 9 > smb: 9 > rpc_parse: 9 > rpc_srv: 9 > rpc_cli: 9 > passdb: 9 > sam: 9 > auth: 9 > winbind: 9 > vfs: 9 > idmap: 9 > quota: 9 > acls: 9 > locking: 9 > msdfs: 9 > dmapi: 9 > registry: 9 > scavenger: 9 > dns: 9 > ldb: 9 > tevent: 9 > Processing section "[global]" > doing parameter netbios name = CLOUD > doing parameter security = ADS > doing parameter workgroup = HOME > doing parameter realm = HOME.ANDREWDSCOTT.COM > doing parameter log file = /var/log/samba/%m.log > doing parameter log level = 1 > doing parameter dedicated keytab file = /etc/krb5.keytab > doing parameter kerberos method = secrets and keytab > doing parameter winbind refresh tickets = yes > doing parameter winbind trusted domains only = no > doing parameter winbind use default domain = yes > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter idmap config *:backend = tdb > doing parameter idmap config *:range = 2000-9999 > doing parameter idmap config HOME:backend = ad > doing parameter idmap config HOME:schema_mode = rfc2307 > doing parameter idmap config HOME:range = 10000-99999 > doing parameter winbind nss info = rfc2307 > pm_process() returned Yes > lp_servicenumber: couldn't find homes > added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast> netmask=ffff:ffff:ffff:ffff:: > added interface eth0 ip=192.168.1.20 bcast=192.168.1.255 > netmask=255.255.255.0 > Netbios name list:- > my_netbios_names[0]="CLOUD" > added interface eth0 ip=2607:fcc8:a006:a800:d250:99ff:fe73:44a8 bcast> netmask=ffff:ffff:ffff:ffff:: > added interface eth0 ip=192.168.1.20 bcast=192.168.1.255 > netmask=255.255.255.0 > fcntl_lock 10 6 0 1 1 > fcntl_lock: Lock call successful > TimeInit: Serverzone is 14400 > initialize_winbindd_cache: clearing cache and re-creating with version > number 2 > check lock order 2 for /usr/local/samba/var/lock/serverid.tdb > release lock order 2 for /usr/local/samba/var/lock/serverid.tdb > Registering messaging pointer for type 33 - private_data=(nil) > Registering messaging pointer for type 13 - private_data=(nil) > Registering messaging pointer for type 1028 - private_data=(nil) > Registering messaging pointer for type 1027 - private_data=(nil) > Registering messaging pointer for type 1029 - private_data=(nil) > Registering messaging pointer for type 1036 - private_data=(nil) > Registering messaging pointer for type 1035 - private_data=(nil) > Registering messaging pointer for type 1280 - private_data=(nil) > Registering messaging pointer for type 1032 - private_data=(nil) > Registering messaging pointer for type 1033 - private_data=(nil) > Registering messaging pointer for type 1034 - private_data=(nil) > Registering messaging pointer for type 1 - private_data=(nil) > Overriding messaging pointer for type 1 - private_data=(nil) > Added domain BUILTIN (null) S-1-5-32 > Added domain CLOUD (null) S-1-5-21-3482572668-4024874448-1988079025 > Could not fetch our SID - did we join? > unable to initialize domain list > > > Any clues as to what I'm doing wrong here? > Thanks! > AndrewThere appears to be just one thing wrong with your post subject 'Unable to start winbindd' and this is: winbindd version 4.4.2 started. So it appears that winbindd is starting, try this: ps ax | grep winbind It should return something like this: 2952 ? Ss 0:07 /usr/sbin/winbindd -D 3030 ? S 1:57 /usr/sbin/winbindd -D 3321 ? S 0:00 /usr/sbin/winbindd -D 3333 ? S 0:01 /usr/sbin/winbindd -D 3334 ? S 0:00 /usr/sbin/winbindd -D 22544 pts/2 S+ 0:00 grep winbind Can you post your /etc/krb5.conf, /etc/resolv.conf and /etc/hosts files Rowland
Apparently Analagous Threads
- Samba 4.8 RODC not working
- Samba4 member of an another « Samba4 » domain
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- I can't join the new AD server with Samba4