Active Directory Startup Issue
Description
Problem/Justification
Impact
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
Andrew Walker November 13, 2019 at 5:23 PM
It's unclear what caused permissions on that file to change. In the future if it happens again, it should be sufficient to simply chmod msg.sock without removing the entire contents of /var/db/samba4. That contains samba's state and private directories. Deleting them will remove ids allocated by the default idmap backend for BUILTIN accounts, which can lead to permissions problems if they have been used anywhere.
Tim Sullivan November 13, 2019 at 5:04 PM
So I did the following (thors hammer):
Try using the hammer of Thor.
Code:service samba_server onestop
tar -cvzf /var/log/samba4_backup.tgz /var/db/samba4/
rm -rf /var/db/samba4/*
service ix-pre-samba start
service samba_server onestart
Then:
chmod msg.sock 0700
and finally a reboot. AD successfully started up. Wish I knew what went sideways in the first place :|
Tim Sullivan November 13, 2019 at 4:03 PM
These are my permissions, which look off to me:
root@natssp04:/var/db/samba4 # ls -al
total 159
drwxr-xr-x+ 4 21120 dataowners 10 Nov 13 07:09 .
drwxrwxr-x+ 11 21120 dataowners 13 Nov 13 08:13 ..
-rwxrwxr-x+ 1 21120 dataowners 0 Mar 23 2019 .usersimported
-rwxrwxr-x+ 1 21120 dataowners 421888 Mar 23 2019 account_policy.tdb
-rwxrwxr-x+ 1 21120 dataowners 430080 Mar 23 2019 group_mapping.tdb
drwx------+ 3 21120 dataowners 7 Mar 23 2019 private
-rwxrwxr-x+ 1 21120 dataowners 528384 Mar 23 2019 registry.tdb
-rwxrwxr-x+ 1 21120 dataowners 421888 Mar 23 2019 share_info.tdb
-rwxrwxr-x+ 1 21120 dataowners 421888 Mar 27 2019 winbindd_idmap.tdb
drwxrwxr-x+ 2 21120 dataowners 3 Mar 23 2019 winbindd_privileged
root@natssp04:/var/db/samba4 # cd private
root@natssp04:/var/db/samba4/private # ls -al
total 106
drwx------+ 3 21120 dataowners 7 Mar 23 2019 .
drwxr-xr-x+ 4 21120 dataowners 10 Nov 13 07:09 ..
drwxrwxr-x+ 2 21120 dataowners 20 Apr 2 2019 msg.sock
-rwxrwxr-x+ 1 21120 dataowners 28672 Apr 2 2019 netlogon_creds_cli.tdb
-rwxrwxr-x+ 1 21120 dataowners 421888 Mar 23 2019 passdb.tdb
-rwxrwxr-x+ 1 21120 dataowners 1286144 Mar 23 2019 secrets.ldb
-rwxrwxr-x+ 1 21120 dataowners 430080 Mar 30 2019 secrets.tdb
root@natssp04:/var/db/samba4/private #
Tim Sullivan November 13, 2019 at 3:47 PM
Found this article along the lines of the message i see in the previous output, but didn't want to make changes that might impact any other troubleshooting:
https://www.linuxquestions.org/questions/linux-server-73/cannot-start-samba-4175625224/
Tim Sullivan November 13, 2019 at 3:24 PM
Hi Andrew. Thanks for the quick triage. Here is the requested output:
root@natssp04:~ # smbd -i -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
smbd version 4.9.13 started.
Copyright Andrew Tridgell and the Samba Team 1992-2018
uid=0 gid=0 euid=0 egid=0
Paths:
SBINDIR: /usr/local/sbin
BINDIR: /usr/local/bin
CONFIGFILE: /usr/local/etc/smb4.conf
LOGFILEBASE: /var/log/samba4
LMHOSTSFILE: /usr/local/etc/lmhosts
LIBDIR: /usr/local/lib/samba4
MODULESDIR: /usr/local/lib/shared-modules
SHLIBEXT: so
LOCKDIR: /var/run/samba4
STATEDIR: /var/db/samba4
CACHEDIR: /var/run/samba4
PIDDIR: /var/run/samba4
SMB_PASSWD_FILE: /var/db/samba4/private/smbpasswd
PRIVATE_DIR: /var/db/samba4/private
BINDDNS_DIR: /var/run/samba4/bind-dns
System Headers:
HAVE_SYS_ACL_H
HAVE_SYS_CAPABILITY_H
HAVE_SYS_CDEFS_H
HAVE_SYS_DIR_H
HAVE_SYS_ENDIAN_H
HAVE_SYS_EXTATTR_H
HAVE_SYS_FCNTL_H
HAVE_SYS_FILE_H
HAVE_SYS_FILIO_H
HAVE_SYS_INOTIFY_H
HAVE_SYS_IOCTL_H
HAVE_SYS_IPC_H
HAVE_SYS_MD5_H
HAVE_SYS_MMAN_H
HAVE_SYS_MOUNT_H
HAVE_SYS_PARAM_H
HAVE_SYS_PRIV_H
HAVE_SYS_QUOTAS
HAVE_SYS_RESOURCE_H
HAVE_SYS_SELECT_H
HAVE_SYS_SHM_H
HAVE_SYS_SOCKET_H
HAVE_SYS_SOCKIO_H
HAVE_SYS_STATVFS_H
HAVE_SYS_STAT_H
HAVE_SYS_SYSCALL_H
HAVE_SYS_SYSCTL_H
HAVE_SYS_SYSLOG_H
HAVE_SYS_TERMIOS_H
HAVE_SYS_TIMEB_H
HAVE_SYS_TIMES_H
HAVE_SYS_TIME_H
HAVE_SYS_TYPES_H
HAVE_SYS_UCONTEXT_H
HAVE_SYS_UIO_H
HAVE_SYS_UNISTD_H
HAVE_SYS_UN_H
HAVE_SYS_UTSNAME_H
HAVE_SYS_WAIT_H
Headers:
HAVE_AIO_H
HAVE_ARCHIVE_H
HAVE_ARPA_INET_H
HAVE_ARPA_NAMESER_H
HAVE_ASSERT_H
HAVE_COM_ERR_H
HAVE_CONFIG_H
HAVE_CTYPE_H
HAVE_CURSES_H
HAVE_DIRENT_H
HAVE_DLFCN_H
HAVE_DNS_SD_H
HAVE_ERRNO_H
HAVE_ERR_H
HAVE_EXECINFO_H
HAVE_FAM_H
HAVE_FCNTL_H
HAVE_FLOAT_H
HAVE_FNMATCH_H
HAVE_FORM_H
HAVE_FREEBSD_SUNACL_H
HAVE_FTW_H
HAVE_GETOPT_H
HAVE_GLOB_H
HAVE_GNUTLS_GNUTLS_H
HAVE_GNUTLS_X509_H
HAVE_GRP_H
HAVE_GSSAPI_GSSAPI_H
HAVE_GSSAPI_GSSAPI_KRB5_H
HAVE_GSSAPI_GSSAPI_SPNEGO_H
HAVE_ICONV_H
HAVE_IFADDRS_H
HAVE_INTTYPES_H
HAVE_KRB5_H
HAVE_KRB5_LOCATE_PLUGIN_H
HAVE_LANGINFO_H
HAVE_LBER_H
HAVE_LDAP_H
HAVE_LIBGEN_H
HAVE_LIBUTIL_H
HAVE_LIMITS_H
HAVE_LOCALE_H
HAVE_MEMORY_H
HAVE_MENU_H
HAVE_NCURSES_H
HAVE_NETDB_H
HAVE_NETINET_IN_H
HAVE_NETINET_IN_SYSTM_H
HAVE_NETINET_IP_H
HAVE_NETINET_TCP_H
HAVE_NET_IF_H
HAVE_NSSWITCH_H
HAVE_NSS_H
HAVE_PANEL_H
HAVE_POLL_H
HAVE_POPT_H
HAVE_PTHREAD_H
HAVE_PWD_H
HAVE_PYTHON_H
HAVE_READLINE_HISTORY_H
HAVE_READLINE_READLINE_H
HAVE_RESOLV_H
HAVE_RPCSVC_NIS_H
HAVE_RPCSVC_RQUOTA_H
HAVE_RPCSVC_YPCLNT_H
HAVE_RPC_NETTYPE_H
HAVE_RPC_RPC_H
HAVE_RPC_TYPES_H
HAVE_SASL_SASL_H
HAVE_SECURITY_PAM_APPL_H
HAVE_SECURITY_PAM_MODULES_H
HAVE_SETJMP_H
HAVE_SIGNAL_H
HAVE_STDARG_H
HAVE_STDBOOL_H
HAVE_STDDEF_H
HAVE_STDINT_H
HAVE_STDIO_H
HAVE_STDLIB_H
HAVE_STRINGS_H
HAVE_STRING_H
HAVE_SUNACL_H
HAVE_SYSLOG_H
HAVE_TERMCAP_H
HAVE_TERMIOS_H
HAVE_TERM_H
HAVE_TIME_H
HAVE_UFS_UFS_QUOTA_H
HAVE_UNISTD_H
HAVE_UTIME_H
HAVE_ZLIB_H
UTMP Options:
HAVE_UTMPX_H
HAVE_* Defines:
HAVE_64_BIT_SIZE_T_FOR_LMDB
HAVE_ACL
HAVE_ACL_EVERYONE
HAVE_ACL_GET_FILE
HAVE_ACL_GET_PERM_NP
HAVE_ADDR_TYPE_IN_KRB5_ADDRESS
HAVE_AESNI_INTEL
HAVE_AP_OPTS_USE_SUBKEY
HAVE_ARCHIVE_READ_FREE
HAVE_ARCHIVE_READ_SUPPORT_FILTER_ALL
HAVE_ASPRINTF
HAVE_ATEXIT
HAVE_BACKTRACE
HAVE_BACKTRACE_SYMBOLS
HAVE_BASENAME
HAVE_BER_SCANF
HAVE_BER_SOCKBUF_ADD_IO
HAVE_BER_TAG_T
HAVE_BLKCNT_T
HAVE_BLKSIZE_T
HAVE_BOOL
HAVE_BSD_STRTOLL
HAVE_BZERO
HAVE_C99_VSNPRINTF
HAVE_CGETENT
HAVE_CHARSET_CP850
HAVE_CHARSET_UTF_8
HAVE_CHECKSUM_IN_KRB5_CHECKSUM
HAVE_CHFLAGS
HAVE_CHMOD
HAVE_CHOWN
HAVE_CHROOT
HAVE_CLOCK_GETTIME
HAVE_CLOCK_MONOTONIC
HAVE_CLOCK_PROCESS_CPUTIME_ID
HAVE_CLOCK_REALTIME
HAVE_CLOSEFROM
HAVE_CMOCKA
HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS
HAVE_CONNECT
HAVE_CONSTRUCTOR_ATTRIBUTE
HAVE_CRYPT
HAVE_DECL_ASPRINTF
HAVE_DECL_DLOPEN
HAVE_DECL_EWOULDBLOCK
HAVE_DECL_FDATASYNC
HAVE_DECL_GETGRENT_R
HAVE_DECL_GETPWENT_R
HAVE_DECL_GETTIMEOFDAY
HAVE_DECL_GNUTLS_CERT_EXPIRED
HAVE_DECL_GNUTLS_CERT_NOT_ACTIVATED
HAVE_DECL_GNUTLS_CERT_UNEXPECTED_OWNER
HAVE_DECL_H_ERRNO
HAVE_DECL_KRB5_AUTH_CON_SET_REQ_CKSUMTYPE
HAVE_DECL_KRB5_GET_CREDENTIALS_FOR_USER
HAVE_DECL_MALLOC
HAVE_DECL_PTHREAD_MUTEX_ROBUST
HAVE_DECL_READAHEAD
HAVE_DECL_RL_EVENT_HOOK
HAVE_DECL_SNPRINTF
HAVE_DECL_STRPTIME
HAVE_DECL_VASPRINTF
HAVE_DECL_VSNPRINTF
HAVE_DECL__RES
HAVE_DESTRUCTOR_ATTRIBUTE
HAVE_DES_PCBC_ENCRYPT
HAVE_DEVICE_MAJOR_FN
HAVE_DEVICE_MINOR_FN
HAVE_DIRFD
HAVE_DIRFD_DECL
HAVE_DIRNAME
HAVE_DLCLOSE
HAVE_DLERROR
HAVE_DLOPEN
HAVE_DLSYM
HAVE_DNSSERVICEREGISTER
HAVE_DN_EXPAND
HAVE_DPRINTF
HAVE_DUP2
HAVE_ENCTYPE_AES128_CTS_HMAC_SHA1_96
HAVE_ENCTYPE_AES256_CTS_HMAC_SHA1_96
HAVE_ENCTYPE_ARCFOUR_HMAC
HAVE_ENCTYPE_ARCFOUR_HMAC_MD5
HAVE_ENCTYPE_ARCFOUR_HMAC_MD5_56
HAVE_ENDHOSTENT
HAVE_ERR
HAVE_ERRNO_DECL
HAVE_ERRX
HAVE_ETYPE_IN_ENCRYPTEDDATA
HAVE_EXECL
HAVE_EXTATTR_LIST_FD
HAVE_E_DATA_POINTER_IN_KRB5_ERROR
HAVE_FAM
HAVE_FAMNOEXISTS
HAVE_FAMOPEN2
HAVE_FAM_H_FAMCODES_TYPEDEF
HAVE_FCHMOD
HAVE_FCHOWN
HAVE_FCNTL_LOCK
HAVE_FDATASYNC
HAVE_FDATASYNC_DECL
HAVE_FDOPENDIR
HAVE_FLAGS_IN_KRB5_CREDS
HAVE_FLOCK
HAVE_FREEADDRINFO
HAVE_FREEHOSTENT
HAVE_FREEIFADDRS
HAVE_FREE_CHECKSUM
HAVE_FRSIZE
HAVE_FSEEKO
HAVE_FSID_INT
HAVE_FSTATAT
HAVE_FSYNC
HAVE_FTRUNCATE
HAVE_FTRUNCATE_EXTEND
HAVE_FUNCTION_MACRO
HAVE_FUTIMENS
HAVE_FUTIMES
HAVE_GAI_STRERROR
HAVE_GETADDRINFO
HAVE_GETCWD
HAVE_GETDENTS
HAVE_GETDIRENTRIES
HAVE_GETGRENT
HAVE_GETGRENT_R
HAVE_GETGRENT_R_DECL
HAVE_GETGRGID_R
HAVE_GETGRNAM
HAVE_GETGRNAM_R
HAVE_GETGROUPLIST
HAVE_GETHOSTBYADDR
HAVE_GETHOSTBYNAME
HAVE_GETHOSTBYNAME_R
HAVE_GETHOSTENT
HAVE_GETHOSTENT_R
HAVE_GETHOSTNAME
HAVE_GETIFADDRS
HAVE_GETIPNODEBYADDR
HAVE_GETIPNODEBYNAME
HAVE_GETNAMEINFO
HAVE_GETPAGESIZE
HAVE_GETPEEREID
HAVE_GETPGRP
HAVE_GETPROGNAME
HAVE_GETPWENT_R
HAVE_GETPWENT_R_DECL
HAVE_GETPWNAM
HAVE_GETPWNAM_R
HAVE_GETPWUID_R
HAVE_GETQUOTA_RSLT_GETQUOTA_RSLT_U
HAVE_GETRLIMIT
HAVE_GETTIMEOFDAY_TZ
HAVE_GETUTXENT
HAVE_GLOB
HAVE_GNUTLS
HAVE_GNUTLS3
HAVE_GNUTLS_3_4_7
HAVE_GNUTLS_AEAD
HAVE_GNUTLS_AEAD_CIPHER_INIT
HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS3
HAVE_GNUTLS_DATUM
HAVE_GNUTLS_DATUM_T
HAVE_GNUTLS_GLOBAL_INIT
HAVE_GNUTLS_X509_CRT_SET_SUBJECT_KEY_ID
HAVE_GNUTLS_X509_CRT_SET_VERSION
HAVE_GRANTPT
HAVE_GSSAPI
HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT
HAVE_GSSKRB5_GET_SUBKEY
HAVE_GSS_DISPLAY_STATUS
HAVE_GSS_EXPORT_CRED
HAVE_GSS_IMPORT_CRED
HAVE_GSS_INQUIRE_SEC_CONTEXT_BY_OID
HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
HAVE_GSS_KRB5_EXPORT_LUCID_SEC_CONTEXT
HAVE_GSS_KRB5_IMPORT_CRED
HAVE_GSS_OID_EQUAL
HAVE_GSS_WRAP_IOV
HAVE_HISTORY_LIST
HAVE_HSTRERROR
HAVE_H_ERRNO
HAVE_ICONV
HAVE_ICONV_ERRNO_ILLEGAL_MULTIBYTE
HAVE_ICONV_OPEN
HAVE_IFACE_GETIFADDRS
HAVE_IF_NAMETOINDEX
HAVE_IMMEDIATE_STRUCTURES
HAVE_INET_ATON
HAVE_INET_NTOA
HAVE_INET_NTOP
HAVE_INET_PTON
HAVE_INITGROUPS
HAVE_INITIALIZE_KRB5_ERROR_TABLE
HAVE_INITSCR
HAVE_INNETGR
HAVE_INOTIFY
HAVE_INOTIFY_INIT
HAVE_INO_T
HAVE_INT16_T
HAVE_INT32_T
HAVE_INT64_T
HAVE_INT8_T
HAVE_INTPTR_T
HAVE_IPV6
HAVE_IPV6_V6ONLY
HAVE_IRUSEROK
HAVE_ISATTY
HAVE_ITEM_COUNT
HAVE_JANSSON
HAVE_JSON_OBJECT
HAVE_KRB5
HAVE_KRB5_ADDRESSES
HAVE_KRB5_AUTH_CON_SETKEY
HAVE_KRB5_CC_COPY_CACHE
HAVE_KRB5_CC_GET_LIFETIME
HAVE_KRB5_CONFIG_GET_BOOL_DEFAULT
HAVE_KRB5_CREATE_CHECKSUM
HAVE_KRB5_CRYPTO
HAVE_KRB5_CRYPTO_DESTROY
HAVE_KRB5_CRYPTO_INIT
HAVE_KRB5_C_VERIFY_CHECKSUM
HAVE_KRB5_DATA_COPY
HAVE_KRB5_ENCTYPE_TO_STRING
HAVE_KRB5_ENCTYPE_TO_STRING_WITH_KRB5_CONTEXT_ARG
HAVE_KRB5_FREE_ERROR_CONTENTS
HAVE_KRB5_FREE_HOST_REALM
HAVE_KRB5_FWD_TGT_CREDS
HAVE_KRB5_GET_CREDS
HAVE_KRB5_GET_CREDS_OPT_ALLOC
HAVE_KRB5_GET_CREDS_OPT_SET_IMPERSONATE
HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES
HAVE_KRB5_GET_HOST_REALM
HAVE_KRB5_GET_INIT_CREDS_KEYBLOCK
HAVE_KRB5_GET_INIT_CREDS_OPT_ALLOC
HAVE_KRB5_GET_INIT_CREDS_OPT_FREE
HAVE_KRB5_GET_INIT_CREDS_OPT_GET_ERROR
HAVE_KRB5_GET_INIT_CREDS_OPT_SET_PAC_REQUEST
HAVE_KRB5_GET_PW_SALT
HAVE_KRB5_GET_RENEWED_CREDS
HAVE_KRB5_KEYBLOCK_INIT
HAVE_KRB5_KEYBLOCK_KEYVALUE
HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK
HAVE_KRB5_KRBHST_GET_ADDRINFO
HAVE_KRB5_KRBHST_INIT
HAVE_KRB5_KT_COMPARE
HAVE_KRB5_KT_FREE_ENTRY
HAVE_KRB5_KU_OTHER_CKSUM
HAVE_KRB5_MAKE_PRINCIPAL
HAVE_KRB5_MK_REQ_EXTENDED
HAVE_KRB5_PDU_NONE_DECL
HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM
HAVE_KRB5_PRINCIPAL_GET_COMP_STRING
HAVE_KRB5_PRINCIPAL_GET_NUM_COMP
HAVE_KRB5_PRINCIPAL_GET_REALM
HAVE_KRB5_PRINCIPAL_GET_TYPE
HAVE_KRB5_PRINCIPAL_SET_REALM
HAVE_KRB5_PRINCIPAL_SET_TYPE
HAVE_KRB5_PROMPT_TYPE
HAVE_KRB5_REALM_TYPE
HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES
HAVE_KRB5_SET_REAL_TIME
HAVE_KRB5_STRING_TO_KEY
HAVE_KRB5_STRING_TO_KEY_SALT
HAVE_KRB5_WARNX
HAVE_KRB_STRUCT_WINSIZE
HAVE_LARGEFILE
HAVE_LBER_LOG_PRINT_FN
HAVE_LCHOWN
HAVE_LDAP
HAVE_LDAP_ADD_RESULT_ENTRY
HAVE_LDAP_INIT
HAVE_LDAP_INITIALIZE
HAVE_LDAP_INIT_FD
HAVE_LDAP_OPT_SOCKBUF
HAVE_LDAP_SASL_WRAPPING
HAVE_LDAP_SET_REBIND_PROC
HAVE_LDB
HAVE_LDWRAP
HAVE_LIBARCHIVE
HAVE_LIBCRYPT
HAVE_LIBCRYPTO
HAVE_LIBDNS_SD
HAVE_LIBEXECINFO
HAVE_LIBFAM
HAVE_LIBFORM
HAVE_LIBGNUTLS
HAVE_LIBICONV
HAVE_LIBINOTIFY
HAVE_LIBJANSSON
HAVE_LIBKRB5
HAVE_LIBLBER
HAVE_LIBLDAP
HAVE_LIBMD
HAVE_LIBMENU
HAVE_LIBNCURSES
HAVE_LIBPAM
HAVE_LIBPANEL
HAVE_LIBPOPT
HAVE_LIBPTHREAD
HAVE_LIBREADLINE
HAVE_LIBREPLACE
HAVE_LIBRT
HAVE_LIBSUNACL
HAVE_LIBUTIL
HAVE_LIBZ
HAVE_LIBZFS
HAVE_LINK
HAVE_LINUX_INOTIFY
HAVE_LITTLE_ENDIAN
HAVE_LONGJMP
HAVE_LONG_LONG
HAVE_LSEEK_HOLE_DATA
HAVE_LSTAT
HAVE_LUTIMES
HAVE_MAKEDEV
HAVE_MD5INIT
HAVE_MEMCPY
HAVE_MEMMEM
HAVE_MEMMOVE
HAVE_MEMSET
HAVE_MKDIR_MODE
HAVE_MKDTEMP
HAVE_MKNOD
HAVE_MKTIME
HAVE_MLOCK
HAVE_MLOCKALL
HAVE_MMAP
HAVE_MUNLOCK
HAVE_MUNLOCKALL
HAVE_NANOSLEEP
HAVE_NATIVE_ICONV
HAVE_NCURSES
HAVE_NETGROUP
HAVE_NEW_FIELD
HAVE_NEW_FORM
HAVE_NEW_LIBREADLINE
HAVE_NEW_PANEL
HAVE_NFS_QUOTAS
HAVE_NFTW
HAVE_OPENAT
HAVE_OPENPTY
HAVE_OPEN_O_DIRECT
HAVE_PAM_GET_DATA
HAVE_PAM_RHOST
HAVE_PAM_START
HAVE_PAM_TTY
HAVE_PATHCONF
HAVE_PERL_MAKEMAKER
HAVE_PIPE
HAVE_POLL
HAVE_POPT
HAVE_POPTGETCONTEXT
HAVE_POSIX_ACLS
HAVE_POSIX_FADVISE
HAVE_POSIX_FALLOCATE
HAVE_POSIX_MEMALIGN
HAVE_POSIX_OPENPT
HAVE_PREAD
HAVE_PREAD_DECL
HAVE_PRINTF
HAVE_PTHREAD
HAVE_PTHREAD_ATTR_INIT
HAVE_PTHREAD_CREATE
HAVE_PTHREAD_MUTEXATTR_SETROBUST
HAVE_PTHREAD_MUTEX_CONSISTENT
HAVE_PTRDIFF_T
HAVE_PUTENV
HAVE_PUTUTXLINE
HAVE_PWRITE
HAVE_PWRITE_DECL
HAVE_PYLDB_UTIL
HAVE_PYTALLOC_UTIL
HAVE_QUOTACTL_4B
HAVE_RAND
HAVE_RANDOM
HAVE_RCMD
HAVE_READLINE_READLINE_WORKAROUND
HAVE_READLINK
HAVE_READV
HAVE_REALPATH
HAVE_RENAME
HAVE_RES_NDESTROY
HAVE_RES_NSEARCH
HAVE_RES_SEARCH
HAVE_RL_COMPLETION_MATCHES
HAVE_ROBUST_MUTEXES
HAVE_SA_FAMILY_T
HAVE_SA_SIGINFO_DECL
HAVE_SECURE_MKSTEMP
HAVE_SELECT
HAVE_SENDFILE
HAVE_SENDMSG
HAVE_SETBUFFER
HAVE_SETEGID
HAVE_SETENV
HAVE_SETENV_DECL
HAVE_SETEUID
HAVE_SETGID
HAVE_SETGROUPS
HAVE_SETHOSTENT
HAVE_SETITIMER
HAVE_SETLINEBUF
HAVE_SETLOCALE
HAVE_SETPGID
HAVE_SETPROCTITLE
HAVE_SETPROGNAME
HAVE_SETREGID
HAVE_SETRESGID
HAVE_SETRESGID_DECL
HAVE_SETRESUID
HAVE_SETRESUID_DECL
HAVE_SETREUID
HAVE_SETSID
HAVE_SETUID
HAVE_SET_MENU_ITEMS
HAVE_SHARED_MMAP
HAVE_SHMGET
HAVE_SHM_OPEN
HAVE_SHOW_PANEL
HAVE_SIGACTION
HAVE_SIGBLOCK
HAVE_SIGLONGJMP
HAVE_SIGPROCMASK
HAVE_SIGSET
HAVE_SIGSETMASK
HAVE_SIG_ATOMIC_T_TYPE
HAVE_SIMPLE_C_PROG
HAVE_SIZE_T
HAVE_SNPRINTF
HAVE_SOCKADDR_SA_LEN
HAVE_SOCKET
HAVE_SOCKETPAIR
HAVE_SOCKLEN_T
HAVE_SOCK_SIN6_LEN
HAVE_SOCK_SIN_LEN
HAVE_SRAND
HAVE_SRANDOM
HAVE_SSIZE_T
HAVE_SS_FAMILY
HAVE_STATVFS
HAVE_STATVFS_F_FLAG
HAVE_STAT_HIRES_TIMESTAMPS
HAVE_STAT_ST_BLKSIZE
HAVE_STAT_ST_BLOCKS
HAVE_STAT_ST_FLAGS
HAVE_STAT_TV_NSEC
HAVE_STPCPY
HAVE_STRCASECMP
HAVE_STRCASESTR
HAVE_STRCHR
HAVE_STRCPY
HAVE_STRDUP
HAVE_STRERROR
HAVE_STRERROR_R
HAVE_STRFTIME
HAVE_STRLCAT
HAVE_STRLCPY
HAVE_STRNCASECMP
HAVE_STRNCPY
HAVE_STRNDUP
HAVE_STRNLEN
HAVE_STRPBRK
HAVE_STRPTIME
HAVE_STRSEP
HAVE_STRSIGNAL
HAVE_STRTOK_R
HAVE_STRTOL
HAVE_STRTOLL
HAVE_STRTOQ
HAVE_STRTOULL
HAVE_STRTOUQ
HAVE_STRUCT_ADDRINFO
HAVE_STRUCT_IFADDRS
HAVE_STRUCT_MSGHDR_MSG_CONTROL
HAVE_STRUCT_SIGEVENT
HAVE_STRUCT_SIGEVENT_SIGEV_VALUE_SIGVAL_PTR
HAVE_STRUCT_SIGEVENT_SIGEV_VALUE_SIVAL_PTR
HAVE_STRUCT_SOCKADDR
HAVE_STRUCT_SOCKADDR_IN6
HAVE_STRUCT_SOCKADDR_SA_LEN
HAVE_STRUCT_SOCKADDR_STORAGE
HAVE_STRUCT_STAT_ST_BIRTHTIME
HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC
HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
HAVE_STRUCT_STAT_ST_RDEV
HAVE_STRUCT_TIMESPEC
HAVE_STRUCT_WINSIZE
HAVE_ST_RDEV
HAVE_SWAB
HAVE_SYMLINK
HAVE_SYSCALL
HAVE_SYSCONF
HAVE_SYSCTL
HAVE_SYSCTLBYNAME
HAVE_SYSLOG
HAVE_TALLOC
HAVE_TDB
HAVE_TEVENT
HAVE_TGETENT
HAVE_TIMEGM
HAVE_UCONTEXT_T
HAVE_UINT16_T
HAVE_UINT32_T
HAVE_UINT64_T
HAVE_UINT8_T
HAVE_UINTPTR_T
HAVE_UMASK
HAVE_UNAME
HAVE_UNIXSOCKET
HAVE_UNSETENV
HAVE_USLEEP
HAVE_UTIMBUF
HAVE_UTIME
HAVE_UTIMENSAT
HAVE_UTIMES
HAVE_U_CHAR
HAVE_U_INT32_T
HAVE_VASPRINTF
HAVE_VA_COPY
HAVE_VDPRINTF
HAVE_VISIBILITY_ATTR
HAVE_VOLATILE
HAVE_VSNPRINTF
HAVE_VSYSLOG
HAVE_WAIT4
HAVE_WAITPID
HAVE_WARN
HAVE_WARNX
HAVE_WNO_STRICT_OVERFLOW
HAVE_WNO_UNUSED_FUNCTION
HAVE_WRITEV
HAVE_WS_XPIXEL
HAVE_WS_YPIXEL
HAVE_XATTR_EXTATTR
HAVE_XATTR_SUPPORT
HAVE_YP_GET_DEFAULT_DOMAIN
HAVE_Z
HAVE_ZLIBVERSION
HAVE__Bool
HAVE__CHDIR
HAVE__CLOSE
HAVE__DUP
HAVE__DUP2
HAVE__FCHDIR
HAVE__FCNTL
HAVE__FORK
HAVE__FSTAT
HAVE__LSTAT
HAVE__OPEN
HAVE__READ
HAVE__RES
HAVE__STAT
HAVE_VA_ARGS_MACRO
HAVE__WRITE
HAVE__ATTRIBUTE_
HAVE___DN_EXPAND
HAVE___GETCWD
HAVE___SYNC_FETCH_AND_ADD
--with Options:
WITH_ADS
WITH_AUTOMOUNT
WITH_DNSSD_SUPPORT
WITH_DNS_UPDATES
WITH_PAM
WITH_PAM_MODULES
WITH_PTHREADPOOL
WITH_QUOTAS
WITH_SENDFILE
WITH_SYSLOG
WITH_WINBIND
Build Options:
AD_DC_BUILD_IS_ENABLED
AESNI_INTEL_CFLAGS
BROKEN_NISPLUS_INCLUDE_FILES
BSD_STYLE_STATVFS
CHECK_BUNDLED_SYSTEM_Z
COMPILER_SUPPORTS_LL
CONFIG_H_IS_FROM_SAMBA
DEFAULT_DOS_CHARSET
DEFAULT_UNIX_CHARSET
ENABLE_GNUTLS
EXPECTED_SYSTEM_LDB_VERSION_MAJOR
EXPECTED_SYSTEM_LDB_VERSION_MINOR
EXPECTED_SYSTEM_LDB_VERSION_RELEASE
FREEBSD
FREEBSD_SENDFILE_API
GETCWD_TAKES_NULL
HEIMDAL_KRB5_TYPES_PATH
INLINE_MACRO
KRB5_CREDS_OPT_FREE_REQUIRES_CONTEXT
KRB5_PRINC_REALM_RETURNS_REALM
LDAP_DEPRECATED
LDAP_SET_REBIND_PROC_ARGS
LIBREPLACE_NETWORK_CHECKS
REALPATH_TAKES_NULL
RETSIGTYPE
SAMBA4_USES_HEIMDAL
SAMBA_FAM_LIBS
SHLIBEXT
SIZEOF_BLKCNT_T_8
SIZEOF_BOOL
SIZEOF_CHAR
SIZEOF_DEV_T
SIZEOF_INO_T
SIZEOF_INT
SIZEOF_INT16_T
SIZEOF_INT32_T
SIZEOF_INT64_T
SIZEOF_INT8_T
SIZEOF_LONG
SIZEOF_LONG_LONG
SIZEOF_OFF_T
SIZEOF_SHORT
SIZEOF_SIZE_T
SIZEOF_SSIZE_T
SIZEOF_TIME_T
SIZEOF_UINT16_T
SIZEOF_UINT32_T
SIZEOF_UINT64_T
SIZEOF_UINT8_T
SIZEOF_VOID_P
SRCDIR
STAT_STATVFS
STAT_ST_BLOCKSIZE
STDC_HEADERS
STRERROR_R_XSI_NOT_GNU
STRING_STATIC_MODULES
SUMMARY_PASSES
SYSCONF_SC_NGROUPS_MAX
SYSCONF_SC_NPROCESSORS_ONLN
SYSCONF_SC_PAGESIZE
SYSTEM_UNAME_MACHINE
SYSTEM_UNAME_RELEASE
SYSTEM_UNAME_SYSNAME
SYSTEM_UNAME_VERSION
TALLOC_BUILD_VERSION_MAJOR
TALLOC_BUILD_VERSION_MINOR
TALLOC_BUILD_VERSION_RELEASE
TIME_WITH_SYS_TIME
USE_SETREUID
USING_SYSTEM_CMOCKA
USING_SYSTEM_LDB
USING_SYSTEM_PARSE_YAPP_DRIVER
USING_SYSTEM_POPT
USING_SYSTEM_PYLDB_UTIL
USING_SYSTEM_PYTALLOC_UTIL
USING_SYSTEM_PYTDB
USING_SYSTEM_PYTEVENT
USING_SYSTEM_TALLOC
USING_SYSTEM_TDB
USING_SYSTEM_TEVENT
USING_SYSTEM_ZLIB
VALUEOF_NSIG
VALUEOF_SIGRTMAX
VALUEOF_SIGRTMIN
VOID_RETSIGTYPE
XSLTPROC_MANPAGES
_GNU_SOURCE
_HAVE_SENDFILE
_POSIX_FALLOCATE_CAPABLE_LIBC
SAMBA_BUILD
_XOPEN_SOURCE_EXTENDED
auth_script_init
idmap_ad_init
idmap_autorid_init
idmap_fruit_init
idmap_hash_init
idmap_ldap_init
idmap_nss_init
idmap_rfc2307_init
idmap_rid_init
idmap_script_init
idmap_tdb2_init
idmap_tdb_init
loff_t
nss_info_hash_init
nss_info_rfc2307_init
nss_info_sfu20_init
nss_info_sfu_init
nss_info_template_init
offset_t
static_decl_auth
static_decl_charset
static_decl_gpext
static_decl_idmap
static_decl_nss_info
static_decl_pdb
static_decl_perfcount
static_decl_rpc
static_decl_vfs
static_init_auth
static_init_charset
static_init_gpext
static_init_idmap
static_init_nss_info
static_init_pdb
static_init_perfcount
static_init_rpc
static_init_vfs
uint_t
vfs_acl_tdb_init
vfs_acl_xattr_init
vfs_aio_fork_init
vfs_aio_pthread_init
vfs_audit_init
vfs_cacheprime_init
vfs_cap_init
vfs_catia_init
vfs_commit_init
vfs_crossrename_init
vfs_default_quota_init
vfs_dirsort_init
vfs_expand_msdfs_init
vfs_extd_audit_init
vfs_fake_perms_init
vfs_fruit_init
vfs_full_audit_init
vfs_ixnas_init
vfs_linux_xfs_sgid_init
vfs_media_harmony_init
vfs_netatalk_init
vfs_noacl_init
vfs_offline_init
vfs_posix_eadb_init
vfs_preopen_init
vfs_readahead_init
vfs_readonly_init
vfs_recycle_init
vfs_shadow_copy2_init
vfs_shadow_copy_init
vfs_shadow_copy_zfs_init
vfs_shell_snap_init
vfs_streams_depot_init
vfs_streams_xattr_init
vfs_syncops_init
vfs_time_audit_init
vfs_unityed_media_init
vfs_virusfilter_init
vfs_winmsa_init
vfs_worm_init
vfs_xattr_tdb_init
vfs_zfs_space_init
vfs_zfsacl_init
Cluster support features:
NONE
Type sizes:
sizeof(char): 1
sizeof(int): 4
sizeof(long): 8
sizeof(long long): 8
sizeof(uint8_t): 1
sizeof(uint16_t): 2
sizeof(uint32_t): 4
sizeof(short): 2
sizeof(void*): 8
sizeof(size_t): 8
sizeof(off_t): 8
sizeof(ino_t): 4
sizeof(dev_t): 4
Builtin modules:
vfs_default vfs_posixacl auth_builtin auth_sam auth_winbind pdb_smbpasswd pdb_tdbsam auth_unix idmap_passdb pdb_samba_dsdb auth_samba4 vfs_dfs_samba4 pdb_ldapsam
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter server min protocol = SMB2_02
doing parameter server max protocol = SMB3
doing parameter interfaces = 127.0.0.1 192.168.10.14
doing parameter bind interfaces only = yes
doing parameter encrypt passwords = yes
doing parameter dns proxy = no
doing parameter strict locking = no
doing parameter aio max threads = 2
doing parameter oplocks = yes
doing parameter deadtime = 15
doing parameter max log size = 51200
doing parameter private dir = /var/db/samba4/private
doing parameter max open files = 941555
doing parameter logging = file
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter getwd cache = yes
doing parameter guest account = nobody
doing parameter obey pam restrictions = yes
doing parameter ntlm auth = no
doing parameter directory name cache size = 0
doing parameter kernel change notify = no
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server string = Nativemode Storage
doing parameter ea support = yes
doing parameter store dos attributes = yes
doing parameter lm announce = yes
