Web lists-archives.com

Re: [Samba] winbind failed to reset devices.list was: samba.service is masked (Debian 9)




Am 13.01.2019 um 10:44 schrieb Rowland Penny via samba:
On Sun, 13 Jan 2019 08:09:52 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:
Am 12.01.2019 um 23:08 schrieb Rowland Penny via samba:
On Sat, 12 Jan 2019 22:04:50 +0100
Anton Blau via samba <samba@xxxxxxxxxxxxxxx> wrote:

Is this all you installed ? :
apt-get install samba

If so try reading this:

https://wiki.samba.org/index.php/Distribution-specific_Package_Installation


Hello Rowland,


thank you for your help. I took a few steps further.

* I installed the additional needed packages like

https://wiki.samba.org/index.php/Distribution-specific_Package_Installation

apt-get install samba attr winbind krb5-config krb5-user

Default Kerberos version 5 realm: DUCK.LOCALLAN
Kerberos servers for your realm: fileserver localhost
Administrative server for your Kerberos realm: fileserver
Hmm, you posted this as part of your smb.conf:

   realm = SMBDOMAIN.LOCAL.COMASYS.CH
   netbios name = FILE

The two do not match.

Can you post the contents of the following files:

/etc/hostname
/etc/hosts
/etc/resolv.conf

Sorry, this is my

-> smb.conf

# Global parameters
[global]
        netbios name = FILESERVER
        realm = SMBDOMAIN.DUCK.LOCALLAN
        workgroup = SMBDOMAIN
        dns forwarder = 192.168.1.254
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/smbdomain.duck.locallan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


-> /etc/hostname

fileserver

-> /etc/hosts

127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodesff02::2         ip6-allrouters
# --- BEGIN PVE ---
192.168.1.220 fileserver.duck fileserver
# --- END PVE ---

-> /etc/resolv.conf

# --- BEGIN PVE ---
search duck
nameserver 192.168.1.254
# --- END PVE ---


Also, if you are going to use the DC as a fileserver, you need to
install more packages from the list.

O. K. I run:

apt-get install samba attr winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user

But I got the same error:

Reading package lists... Done
Building dependency tree
Reading state information... Done
attr is already the newest version (1:2.4.47-2+b2).
krb5-config is already the newest version (2.6).
krb5-user is already the newest version (1.15-1+deb9u1).
libpam-krb5 is already the newest version (4.7-4).
libnss-winbind is already the newest version (2:4.5.12+dfsg-2+deb9u4).
libpam-winbind is already the newest version (2:4.5.12+dfsg-2+deb9u4).
samba is already the newest version (2:4.5.12+dfsg-2+deb9u4).
winbind is already the newest version (2:4.5.12+dfsg-2+deb9u4).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
3 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up winbind (2:4.5.12+dfsg-2+deb9u4) ...
Job for winbind.service failed because the control process exited with error code.
See "systemctl status winbind.service" and "journalctl -xe" for details.
invoke-rc.d: initscript winbind, action "start" failed.
* winbind.service - Samba Winbind Daemon
   Loaded: loaded (/lib/systemd/system/winbind.service; enabled; vendor preset: enabled)    Active: failed (Result: exit-code) since Sun 2019-01-13 12:14:43 UTC; 5ms ago
     Docs: man:winbindd(8)
           man:samba(7)
           man:smb.conf(5)
  Process: 533 ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS (code=exited, status=1/FAILURE)
 Main PID: 533 (code=exited, status=1/FAILURE)

Jan 13 12:14:43 fileserver systemd[1]: winbind.service: Failed to reset devices.list: Operation n…mitted
Jan 13 12:14:43 fileserver systemd[1]: Starting Samba Winbind Daemon...
Jan 13 12:14:43 fileserver systemd[1]: winbind.service: Main process exited, code=exited, status=…AILURE
Jan 13 12:14:43 fileserver systemd[1]: Failed to start Samba Winbind Daemon.
Jan 13 12:14:43 fileserver systemd[1]: winbind.service: Unit entered failed state. Jan 13 12:14:43 fileserver systemd[1]: winbind.service: Failed with result 'exit-code'.
Hint: Some lines were ellipsized, use -l to show in full.
dpkg: error processing package winbind (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of libpam-winbind:amd64:
 libpam-winbind:amd64 depends on winbind (= 2:4.5.12+dfsg-2+deb9u4); however:
  Package winbind is not configured yet.

dpkg: error processing package libpam-winbind:amd64 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of libnss-winbind:amd64:
 libnss-winbind:amd64 depends on winbind (= 2:4.5.12+dfsg-2+deb9u4); however:
  Package winbind is not configured yet.

dpkg: error processing package libnss-winbind:amd64 (--configure):
 dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Errors were encountered while processing:
 winbind
 libpam-winbind:amd64
 libnss-winbind:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)


It looks like winbind was already installed.

