Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] winbindd: Failed to fetch our own, local AD domain join password for winbindd's internal use
103 views
Skip to first unread message
Tom
Mar 27, 2015, 4:50:04 AM3/27/15
to
Hello,
I apologize in advance for cross-posting (and posting for help) to
samba-technical, but I've been seeking help on the samba list and bugzilla
since last week and have had no replies. Using Google, I've found this
issue referenced only once on the mailing list and once in a bugzilla bug
(10991). Unfortunately, I've found no resolutions.
The problem appears to be specific to Samba 4.2, where domains were
provisioned using classicupgrade. In my case, the classicupgrade provision
was performed just a few weeks after 4.0.0 was released, going from version
3.6.x > 4.0.0. I have since kept my install fairly up to date throughout
the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to
4.2.0. After this latest upgrade, S4 fails to start, with the above
mentioned error being logged to log.winbindd. I have found that adding
"server services = -winbindd +winbind" allows 4.2.0 to start correctly.
That said, I decided to revert to the 4.1.16 backup that I took immediately
before the upgrade. I did this just to be safe, as it appears to be
something specific to my AD directory, possibly related to the
classicupgrade. I say this because I do not have the issue with my test
domain, which was newly provisioned from 4.0.0.
I have moved a copy of my live 4.1.16 instance to a VM environment for
testing, and have duplicated the problem in testing. My goal was to upgrade
to 4.2.0 and setup a secondary DC here on-site before standing up 3 more
DCs at branch offices. I am wary of moving forward with this deployment
knowing this problem exists, or without at least better understanding what
is happening. The concern that something wrong with my AD directory
(stemming from the classicupgrade) is what really worries me and I
certainly don't want to start replicating "bad" data to remote sites.
If anyone has the time and can help me figure out this issue, it would be
much appreciated. I have included links to the bugzilla entry and the only
reference to this issue that I could find. If someone could help me
understand, what is Winbindd looking for when it throws the error "Failed
to fetch our own, local AD domain join password for winbindd's internal
use", perhaps that would get me looking in the right direction.
Bugzilla:
https://bugzilla.samba.org/show_bug.cgi?id=10991
Samba List:
https://lists.samba.org/archive/samba/2014-September/185031.html
log.winbindd
/usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started.
/usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba
Team 1992-2014
/usr/local/samba/sbin/winbindd: Maximum core file size limits now
16777216(soft) -1(hard)
/usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE
/usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and
LOG_CHANGED
/usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters
/usr/local/samba/sbin/winbindd: Initialising global parameters
/usr/local/samba/sbin/winbindd: rlimit_max: increasing rlimit_max (1024) to
minimum Windows limit (16384)
/usr/local/samba/sbin/winbindd: Processing section "[global]"
/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
bcast=10.0.2.255 netmask=255.255.255.0
/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
bcast=10.0.2.255 netmask=255.255.255.0
/usr/local/samba/sbin/winbindd: initialize_winbindd_cache: clearing cache
and re-creating with version number 2
/usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32
/usr/local/samba/sbin/winbindd: Added domain TESTDOM internal.testdom.com
SID_REMOVED
/usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
join password for winbindd's internal use
/usr/local/samba/sbin/winbindd: unable to initialize domain list
Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation not
permitted
winbindd daemon died with exit status 1
task_server_terminate: [winbindd child process exited]
samba_terminate: winbindd child process exited
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I apologize in advance for cross-posting (and posting for help) to
samba-technical, but I've been seeking help on the samba list and bugzilla
since last week and have had no replies. Using Google, I've found this
issue referenced only once on the mailing list and once in a bugzilla bug
(10991). Unfortunately, I've found no resolutions.
The problem appears to be specific to Samba 4.2, where domains were
provisioned using classicupgrade. In my case, the classicupgrade provision
was performed just a few weeks after 4.0.0 was released, going from version
3.6.x > 4.0.0. I have since kept my install fairly up to date throughout
the 4.0 and 4.1 cycles. I am currently trying to upgrade from 4.1.16 to
4.2.0. After this latest upgrade, S4 fails to start, with the above
mentioned error being logged to log.winbindd. I have found that adding
"server services = -winbindd +winbind" allows 4.2.0 to start correctly.
