Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] NT_STATUS_INTERNAL_ERROR
1,537 views
Skip to first unread message
Ricardo Pardim Claus
Jul 25, 2016, 1:40:03 PM7/25/16
to
Dear,Samba updated to 4.4.5 version.The Samba is a secundary DC.I'm getting some authentication errors.
smbclient -k -L //domain.localsession setup failed: NT_STATUS_INTERNAL_ERROR
Using my PC when I try to access the \\sambadc, is asking User and Password.The logs appears this:
ctx setting sec (0, 0) - 0 = sec_ctx_stack_ndx[25/07/2016 14: 08: 04.581532, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL)[25/07/2016 14: 08: 04.581539, 5] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and 0 contains supplementary groups[25/07/2016 14: 08: 04.581551, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid = (0,0) gid = (0,0)[07/25/2016 14: 08: 04.581807 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
What can be wrong in the settings?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
smbclient -k -L //domain.localsession setup failed: NT_STATUS_INTERNAL_ERROR
Using my PC when I try to access the \\sambadc, is asking User and Password.The logs appears this:
ctx setting sec (0, 0) - 0 = sec_ctx_stack_ndx[25/07/2016 14: 08: 04.581532, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL)[25/07/2016 14: 08: 04.581539, 5] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and 0 contains supplementary groups[25/07/2016 14: 08: 04.581551, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid = (0,0) gid = (0,0)[07/25/2016 14: 08: 04.581807 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
What can be wrong in the settings?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland penny
Jul 25, 2016, 1:50:03 PM7/25/16
to
On 25/07/16 18:27, Ricardo Pardim Claus wrote:
> Dear,Samba updated to 4.4.5 version.The Samba is a secundary DC.I'm getting some authentication errors.
> smbclient -k -L //domain.localsession setup failed: NT_STATUS_INTERNAL_ERROR
> Using my PC when I try to access the \\sambadc, is asking User and Password.The logs appears this:
> ctx setting sec (0, 0) - 0 = sec_ctx_stack_ndx[25/07/2016 14: 08: 04.581532, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL)[25/07/2016 14: 08: 04.581539, 5] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and 0 contains supplementary groups[25/07/2016 14: 08: 04.581551, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid = (0,0) gid = (0,0)[07/25/2016 14: 08: 04.581807 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
>
> What can be wrong in the settings?
No idea, you haven't posted any :-)
> Dear,Samba updated to 4.4.5 version.The Samba is a secundary DC.I'm getting some authentication errors.
> smbclient -k -L //domain.localsession setup failed: NT_STATUS_INTERNAL_ERROR
> Using my PC when I try to access the \\sambadc, is asking User and Password.The logs appears this:
> ctx setting sec (0, 0) - 0 = sec_ctx_stack_ndx[25/07/2016 14: 08: 04.581532, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL)[25/07/2016 14: 08: 04.581539, 5] ../source3/auth/token_util.c:639(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and 0 contains supplementary groups[25/07/2016 14: 08: 04.581551, 5] ../source3/smbd/uid.c:425(smbd_change_to_root_user) change_to_root_user: now uid = (0,0) gid = (0,0)[07/25/2016 14: 08: 04.581807 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_CONNECTION_RESET)
>
> What can be wrong in the settings?
Can you post your full setup, all we know at present is that your second
DC is running on a Unix machine using Samba 4.4.5. Is the first DC a
Samba machine or a windows machine ?
It will probably help if you post your conf files etc.
Rowland
Ricardo Pardim Claus
Jul 25, 2016, 2:30:03 PM7/25/16
to
Correcting information.In the test environment, compiled Samba 4.4.5 package and entered the field as a secondary DC. The VM was not configured Samba.After joining the domain until then it seemed that everything was fine.I was looking for a solution to the "access denied" in sysvol.I decided to restart the server. When he came back, I started receiving the error NT_STATUS_INTERNAL_ERROR.
Rowland penny
Jul 25, 2016, 2:40:03 PM7/25/16
to
Without that info, we cannot even begin to start to help you.
Rowland
Ricardo Pardim Claus
Jul 26, 2016, 7:40:04 AM7/26/16
to
Dear Rowland,
Follows the requested information:DC Primary: Windows 2008 R2Secondary DC: Samba 4.4.5
Content smb.conf
[global] #bind interfaces only = Yes interfaces = lo eno16777984 netbios name = SRV14 realm = DOMAIN.LOCAL server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns workgroup = DOMAIN server role = active directory domain controller comment = #vfs objects = acl_xattr #map acl inherit = yes #store dos attributes = yes log file = /var/log/samba/%m.log log level = 9
[netlogon] path = /usr/local/samba/var/locks/sysvol/domain.local/scripts read only = No
[sysvol] path = /usr/local/samba/var/locks/sysvol read only = No
Content krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = DOMAIN.LOCAL default_ccache_name = KEYRING:persistent:%{uid}
[realms]# EXAMPLE.COM = {# kdc = kerberos.example.com# admin_server = kerberos.example.com# }
[domain_realm]# .example.com = EXAMPLE.COM# example.com = EXAMPLE.COM
I hope I have passed all the necessary information. If you need any more information, I ask you to let me know.Thank you!
Follows the requested information:DC Primary: Windows 2008 R2Secondary DC: Samba 4.4.5
Content smb.conf
[global] #bind interfaces only = Yes interfaces = lo eno16777984 netbios name = SRV14 realm = DOMAIN.LOCAL server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns workgroup = DOMAIN server role = active directory domain controller comment = #vfs objects = acl_xattr #map acl inherit = yes #store dos attributes = yes log file = /var/log/samba/%m.log log level = 9
[netlogon] path = /usr/local/samba/var/locks/sysvol/domain.local/scripts read only = No
[sysvol] path = /usr/local/samba/var/locks/sysvol read only = No
Content krb5.conf
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = DOMAIN.LOCAL default_ccache_name = KEYRING:persistent:%{uid}
[realms]# EXAMPLE.COM = {# kdc = kerberos.example.com# admin_server = kerberos.example.com# }
[domain_realm]# .example.com = EXAMPLE.COM# example.com = EXAMPLE.COM
I hope I have passed all the necessary information. If you need any more information, I ask you to let me know.Thank you!
Ricardo Pardim Claus
Jul 26, 2016, 7:50:03 AM7/26/16
to
I apologize for the lack of standardization and alignment of text to post the answers. I will try to send the information a little more standardized and aligned.
Rowland penny
Jul 26, 2016, 8:30:03 AM7/26/16
to
services' line, yours is the default, provided you are using the
internal DNS server)
Your krb5.conf only needs to look like this:
[libdefaults]
default_realm = DOMAIN.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
Which brings us to potential problem, if your domain name does end in
dns_lookup_kdc = true
'.local' it could interfere with Avahi if it is running on the DC, if it
is running, I would suggest turning it off.
In your first post you posted the command 'smbclient -k -L
//domain.local' , this will not work, try:
smbclient -k -L //DC
Where 'DC' is the short hostname, this works for me.
Rowland
Ricardo Pardim Claus
Jul 26, 2016, 9:10:02 AM7/26/16
to
Dear Rowland
Strange thing is that I do not receive notification on my email about your answers.
Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS.
When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local.
I disabled Avahi daemon.
When I try to run the command you quoted:
smbclient -k -L //srv.domain.local
I get the same error:
session setup failed: NT_STATUS_INTERNAL_ERROR
The command "kinit administrator" works perfectly.
Strange thing is that I do not receive notification on my email about your answers.
Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS.
When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local.
I disabled Avahi daemon.
When I try to run the command you quoted:
smbclient -k -L //srv.domain.local
I get the same error:
session setup failed: NT_STATUS_INTERNAL_ERROR
The command "kinit administrator" works perfectly.
