2

I have a working radius server that auths connections to a PDC AD server. I wanted to create another one so that I can fail over on the firewall when needed. I created a second server using the same configs as the first.

When I have the following in my smb.conf it fails to start, even though this is the same config as the working server o another IP.

[global]
    workgroup = domain
        security = ads
        password server = x.x.x.x
        passdb backend = tdbsam
        realm = realm.com

    printing = cups
    printcap name = cups
    load printers = yes
    cups options = raw

[homes]
    comment = Home Directories
    valid users = %S, %D%w%S
    browseable = No
    read only = No
    inherit acls = Yes

[printers]
    comment = All Printers
    path = /var/tmp
    printable = Yes
    create mask = 0600
    browseable = No

[print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    write list = @printadmin root
    force group = @printadmin
    create mask = 0664
    directory mask = 0775

The error that I get on the systemctl start smb is as follows:

Aug 30 09:12:46 zahqprdlrad002 systemd[1]: Starting Samba SMB Daemon...
Aug 30 09:12:46 zahqprdlrad002 smbd[21426]: [2018/08/30 09:12:46.156012,  0] ../source3/auth/auth_util.c:1399(make_new_session_info_guest)
Aug 30 09:12:46 zahqprdlrad002 smbd[21426]:   create_local_token failed: NT_STATUS_NO_MEMORY
Aug 30 09:12:46 zahqprdlrad002 smbd[21426]: [2018/08/30 09:12:46.156515,  0] ../source3/smbd/server.c:2011(main)
Aug 30 09:12:46 zahqprdlrad002 smbd[21426]:   ERROR: failed to setup guest info.
Aug 30 09:12:46 zahqprdlrad002 systemd[1]: smb.service: main process exited, code=exited, status=255/n/a
Aug 30 09:12:46 zahqprdlrad002 systemd[1]: Failed to start Samba SMB Daemon.
Aug 30 09:12:46 zahqprdlrad002 systemd[1]: Unit smb.service entered failed state.
Aug 30 09:12:46 zahqprdlrad002 systemd[1]: smb.service failed.

If I comment out the security=ads from the smb.conf the smb starts but then I cannot connect to the PDC AD server to join the AD.

Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
ADS join did not work, falling back to RPC...
cannot join as standalone machine

Please help :)

IRBiddlecombe
  • 21
  • 1
  • 3

1 Answers1

1

I also encountered this issue too of Samba SMB daemon unable to start with the error of create_local_token failed: NT_STATUS_NO_MEMORY.

After a fail amount of frustration I discovered this post suggesting the new iteration of samba Domain member setups require winbindd: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899269#40

A bit more digging found this article https://timothygruber.com/linux/samba-file-server-with-microsoft-ad/ and finally I had success with this one - https://www.tecmint.com/integrate-centos-7-to-samba4-active-directory/.

Now I can successfully start smb/samba service as a domain member with security=ads and login with AD credentials and open the home directories through windows explorer.

Good luck...

plaw-013
  • 11
  • 2
  • That's awesome thank you! I will have to try that some time, for now I cloned the working one and created a template and redeploy that as needed XD not ideal but a working solution. – IRBiddlecombe Mar 08 '19 at 06:42