Error to start winbind service - unable to initialize domain list - Could not fetch our SID - did we join?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 9
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 7
  • Winbind

Issue

After joining RHEL using Winbind and attempting to start the winbind service, the following error is displayed on winbind status:

Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   Could not fetch our SID - did we join?
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]: [2024/03/25 23:53:08.457103,  0] ../../source3/winbindd/winbindd.c:1178(winbindd_register_handlers)
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   unable to initialize domain list
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: winbind.service: Main process exited, code=exited, status=1/FAILURE
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: winbind.service: Failed with result 'exit-code'.
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: Failed to start Samba Winbind Daemon.

Resolution

The workgroup name (NetBIOS domain name) is not correct. look for the correct NetBios by running:

NOTE: in this example, the domain is ad.domain.local.

# tdbdump /var/lib/samba/private/secrets.tdb
{
key(34) = "SECRETS/MACHINE_PASSWORD/AD-DOMAIN"
data(356) = "\E7\BD\A3\E6\80\BA\E2\8B\AC\EB\AA\8F\E2\B5\9D\EA\85\B7\EA\8C\AE\E3\86\91\E6\8B\8C\EA\82\83\E2\AC\A4\EF\B7\A3\E3\80\9D\EE\A5\BE\E6\95\85\EE\8C\91\EB\8E\AC\E7\99\BD\EE\8B\83\EF\8A\9C\E7\A5\BA\EF\B2\BF\EB\BA\A5\E7\AD\AD\E3\AD\8D\E2\BA\96\E7\AD\B9\E7\B5\BE\EA\B1\B4\E7\93\B5\EA\BB\8D\EF\98\A3\E7\83\A6\EF\B2\98\E6\8A\A5\D6\A1\E7\A8\AD\E6\B2\B7\D7\9B\EA\9F\8F\EF\B8\BC\EB\A2\AD\EE\BF\A5\E7\9E\93\EE\91\83\E6\80\95\EF\AE\B1\EE\A7\A5\EA\AE\8C\EA\A9\A5\E3\B4\88\EE\B4\9B\E6\8F\84\EA\B8\B0\EA\9B\A4\EA\AD\81\E2\B7\B9\EB\BE\B9\EF\81\83\E6\8C\A2\EF\A7\BE\EB\AA\86\DA\9B\E3\AC\9C\EA\82\9E\EB\90\8F\E6\85\A5\D5\A4\C7\B0\E7\A9\8E\EE\AF\9F\EA\AB\8A\EB\BE\91\E3\AB\83\E7\9D\B3\E3\BC\87\E6\B5\99\E6\AA\A6\E7\A2\9B\EE\A1\B6\EA\BF\83\E7\8B\AC\E3\BA\BF\E3\BD\BD\EE\94\84\E6\B5\AD\E7\AC\BC\EB\BE\BF\E3\86\98\E6\B0\A1\E6\B3\95\E7\8F\A0\E7\BC\A8\E7\A6\9B\EB\98\A3\EB\A4\88\E6\9E\87\E3\9F\A0\E6\83\BA\E2\94\A0\E2\A3\BD\EB\BB\8D\E3\B2\A7\EE\A3\9E\EB\8E\A7\E7\8C\84\E3\A4\90\EE\A5\A2\E6\94\A5\E6\A4\91\EA\9B\96\E6\BD\B8\E2\B5\82\E6\82\A4\E2\91\83\EA\93\9E\EA\A0\B6\EF\B3\B1\E6\A0\B0\E2\8C\91\00"
}
{
key(21) = "SECRETS/SID/AD-DOMAIN"
data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00\8E\C0\8Cm\83\BD\87\F3b\EF\22j\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00"
}

Open the /etc/samba/smb.conf and correct:

...
workgroup = AD-DOMAIN
...
idmap config AD-DOMAIN : backend = sss
idmap config AD-DOMAIN: range = 200000-2147483647
...

Root Cause

The workgroup name (NetBIOS domain name) is incorrect.

Diagnostic Steps

Check the log in /var/log/messsages:

# less /var/log/messages
....
Mar 25 11:59:12 rhel9sssdwinb.ad.domain.local winbindd[36064]: [2024/03/25 11:59:12.853276,  0] ../../source3/winbindd/winbindd_util.c:1235(init_domain_list)
Mar 25 11:59:12 rhel9sssdwinb.ad.domain.local winbindd[36064]:  Could not fetch our SID - did we join?
Mar 25 11:59:12 rhel9sssdwinb.ad.domain.local winbindd[36064]: [2024/03/25 11:59:12.853304,  0] ../../source3/winbindd/winbindd.c:1178(winbindd_register_handlers)
Mar 25 11:59:12 rhel9sssdwinb.ad.domain.local winbindd[36064]:  unable to initialize domain list

Also, check the winbind status:

[root@rhel9sssdwinb ~]# systemctl status winbind.service 
× winbind.service - Samba Winbind Daemon
     Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Mon 2024-03-25 23:53:08 -03; 10s ago
       Docs: man:winbindd(8)
             man:samba(7)
             man:smb.conf(5)
    Process: 33664 ExecStart=/usr/sbin/winbindd --foreground --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
   Main PID: 33664 (code=exited, status=1/FAILURE)
     Status: "Starting process..."
        CPU: 23ms

Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   Copyright Andrew Tridgell and the Samba Team 1992-2023
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]: [2024/03/25 23:53:08.456197,  0] ../../source3/winbindd/winbindd_cache.c:3117(initialize_winbindd_cache)
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]: [2024/03/25 23:53:08.457042,  0] ../../source3/winbindd/winbindd_util.c:1235(init_domain_list)
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   Could not fetch our SID - did we join?
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]: [2024/03/25 23:53:08.457103,  0] ../../source3/winbindd/winbindd.c:1178(winbindd_register_handlers)
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local winbindd[33664]:   unable to initialize domain list
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: winbind.service: Main process exited, code=exited, status=1/FAILURE
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: winbind.service: Failed with result 'exit-code'.
Mar 25 23:53:08 rhel9sssdwinb.ad.domain.local systemd[1]: Failed to start Samba Winbind Daemon.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments