Hi, (adding back the mailing list in CC) On Tue, Jan 24, 2023 at 6:54 PM Tyler Zang <tyler.j.z...@gmail.com> wrote:
> This brings up another "issue" that I am running into, that might be > related. To give a quick back story, I am a windows admin pulled into > support Linux, and thus FreeIPA. So my knowledge is very limited on this > stuff. > > We have 2 separate FreeIPA's running on our network, as one will be > retired soon. I feel like, starting about 2 months ago or so, my newest one > (the one this post is about) started to fail booting up because of "smb" > and "winbind" would not start. I had to use the --ignore-service-failure to > get freeipa to start which would let everything else start except those two > services. I don't recall the previous admin having samba or winbind > purposely installed so I suspected maybe a monthly update installed it or > something. I checked my other instance and it does not have those services > installed, so ipa starts up without those services. So I was looking last > week on how to stop freeipa from trying to boot those two services. As of > now, I just let those fail. > If the server is configured as a trust controller (ie you ran ipa-adtrust-install), then it's expected that smb and winbind are running. > > This FreeIPA does have a trust with AD, trusting the forest, but it is not > "joined" (net ads join) to my domain, which is why winbind and smb breaks > (I think). I open up the web gui and go to the network services > Trusts > and see my domains. The "old" freeipa does not even have the trust submenu. > Neither show up in ADUC. > > So now it sounds like this trust issue might be potentially affecting this > upgrade. I am tempted to just join it into AD and see what happens. > No, an IPA machine cannot join an AD domain. You can ask for help on this mailing list for troubleshooting the smb/winbind issues, if you provide additional logs I'm sure someone will be able to help. flo > > On Tue, Jan 24, 2023 at 4:59 AM Florence Blanc-Renaud <f...@redhat.com> > wrote: > >> Hi, >> >> On Mon, Jan 23, 2023 at 7:58 PM Ty zang via FreeIPA-users < >> freeipa-users@lists.fedorahosted.org> wrote: >> >>> Thanks for the information. I will treat that as a false positive. The >>> error is failing due to something not found (no such file or directory) and >>> the only other error that stands out to me is maybe this.. (airgapped so I >>> cant just post the log sadly) >>> >>> args=/usr/bin/net -s /dev/null groupmap add sid=S-5-1-5-32-546 >>> unixgroup=nobody type=builtin >>> process execution failed >>> destroyed connection context.ldap2_ (bunch of #) >>> upgrade failed with [Errno 2] no such file or directory. >>> >>> Does this file /usr/bin/net exist? It should be installed with the >> package samba-common-tools, that is required by ipa-server-trust-ad. This >> code should be executed only if adtrust is installed, is this your case? >> flo >> >> So maybe this is a missing account or something? Any suggestion on what >>> to look for regarding ldap? Ill google this to see what comes up >>> _______________________________________________ >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >>> To unsubscribe send an email to >>> freeipa-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org >>> Do not reply to spam, report it: >>> https://pagure.io/fedora-infrastructure/new_issue >>> >> > > -- > Regards, > Tyler Zang > >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
