Domain Controller service will not start

[Ben Smith]

Hi,

My first foray into the FreeNAS world. I've installed 9.10.2 and configured the basic network settings but I'm stuck trying to get the Domain Controller service configured so FreeNAS acts as Active Directory PDC.

I've entered the domain controller configuration based on the details given by Erez in this thread
https://forums.freenas.org/index.php?threads/setup-freenas-as-primary-domain-controller.41530/

But when I turn it on I get the following messages in /var/log/messages:

Code:

Dec 28 16:14:57 maharet DomainController: /usr/sbin/service ix-kerberos quietstart
Dec 28 16:14:57 maharet DomainController: /usr/sbin/service ix-resolv quietstart
Dec 28 16:14:58 maharet DomainController: /usr/sbin/service ix-nsswitch quietstart
Dec 28 16:14:58 maharet DomainController: /usr/sbin/service ix-pam quietstart
Dec 28 16:14:58 maharet DomainController: /usr/local/bin/python /usr/local/bin/midclt call notifier.start cifs
Dec 28 16:14:58 maharet notifier: Failed to provision domain
Dec 28 16:14:58 maharet notifier: Unable to figure out SID, things are seriously jacked!
Dec 28 16:14:58 maharet notifier: Unable to set SID to None
Dec 28 16:14:58 maharet notifier: Performing sanity check on Samba configuration: OK
Dec 28 16:14:58 maharet notifier: Starting samba.
Dec 28 16:14:58 maharet notifier: pdb backend samba_dsdb did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
Dec 28 16:14:58 maharet notifier: WARNING: Could not open passdb
Dec 28 16:14:59 maharet kernel: pid 42529 (winbindd), uid 0: exited on signal 6 (core dumped)

I'm guessing the 'Failed to provision domain' is fatal and then the rest of samba is starting in a half-cocked fashion because there is no domain controller.

I've hunted around on these forums and googled around samba configuration too but not got anywhere.

This post
https://forums.freenas.org/index.php?threads/freenas-as-samba-primary-domain-controler.18952/
suggests if it was working net ads status would give useful information but all I get is 'No logon servers'.

net getlocalsid gives

Code:

pdb backend samba_dsdb did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
WARNING: Could not open passdb

A lot of the samba documentation discusses using samba-tool to create basic configuration but running this through SSH I get a traceback with the message ImportError: cannot import name dsdb_dns

The messages seem to point to samba either not being able to find it's components or the configuration not being complete.

Can anyone point me in the right direction?

Thanks

 

[dlavigne]

wrt samba-tool, seehttps://bugs.freenas.org/issues/12956#note-8.

As for the configuration, have you read through https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller?

 

[Ben Smith]

Looking at that bug report it seems to indicate samba-tool ntacl will give a traceback, but I'm getting a traceback with any attempt to run samba-tool.

I went back and installed 9.10 release version. samba-tool in that version works and
net getlocalsid (before any configuration) gives

Code:

SID for domain FREENAS is: <GUID>

Going through the same configuration steps in the GUI (with a few slight interface variations), it seemed to create a lot more configuration - all the different samba private databases which I believe are normally generated by running samba-tool domain provision were created. When I'd set up the domain services under 9.10.2 the samba configuration directory was empty.

I'll do some more digging, but it looks to me like somewhere between 9.10 and 9.10.2 something in the samba subsystem has broken. samba-tool appears central to configuring the samba domain and I can't see how I could've messed it up from a clean install.

And apologies for the slow response, got taken out with the flu over New Year. :-(

 

[dlavigne]

Do you think it is related to https://bugs.freenas.org/issues/12956#note-8?

 

[microbial]

More likely https://bugs.freenas.org/issues/20041, for the samba-tool at least

 

[ant0nwax]

i have the same beautiful challange for you, the latest STABLE seems not too STABLE for me... i decided to contribute since there are not too many people talking about this topic...