That´s right. So I try:

dpkg --purge winbind libpam-winbind libnss-winbind
(Reading database ... 23532 files and directories currently installed.)
Removing libpam-winbind:amd64 (2:4.5.12+dfsg-2+deb9u4) ...
Removing libnss-winbind:amd64 (2:4.5.12+dfsg-2+deb9u4) ...
Removing winbind (2:4.5.12+dfsg-2+deb9u4) ...
Purging configuration files for winbind (2:4.5.12+dfsg-2+deb9u4) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for libc-bin (2.24-11+deb9u3) ...
Processing triggers for systemd (232-25+deb9u6) ...

But after install I got the same error.

That is actually a good thing, on a Samba AD DC you ONLY start the
'samba' binary. This is achieved on Debian by 'systemctl
start samba-ad-dc', the 'samba' binary will then start 'smbd' &
'winbind'

O. K. If I start with systemctl start samba-ad-dc I got in /var/log/syslog:


Jan 13 12:22:56 fileserver samba[1036]:   samba version 4.5.12-Debian started. Jan 13 12:22:56 fileserver samba[1036]:   Copyright Andrew Tridgell and the Samba Team 1992-2016 Jan 13 12:22:56 fileserver systemd[1]: samba-ad-dc.service: Supervising process 1037 which is not our child. We'll most likely not notice when it exits. Jan 13 12:22:57 fileserver samba[1037]: [2019/01/13 12:22:57.599804,  0] ../source4/smbd/server.c:479(binary_smbd_main) Jan 13 12:22:57 fileserver samba[1037]:   samba: using 'standard' process model Jan 13 12:22:57 fileserver samba[1042]: [2019/01/13 12:22:57.613205,  0] ../source4/lib/tls/tlscert.c:72(tls_cert_generate) Jan 13 12:22:57 fileserver samba[1042]:   Attempting to autogenerate TLS self-signed keys for https forhostname 'FILESERVER.smbdomain.duck.locallan'
Jan 13 12:22:57 fileserver systemd[1]: Started Samba AD Daemon.
Jan 13 12:22:57 fileserver samba[1037]: [2019/01/13 12:22:57.633624,  0] ../lib/util/become_daemon.c:124(daemon_ready) Jan 13 12:22:57 fileserver samba[1037]:   STATUS=daemon 'samba' finished starting up and ready to serveconnections Jan 13 12:22:57 fileserver winbindd[1051]: [2019/01/13 12:22:57.750434,  0] ../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache) Jan 13 12:22:57 fileserver winbindd[1051]: initialize_winbindd_cache: clearing cache and re-creating with version number 2 Jan 13 12:23:11 fileserver samba[1042]: [2019/01/13 12:23:11.240203,  0] ../source4/lib/tls/tlscert.c:167(tls_cert_generate)
Jan 13 12:23:11 fileserver samba[1042]:   TLS self-signed keys generated OK
Jan 13 12:23:17 fileserver samba[1049]: [2019/01/13 12:23:17.940007,  0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done) Jan 13 12:23:17 fileserver samba[1049]: ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 110 Jan 13 12:23:19 fileserver samba[1049]: [2019/01/13 12:23:19.332778,  0] ../source4/dsdb/dns/dns_update.c:313(dnsupdate_spnupdate_done) Jan 13 12:23:19 fileserver samba[1049]: ../source4/dsdb/dns/dns_update.c:313: Failed SPN update - with error code 110 Jan 13 12:23:21 fileserver samba[1037]: [2019/01/13 12:23:21.061943,  0] ../source4/smbd/process_standard.c:127(standard_child_pipe_handler) Jan 13 12:23:21 fileserver samba[1037]:   Child 1044 (kdc) terminated with signal 9


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba