Description of problem: Trying to get ipa with smb support running. Finished running ipa-adtrust-install with smb bailing so tried ipactrl restart. Version-Release number of selected component: samba-winbind-4.0.0-174.fc18 Additional info: backtrace_rating: 4 cmdline: /usr/sbin/winbindd crash_function: dump_core executable: /usr/sbin/winbindd kernel: 3.7.1-2.fc18.x86_64 remote_result: NOTFOUND uid: 0 Truncated backtrace: Thread no. 1 (10 frames) #2 dump_core at ../source3/lib/dumpcore.c:336 #3 smb_panic_s3 at ../source3/lib/util.c:833 #4 smb_panic at ../lib/util/fault.c:159 #5 pdb_get_methods at ../source3/passdb/pdb_interface.c:225 #7 pdb_capabilities at ../source3/passdb/pdb_interface.c:1225 #8 _lsa_EnumTrustedDomainsEx at ../source3/rpc_server/lsa/srv_lsa_nt.c:3912 #9 api_lsa_EnumTrustedDomainsEx at default/librpc/gen_ndr/srv_lsa.c:3912 #10 rpcint_dispatch at ../source3/rpc_server/rpc_ncacn_np.c:133 #11 rpcint_bh_raw_call_send at ../source3/rpc_server/rpc_ncacn_np.c:220 #12 dcerpc_binding_handle_raw_call_send at ../librpc/rpc/binding_handle.c:133
Created attachment 674922 [details] File: backtrace
Created attachment 674923 [details] File: cgroup
Created attachment 674924 [details] File: core_backtrace
Created attachment 674925 [details] File: dso_list
Created attachment 674926 [details] File: environ
Created attachment 674927 [details] File: limits
Created attachment 674928 [details] File: maps
Created attachment 674929 [details] File: open_fds
Created attachment 674930 [details] File: proc_pid_status
Created attachment 674931 [details] File: var_log_messages
Please show your /var/log/ipaserver-install.log. The requirement to start smb.service in this setup is to have ipa-adtrust-install run successfully.
Created attachment 674972 [details] ipa trustad install log Requested file.
In the log there is indicated success of ipa-adtrust-install run. Not sure what your original description of 'smb bailing' means then. In /var/log/messages I can see that winbindd was not able to authenticate to LDAP server using kerberos keytab and therefore everything failed. We can start from here. 1. Please show 'klist -k /etc/smb/samba.keytab' 2. Please show 'klist -c /run/samba/krb5cc_samba' 3. Try to authenticate using the samba.keytab and connect to the LDAP server manually as root (and show output here, replace dc=example,dc=com by correct DN): OLDKRB5CCNAME=$KRB5CCNAME export KRB5CCNAME=/run/samba/krb5cc_samba klist ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin export KRB5CCNAME=/tmp/test.ccache kinit -kt /etc/smb/samba.keytab klist ldapsearch -Y GSSAPI -b "dc=example,dc=com" uid=admin kdestroy export KRB5CCNAME=$OLDKRB5CCNAME One possible issue is that /run/samba/krb5cc_samba is from some old run and has a ticket obtained before re-install of FreeIPA (if any) so it is invalid and not accepted by the KDC.
Hi Alexander, I had been installing/uninstalling ipa and the adtrust parts since this was reported but was unable to get the winbind/smb piece to start. Then, as you suggested I removed the /run/samba/krb5cc_samba file and was able to carry on from "ipa-adtrust-install". Samba appears to be up and the testing shows it is ok. Sorry I have do not have it in a bad state to try the above. I will report back if it happens again. JES
Thanks. I tried to guard against these invalid tickets in the latest releases but sometimes the code is not robust enough. The case of multiple re-installs is rather edge case for testing/development purposes though. Feel free to close the bug.
May I ask if you can confirm that currently you can not have an IPA-to-IPA 2 way trust and that you can only have a IPA-to-AD trust? I have been trying that without success and did not want to keep trying if it is a known limitation. Thanks again, JES
IPA-to-AD is two-way trust. IPA-to-IPA trusts are not implemented yet. Feel free to file an RFE ticket in FreeIPA's Trac instance at https://fedorahosted.org/freeipa/.
Closing.
I have a Fedora 18 install on my company machine, set up to login using the Active Directory services. I got this same problem today, and I have nothing to do with IPA. However, abrt couldn't report the problem because it's the "duplicate" of this one...
Same here. Looking at backtrace it have something to do with printing. From logs: "PANIC: assert failed at ../source3/printing/printing.c(481): pjob->jobid == jobid"
Sorry, but there is no printing support in winbind at all.