doing parameter hostname lookups = yes
doing parameter acl allow execute always = true
doing parameter dos filemode = yes
doing parameter multicast dns register = yes
doing parameter domain logons = no
doing parameter idmap config *: backend = tdb
doing parameter idmap config *: range = 90000001-100000000
doing parameter server role = member server
doing parameter workgroup = NATIVEMODE
doing parameter realm = NATIVEMODE.COM
doing parameter security = ADS
doing parameter client use spnego = yes
doing parameter local master = no
doing parameter domain master = no
doing parameter preferred master = no
doing parameter ads dns update = yes
doing parameter winbind cache time = 7200
doing parameter winbind max domain connections = 10
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind nested groups = yes
doing parameter winbind use default domain = no
doing parameter idmap config NATIVEMODE: backend = rid
doing parameter idmap config NATIVEMODE: range = 20000-90000000
doing parameter allow trusted domains = no
doing parameter client ldap sasl wrapping = plain
doing parameter template shell = /bin/sh
doing parameter template homedir = /home/%D/%U
doing parameter netbios name = NATSSP04
doing parameter create mask = 0666
doing parameter directory mask = 0777
doing parameter client ntlmv2 auth = yes
doing parameter dos charset = CP437
doing parameter unix charset = UTF-8
doing parameter log level = 1
pm_process() returned Yes
get_current_groups: user is in 1 groups: 0
directory_create_or_exist_strict: invalid ownership on directory /var/db/samba4/private/msg.sock
root@natssp04:~ #
When attempting to enable Active Directory functionality, the following error is show:
[MiddlewareError: Active Directory failed to reload.]
Followed the steps here: https://www.ixsystems.com/documentation/freenas/11.2-U6/directoryservices.html#if-the-system-does-not-join-the-domain
and get the following results when attempting to manually run commands.
Warning: settings changed through the CLI are not written to
the configuration database and will be reset on reboot.
root@natssp04:~ # sqlite3 /data/freenas-v1.db "UPDATE directoryservice_activedirectory SET ad_enable=1"
root@natssp04:~ # service ix-hostname start
root@natssp04:~ # service ix-kerberos start
root@natssp04:~ # service ix-kinit start
root@natssp04:~ # klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: svc.freenas@NATIVEMODE.COM
Issued Expires Principal
Nov 13 06:56:13 2019 Nov 13 16:56:13 2019 krbtgt/NATIVEMODE.COM@NATIVEMODE.COM
root@natssp04:~ # service ix-pre-samba start
Unable to initialize messaging context!
Unable to set SID to S-1-5-21-456761167-1329034108-4126908074
root@natssp04:~ #
I've confirmed time is good between my devices, and that proper name resolution is in place from freenas to DC and vice versa.
Issued cropped up unexpectedly due to an unscheduled domain controller reboot. DC came back online fine, but clients could no longer access SMB hosted shares.