That said, I decided to revert to the 4.1.16 backup that I took immediately
before the upgrade. I did this just to be safe, as it appears to be
something specific to my AD directory, possibly related to the
classicupgrade. I say this because I do not have the issue with my test
domain, which was newly provisioned from 4.0.0.
I have moved a copy of my live 4.1.16 instance to a VM environment for
testing, and have duplicated the problem in testing. My goal was to upgrade
to 4.2.0 and setup a secondary DC here on-site before standing up 3 more
DCs at branch offices. I am wary of moving forward with this deployment
knowing this problem exists, or without at least better understanding what
is happening. The concern that something wrong with my AD directory
(stemming from the classicupgrade) is what really worries me and I
certainly don't want to start replicating "bad" data to remote sites.
If anyone has the time and can help me figure out this issue, it would be
much appreciated. I have included links to the bugzilla entry and the only
reference to this issue that I could find. If someone could help me
understand, what is Winbindd looking for when it throws the error "Failed
to fetch our own, local AD domain join password for winbindd's internal
use", perhaps that would get me looking in the right direction.
Bugzilla:
https://bugzilla.samba.org/show_bug.cgi?id=10991
Samba List:
https://lists.samba.org/archive/samba/2014-September/185031.html
log.winbindd
/usr/local/samba/sbin/winbindd: winbindd version 4.2.0 started.
/usr/local/samba/sbin/winbindd: Copyright Andrew Tridgell and the Samba
Team 1992-2014
/usr/local/samba/sbin/winbindd: Maximum core file size limits now
16777216(soft) -1(hard)
/usr/local/samba/sbin/winbindd: Registered MSG_REQ_POOL_USAGE
/usr/local/samba/sbin/winbindd: Registered MSG_REQ_DMALLOC_MARK and
LOG_CHANGED
/usr/local/samba/sbin/winbindd: lp_load_ex: refreshing parameters
/usr/local/samba/sbin/winbindd: Initialising global parameters
/usr/local/samba/sbin/winbindd: rlimit_max: increasing rlimit_max (1024) to
minimum Windows limit (16384)
/usr/local/samba/sbin/winbindd: Processing section "[global]"
/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
bcast=10.0.2.255 netmask=255.255.255.0
/usr/local/samba/sbin/winbindd: added interface enp0s3 ip=10.0.2.100
bcast=10.0.2.255 netmask=255.255.255.0
/usr/local/samba/sbin/winbindd: initialize_winbindd_cache: clearing cache
and re-creating with version number 2
/usr/local/samba/sbin/winbindd: Added domain BUILTIN (null) S-1-5-32
/usr/local/samba/sbin/winbindd: Added domain TESTDOM internal.testdom.com
SID_REMOVED
/usr/local/samba/sbin/winbindd: Failed to fetch our own, local AD domain
join password for winbindd's internal use
/usr/local/samba/sbin/winbindd: unable to initialize domain list
Child /usr/local/samba/sbin/winbindd exited with status 1 - Operation not
permitted
winbindd daemon died with exit status 1
task_server_terminate: [winbindd child process exited]
samba_terminate: winbindd child process exited
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
Mar 27, 2015, 5:40:03 AM3/27/15
to
Hai Tom,
Im not in 4.2 yet, but maybe i can help analize your problem. ( as long its possible, big power outage in the netherlands.. )
this : https://lists.samba.org/archive/samba/2014-September/185031.html
is a good example how not to setup your samba server.
so before we can think with, please post (and sorry if its again) some info.
Your OS?