I would like to run a Domain Controller Too, and it was working before with some version 9.10
9.10.2 shows the same behaviour here on my setup (it is an older HP Microserver)
I just installed everything fresh today since I changed the domain name :) first of all i ruined the old installation during the domain migration
now the new installation does not want to start the DC

Code:

Jan 14 21:09:31 antnas DomainController: /usr/sbin/service ix-kerberos quietstop
Jan 14 21:09:31 antnas DomainController: /usr/sbin/service ix-nsswitch quietstop
Jan 14 21:09:32 antnas DomainController: /usr/sbin/service ix-pam quietstop
Jan 14 21:09:32 antnas DomainController: /usr/sbin/service ix-cache quietstop &
Jan 14 21:09:34 antnas DomainController: /usr/sbin/service samba_server forcestop
Jan 14 21:09:36 antnas DomainController: /usr/sbin/service ix-pre-samba start
Jan 14 21:09:43 antnas DomainController: /usr/sbin/service ix-resolv quietstop
Jan 14 21:09:48 antnas DomainController: /usr/sbin/service ix-kerberos quietstart
Jan 14 21:09:49 antnas DomainController: /usr/sbin/service ix-resolv quietstart
Jan 14 21:09:50 antnas DomainController: /usr/sbin/service ix-nsswitch quietstart
Jan 14 21:09:50 antnas DomainController: /usr/sbin/service ix-pam quietstart
Jan 14 21:09:51 antnas DomainController: /usr/local/bin/python /usr/local/bin/midclt call notifier.start cifs
Jan 14 21:09:53 antnas notifier: Failed to provision domain
Jan 14 21:09:53 antnas notifier: Unable to figure out SID, things are seriously jacked!
Jan 14 21:09:53 antnas notifier: Unable to set SID to None
Jan 14 21:09:54 antnas notifier: Performing sanity check on Samba configuration: OK
Jan 14 21:09:54 antnas notifier: Starting samba.
Jan 14 21:09:54 antnas notifier: ldb: dsdb_get_schema: refresh_fn() failed
Jan 14 21:09:54 antnas notifier: ldb: schema_load_init: dsdb_get_schema failed
Jan 14 21:09:54 antnas notifier: ldb: module schema_load initialization failed : Operations error
Jan 14 21:09:54 antnas notifier: ldb: module rootdse initialization failed : Operations error
Jan 14 21:09:54 antnas notifier: ldb: module samba_dsdb initialization failed : Operations error
Jan 14 21:09:54 antnas notifier: ldb: Unable to load modules for /var/db/samba4/private/sam.ldb: schema_load_init: dsdb_get_schema failed
Jan 14 21:09:54 antnas notifier: samdb_connect failed
Jan 14 21:09:54 antnas notifier: pdb backend samba_dsdb did not correctly init (error was NT_STATUS_INTERNAL_ERROR)
Jan 14 21:09:54 antnas notifier: WARNING: Could not open passdb
Jan 14 21:09:55 antnas kernel: pid 7781 (winbindd), uid 0: exited on signal 6 (core dumped)

ask me and I try to help the with the best effort, I would also like to get my domain running again, its not critical, it is a game :)

 

[ant0nwax]

tried the latest NIGHLTY... SAME

[root@antnas] ~# service ix-pre-samba restart
pdb backend samba_dsdb did not correctly init (error was NT_STATUS_UNSUCCESSFUL)
WARNING: Could not open passdb
Failed to provision domain
Unable to figure out SID, things are seriously jacked!
Unable to set SID to None
[root@antnas] ~#

 

[ant0nwax]

https://forums.freenas.org/index.ph...rary-dsdb_dns-so-on-9-10-2.49484/#post-341150

 

[Ben Smith]

Thanks microbial & ant0nwax. Issue 20041 definitely looks to be tracking the issues I'm seeing.

I've reverted to 9.10.1.U4 which was before the samba version update that's caused the issue. Will watch the issue and await a resolution before updating to anything newer.

 

[jstam]

Hey guys, I'm looking at setting up a domain controller. Did any of you have the chance to revisit the issue and verify that it was fixed?