ipa-adtrust-install fails with ipa : CRITICAL CIFS services failed to start

Latest response

Good Afternoon,

I've been stuck on this issue for most of the day, systemctl status smb.service reports:

â smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2016-01-26 16:49:17 CST; 46s ago
Process: 26597 ExecStart=/usr/sbin/smbd $SMBDOPTIONS (code=exited, status=1/FAILURE)
Main PID: 26597 (code=exited, status=1/FAILURE)
Status: "Starting process..."

Jan 26 16:49:16 . smbd[26597]: [2016/01/26 16:49:16.955154, 0] ipa_sam.c:4208(bind_callback_cleanup)
Jan 26 16:49:16 . smbd[26597]: kerberos error: code=-1765328203, message=Keytab contains no suitable keys for cifs/.@
Jan 26 16:49:17 . smbd[26597]: [2016/01/26 16:49:17.955603, 0] ipa_sam.c:4520(pdb_init_ipasam)
Jan 26 16:49:17 . smbd[26597]: Failed to get base DN.
Jan 26 16:49:17 . smbd[26597]: [2016/01/26 16:49:17.955685, 0] ../source3/passdb/pdb_interface.c:179(make_pdb_method_name)
Jan 26 16:49:17 . smbd[26597]: pdb backend ipasam:ldapi://%2fvar%2frun%2fslapd-MHMRTC-LOCAL.socket did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
Jan 26 16:49:17 . systemd[1]: smb.service: main process exited, code=exited, status=1/FAILURE
Jan 26 16:49:17 . systemd[1]: Failed to start Samba SMB Daemon.
Jan 26 16:49:17 . systemd[1]: Unit smb.service entered failed state.
Jan 26 16:49:17 . systemd[1]: smb.service failed.

but I've
ipa service-add cifs/.@
and
ipa-getkeytab -s . -p cifs/. -k /etc/samba/samba.keytab
/etc/dirsrv/ds.keytab
/etc/krb5.keytab

Any help would be most appreciated!
Thank you,

Michael Le Fevers

ML
Log in to join the conversation

Responses

LT Newbie 10 points
11 October 2017 8:40 PM

I am experiencing the same problem. Is there a way to correct the problem?

LT Newbie 10 points
11 October 2017 9:23 PM

Found a way to get smb to start by adding the domain name to the host name, i.e. so that a "hostname" command returned the fully qualified host name.

ML Newbie 10 points
12 October 2017 3:19 PM

Didn't come to a resolution, project was dropped because some AD usernames didn't match application usernames, so we stayed with NIS. Another issue would have been the FQDN as the hostname, have another application that can't understand FQDN for the hostname.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.