Compiles samba or os provided samba, or sernet samba?
and the output of :
cat /etc/hosts
cat /etc/resolv.conf
cat /etc/hostname
cat /etc/nsswitch.conf
cat /etc/samba/smb.conf
some commands you can use to check your setup.
sudo net ads info
sudo net ads lookup
wbinfo -D TESTDOM
Louis
>-----Oorspronkelijk bericht-----
>Van: tsml4...@gmail.com
>[mailto:samba-...@lists.samba.org] Namens Tom
>Verzonden: donderdag 26 maart 2015 20:18
>Aan: samba-t...@lists.samba.org; sa...@lists.samba.org
>Onderwerp: [Samba] winbindd: Failed to fetch our own, local AD
Im not in 4.2 yet, but maybe i can help analize your problem. ( as long its possible, big power outage in the netherlands.. )
this : https://lists.samba.org/archive/samba/2014-September/185031.html
is a good example how not to setup your samba server.
so before we can think with, please post (and sorry if its again) some info.
Your OS?
Compiles samba or os provided samba, or sernet samba?
and the output of :
cat /etc/hosts
cat /etc/resolv.conf
cat /etc/hostname
cat /etc/nsswitch.conf
cat /etc/samba/smb.conf
some commands you can use to check your setup.
sudo net ads info
sudo net ads lookup
wbinfo -D TESTDOM
Louis
>-----Oorspronkelijk bericht-----
>Van: tsml4...@gmail.com
>[mailto:samba-...@lists.samba.org] Namens Tom
>Verzonden: donderdag 26 maart 2015 20:18
>Aan: samba-t...@lists.samba.org; sa...@lists.samba.org
>Onderwerp: [Samba] winbindd: Failed to fetch our own, local AD
Rowland Penny
Mar 27, 2015, 6:30:03 AM3/27/15
to
On 27/03/15 09:38, L.P.H. van Belle wrote:
> Hai Tom,
>
> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long its possible, big power outage in the netherlands.. )
>
> this : https://lists.samba.org/archive/samba/2014-September/185031.html
> is a good example how not to setup your samba server.
Er, which part is incorrect ??
> Hai Tom,
>
> Im not in 4.2 yet, but maybe i can help analize your problem. ( as long its possible, big power outage in the netherlands.. )
>
> this : https://lists.samba.org/archive/samba/2014-September/185031.html
> is a good example how not to setup your samba server.
Rowland
>
> so before we can think with, please post (and sorry if its again) some info.
>
> Your OS?
> Compiles samba or os provided samba, or sernet samba?
> and the output of :
> cat /etc/hosts
> cat /etc/resolv.conf
> cat /etc/hostname
> cat /etc/nsswitch.conf
> cat /etc/samba/smb.conf
>
> some commands you can use to check your setup.
> sudo net ads info
> sudo net ads lookup
> wbinfo -D TESTDOM
>
> Louis
>
>
>
>
>
>
L.P.H. van Belle
Mar 27, 2015, 6:30:03 AM3/27/15
to
# cat /etc/resolv.conf
> domain dc1.domain.com.br
> search domain.com.br
> nameserver 172.17.0.4
>
more cosmetic yes, because of the first domain then search.
but there should not be domain dc1.domain.com.br there.
this can mislead others. a "hostname" is not a domain..
>-----Oorspronkelijk bericht-----
>Van: rowlan...@googlemail.com
>[mailto:samba-...@lists.samba.org] Namens Rowland Penny
>Verzonden: vrijdag 27 maart 2015 11:22
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] winbindd: Failed to fetch our own,
> domain dc1.domain.com.br
> search domain.com.br
> nameserver 172.17.0.4
>
more cosmetic yes, because of the first domain then search.
but there should not be domain dc1.domain.com.br there.
this can mislead others. a "hostname" is not a domain..
>-----Oorspronkelijk bericht-----
>Van: rowlan...@googlemail.com
>[mailto:samba-...@lists.samba.org] Namens Rowland Penny
>Verzonden: vrijdag 27 maart 2015 11:22
>Aan: sa...@lists.samba.org
>Onderwerp: Re: [Samba] winbindd: Failed to fetch our own,
>local AD domain join password for winbindd's internal use
>
>
0 new messages