After running ipa-server-install without issues, ipa-adtrust-install shows ipaserver.install.adtrustinstance: CRITICAL CIFS services failed to start and smb.service is reported failed. Reproducible: Always Steps to Reproduce: 1. Have a fresh Fedora rawhide VM (I used Fedora-Cloud-Base-Generic-Rawhide-20250821.n.0.x86_64.qcow2). 2. dnf install -y --setopt=install_weak_deps=False freeipa-server freeipa-server-trust-ad 3. ipa-server-install -U -r EXAMPLE.TEST -p Secret123 -a Secret123 --no-ntp 4. ipa-adtrust-install -a Secret123 --netbios-name=EXAMPLE -U 5. systemctl status smb.service --no-pager -l Actual Results: # ipa-adtrust-install -a Secret123 --netbios-name=EXAMPLE -U The log file for this installation can be found in /var/log/ipaserver-adtrust-install.log ============================================================================== This program will setup components needed to establish trust to AD domains for the IPA Server. This includes: * Configure Samba * Add trust related objects to IPA LDAP server To accept the default shown in brackets, press the Enter key. WARNING: Realm name does not match the domain name. You will not be able to establish trusts with Active Directory unless the realm name of the IPA server matches its domain name. WARNING: The smb.conf already exists. Running ipa-adtrust-install will break your existing samba configuration. Current NetBIOS domain name is FOXVIRT, new name is EXAMPLE. Please note that changing the NetBIOS name might break existing trust relationships. NetBIOS domain name will be changed to EXAMPLE. Configuring CIFS [1/23]: validate server hostname [2/23]: stopping smbd [3/23]: adding RID bases RID bases already set, nothing to do [4/23]: creating samba domain object Reset NetBIOS domain name [5/23]: retrieve local idmap range [6/23]: writing samba config file [7/23]: creating samba config registry [8/23]: adding cifs Kerberos principal [9/23]: adding cifs and host Kerberos principals to the adtrust agents group [10/23]: check for cifs services defined on other replicas [11/23]: adding cifs principal to S4U2Proxy targets [12/23]: adding admin(group) SIDs Admin SID already set, nothing to do Admin group SID already set, nothing to do [13/23]: updating Kerberos config 'dns_lookup_kdc' already set to 'true', nothing to do. [14/23]: activating CLDAP plugin [15/23]: activating sidgen task Sidgen task plugin already configured, nothing to do [16/23]: map BUILTIN\Guests to nobody group [17/23]: configuring smbd to start on boot [18/23]: restarting Directory Server to take MS PAC and LDAP plugins changes into account [19/23]: adding fallback group Fallback group already set, nothing to do [20/23]: adding Default Trust View [21/23]: setting SELinux booleans [22/23]: starting CIFS services ipaserver.install.adtrustinstance: CRITICAL CIFS services failed to start [23/23]: restarting smbd Done configuring CIFS. DNS management was not enabled at install time. Add the following service records to your DNS server for DNS zone example.com: _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.example.com. 3600 IN SRV 0 100 389 ipa-fedora-rawhide.example.com. _ldap._tcp.dc._msdcs.example.com. 3600 IN SRV 0 100 389 ipa-fedora-rawhide.example.com. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.example.com. 3600 IN SRV 0 100 88 ipa-fedora-rawhide.example.com. _kerberos._udp.Default-First-Site-Name._sites.dc._msdcs.example.com. 3600 IN SRV 0 100 88 ipa-fedora-rawhide.example.com. _kerberos._tcp.dc._msdcs.example.com. 3600 IN SRV 0 100 88 ipa-fedora-rawhide.example.com. _kerberos._udp.dc._msdcs.example.com. 3600 IN SRV 0 100 88 ipa-fedora-rawhide.example.com. ============================================================================= Setup complete You must make sure these network ports are open: TCP Ports: * 135: epmap * 138: netbios-dgm * 139: netbios-ssn * 445: microsoft-ds * 1024..1300: epmap listener range * 3268: msft-gc UDP Ports: * 138: netbios-dgm * 139: netbios-ssn * 389: (C)LDAP * 445: microsoft-ds See the ipa-adtrust-install(1) man page for more details ============================================================================= # systemctl status smb.service --no-pager -l × smb.service - Samba SMB Daemon Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: failed (Result: exit-code) since Fri 2025-08-22 06:12:20 UTC; 1min 1s ago Invocation: 2d8f807177fd42cfb5ad4b2770bf80a0 Docs: man:smbd(8) man:samba(7) man:smb.conf(5) Process: 9721 ExecStart=/usr/bin/smbd --foreground --no-process-group $SMBDOPTIONS (code=exited, status=1/FAILURE) Main PID: 9721 (code=exited, status=1/FAILURE) Status: "Starting process..." Mem peak: 4.6M CPU: 45ms Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: [2025/08/22 06:12:20.682033, 0, pid=9721] ../../source3/passdb/pdb_interface.c:70(smb_register_passdb) Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: Can't register passdb backend! Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: You tried to register a passdb module with PASSDB_INTERFACE_VERSION 25, while this version of samba uses version 30 Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: [2025/08/22 06:12:20.682117, 0, pid=9721] ../../lib/util/modules.c:171(load_module_absolute_path) Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: load_module_absolute_path: Module '/usr/lib64/samba/pdb/ipasam.so' initialization failed: {Wrong Type} There is a mismatch between the type of object that is required by the requested operation and the type of object that is specified in the request. Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: [2025/08/22 06:12:20.682240, 0, pid=9721] ../../source3/passdb/pdb_interface.c:173(make_pdb_method_name) Aug 22 06:12:20 ipa-fedora-rawhide.example.com smbd[9721]: No builtin nor plugin backend for ipasam found Aug 22 06:12:20 ipa-fedora-rawhide.example.com systemd[1]: smb.service: Main process exited, code=exited, status=1/FAILURE Aug 22 06:12:20 ipa-fedora-rawhide.example.com systemd[1]: smb.service: Failed with result 'exit-code'. Aug 22 06:12:20 ipa-fedora-rawhide.example.com systemd[1]: Failed to start smb.service - Samba SMB Daemon. Expected Results: No error, all services reported as running. Additional Information: Reporting against freeipa because the shared library from the Samba service error seems to come from FreeIPA: # rpm -qf /usr/lib64/samba/pdb/ipasam.so freeipa-server-trust-ad-4.12.2-15.fc44.2.x86_64
FEDORA-2025-054fe5a58f (freeipa-4.12.2-17.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-054fe5a58f
FEDORA-2025-77d6f1b848 (freeipa-4.12.2-17.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2025-77d6f1b848
FEDORA-2025-77d6f1b848 (freeipa-4.12.2-17.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2025-054fe5a58f (freeipa-4.12.2-17.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.