I got an email from a user trying to bind Rockstor to AD. The reported error is "Error: Failed to start winbind service due to system error"
Everyone, I got a few more emails recently about this issue. Can someone help me fix this? We are not AD users or experts. Is there a quick way to set it up so we can test against it? If you can volunteer your infrastructure and some time, that would also be sufficient and greatly appreciated.
Suman
Did they share any information about their configuration?
Thanks! I’ll share more info as/when it’s available to me. I’ve also encouraged them to engage in the forums.
My assumption is that they have some AD credentials and are using the configuration form and upon submit getting the error. When we added the support(almost a year ago), we had a minimal AD VM and validated that it works, but I think we need to validate it much more. Any help would be awesome!
Samba 4 can be configured as an AD domain controller so maybe we could test against / reproduce against that:-
https://wiki.Samba.org has a howto.
Don’t have access to a AD setup here though. A Kerberos server is the nearest I have. Sorry not much help.
I haven’t forgotten about this I just had some setbacks with my NAS. I’ll take a look in the next week or two.
The samba AD domain controller howto I saw earlier was https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO seems complete enough.
I’m encountering this same problem. I have an AD and trying to add RockStor (v3.8-6) as a NAS. I’m able to complete and submit the AD configuration but when I go to [Join Domain] the screen goes grey (like it’s going to pop-up a facebox) and doesn’t move. If I refresh the page everything acts normally again, just nothing was accomplished. I obviously can’t start the winbind service because I haven’t joined the domain. I’ve tried both domain and ads security modes with the same results.
If I try to turn AD on, I get the “Failed to start winbind service due to system error” message. If I look in the logs (/opt/rockstor/var/log/rockstor.log) this is the error:
[31/Aug/2015 09:54:34] ERROR [smart_manager.views.winbind_service:61] Error running a command. cmd = [’/usr/bin/systemctl’, u’start’, ‘winbind’]. rc = 1. stdout = [’’]. stderr = [“Job for winbind.service failed. See ‘systemctl status winbind.service’ and ‘journalctl -xn’ for details.”, ‘’]
Traceback (most recent call last):
File “/opt/rockstor/src/rockstor/smart_manager/views/winbind_service.py”, line 58, in post
systemctl(‘winbind’, command)
File “/opt/rockstor/src/rockstor/system/services.py”, line 53, in systemctl
return run_command([SYSTEMCTL_BIN, switch, service_name])
File “/opt/rockstor/src/rockstor/system/osi.py”, line 85, in run_command
raise CommandException(cmd, out, err, rc)
CommandException: Error running a command. cmd = [’/usr/bin/systemctl’, u’start’, ‘winbind’]. rc = 1. stdout = [’’]. stderr = [“Job for winbind.service failed. See ‘systemctl status winbind.service’ and ‘journalctl -xn’ for details.”, ‘’]
[31/Aug/2015 09:54:34] ERROR [storageadmin.util:38] request path: /api/sm/services/winbind/start method: POST data: <QueryDict: {}>
[31/Aug/2015 09:54:34] ERROR [storageadmin.util:39] exception: Failed to start winbind service due to system error.
Traceback (most recent call last):
File “/opt/rockstor/src/rockstor/smart_manager/views/winbind_service.py”, line 58, in post
systemctl(‘winbind’, command)
File “/opt/rockstor/src/rockstor/system/services.py”, line 53, in systemctl
return run_command([SYSTEMCTL_BIN, switch, service_name])
File “/opt/rockstor/src/rockstor/system/osi.py”, line 85, in run_command
raise CommandException(cmd, out, err, rc)
CommandException: Error running a command. cmd = [’/usr/bin/systemctl’, u’start’, ‘winbind’]. rc = 1. stdout = [’’]. stderr = [“Job for winbind.service failed. See ‘systemctl status winbind.service’ and ‘journalctl -xn’ for details.”, ‘’]
Here is the systemctl status error:
[root@OCGSF-RCKSTR00 ~]# systemctl status winbind
winbind.service - Samba Winbind Daemon
Loaded: loaded (/usr/lib/systemd/system/winbind.service; enabled)
Active: failed (Result: exit-code) since Mon 2015-08-31 10:10:12 CDT; 1min 15s ago
Process: 11718 ExecStart=/usr/sbin/winbindd $WINBINDOPTIONS (code=exited, status=1/FAILURE)
Main PID: 11718 (code=exited, status=1/FAILURE)
Status: “Starting process…”
Aug 31 10:10:12 OCGSF-RCKSTR00 systemd[1]: winbind.service: Supervising process 11718 which is not our child. We’ll most likely not notice when it exits.
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: [2015/08/31 10:10:12.266872, 0] …/source3/winbindd/winbindd_cache.c:3230(initialize_winbindd_cache)
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: [2015/08/31 10:10:12.269053, 0] …/source3/winbindd/winbindd_util.c:634(init_domain_list)
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: Could not fetch our SID - did we join?
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: [2015/08/31 10:10:12.269238, 0] …/source3/winbindd/winbindd.c:1236(winbindd_register_handlers)
Aug 31 10:10:12 OCGSF-RCKSTR00 winbindd[11718]: unable to initialize domain list
Aug 31 10:10:12 OCGSF-RCKSTR00 systemd[1]: winbind.service: main process exited, code=exited, status=1/FAILURE
Aug 31 10:10:12 OCGSF-RCKSTR00 systemd[1]: Failed to start Samba Winbind Daemon.
Aug 31 10:10:12 OCGSF-RCKSTR00 systemd[1]: Unit winbind.service entered failed state.
I noticed that none of the tools typically used on CentOS 7 to join the domain (realmd) are installed on rockstor. Could that be a contributing problem? I’m tempted to install them and see what happens.
@software Welcome to Rockstor community.
I apologize this is still an issue. We’ve tested and added this feature a while ago but don’t really use or test actively here these days. Something must have changed and broke it. It’s been on my list to setup samba AD domain controller as suggested by @phillxnet. I haven’t gotten to it yet.
It seems like you have the necessary setup, skills and desire to get stuff working manually the CentOS way, which should work on Rockstor as well. That would be great. In fact, I can directly work with you and update the code if you can do the testing side of things. Let me know if you are game.
Update:
I was confused. RockStor uses just samba winbind, rather than the realmd suite, so my comment about not using “normal” tools was not accurate.
It appears that there’s just a problem in the [Join Domain] button syntax or something. When I ran “# net ads join -U [AD admin user] [AD domain]” the join succeeded and the AD service started right up. This command also provided very helpful troubleshooting hints as to what entries needed to be in place for the domain and realm entries (I can never remember which is which). I am now able to search AD for users (# id [domain]\[username]) and receive the correct results. However the users are not showing up in any of the access drop down lists either.
@suman, I’d be happy to help. I’m really impressed so far with the project. I can easily spin up test machines (spare hardware laying around) and control the AD domain so I can easily make changes. Let me know what you need me to do or what information needs to be provided and we’ll get it ironed out.
Thanks for your encouraging words about the project. It’s picking up nicely and I am happy and grateful for the community that’s building up.
Since it’s been a while since I implemented this functionality, I reviewed the code and created a “wikified” post here describing the feature and detailing the current implementation. I think this is a good start for our collaboration on this. Please go through the document and feel free to add corrections and more detail. Since I don’t have an AD setup, Let’s work one-one on this and fix the buggy behavior. I’ll send you a PM.