Rowland penny
Jul 26, 2016, 9:20:03 AM7/26/16
to
On 26/07/16 14:01, Ricardo Pardim Claus wrote:
> Dear Rowland
> Strange thing is that I do not receive notification on my email about your answers.
Could be because I only reply to the Samba list.
> Dear Rowland
> Strange thing is that I do not receive notification on my email about your answers.
>
> Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS.
If you have this line in smb.conf:
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate, dns
line in smb.conf)
If you are using Bind9, keep the line and remove ', dns' from the end.
>
> When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local.
>
> I disabled Avahi daemon.
>
> When I try to run the command you quoted:
> smbclient -k -L //srv.domain.local
>
> I get the same error:
> session setup failed: NT_STATUS_INTERNAL_ERROR
>
> The command "kinit administrator" works perfectly.
If I run the command on one of my DCs without running 'kinit
administrator', I get this:
root@dc1:~# smbclient -k -L //dc1
session setup failed: NT_STATUS_INTERNAL_ERROR
If I then run 'kinit':
root@dc1:~# kinit administrator
Password for admini...@SAMDOM.EXAMPLE.COM:
root@dc1:~# smbclient -k -L //dc1
Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.3]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
home Disk
data Disk test share
IPC$ IPC IPC Service (Samba 4.4.3)
Domain=[SAMDOM] OS=[Windows 6.1] Server=[Samba 4.4.3]
Server Comment
--------- -------
Workgroup Master
--------- -------
Rowland
Reindl Harald
Jul 26, 2016, 9:20:04 AM7/26/16
to
Am 26.07.2016 um 15:01 schrieb Ricardo Pardim Claus:
> Dear Rowland
> Strange thing is that I do not receive notification on my email about your answers.
>
> Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS.
>
> When I put in domain.local settings, it is because we omit the company name. But the name of my domain ends with .local.
>
> I disabled Avahi daemon.
>
> When I try to run the command you quoted:
> smbclient -k -L //srv.domain.local
>
> I get the same error:
> session setup failed: NT_STATUS_INTERNAL_ERROR
>
> The command "kinit administrator" works perfectly
https://lists.samba.org/archive/samba/2015-January/188062.html
i bet /etc/nsswitch.conf is using "mdns4_minimal" before DNS
L.P.H. van Belle
Jul 26, 2016, 9:40:03 AM7/26/16
to
Can you run it again but now with the debug parameter.
smbclient -k -L //srv.domain.local -d3
or
smbclient -k -L //srv.domain.local -d5
and post that output again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Ricardo Pardim
> Claus
> Verzonden: dinsdag 26 juli 2016 15:02
> Aan: rpe...@samba.org; sa...@lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
smbclient -k -L //srv.domain.local -d3
or
smbclient -k -L //srv.domain.local -d5
and post that output again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Ricardo Pardim
> Claus
> Verzonden: dinsdag 26 juli 2016 15:02
> Aan: rpe...@samba.org; sa...@lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
Ricardo Pardim Claus
Jul 26, 2016, 9:40:03 AM7/26/16
to
This Samba 4 deployment job, is part of a project to replace
DC Windows 2008.
When we were testing the Samba 4.4.4 at any time we receive this error NT_STATUS_INTERNAL_ERROR.
The .local domain is a small network, with approximately 90 computers.
When it was set the domain name as empresa.local, the invez of empresa.com.br, the intention was to separate the internal domain of the external field, because when we try to raise the domain as empresa.com.br, DNS began to conflict with the external field, since we have an external domain registered as .com.br.
With regard to my domain is .local, I will not be able to follow up the implementation of a DC with Samba 4?
About nsswitch.conf, I do not get it right.
So I'll post the contents of this file to view.
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#initgroups: files
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
L.P.H. van Belle
Jul 26, 2016, 9:50:03 AM7/26/16
to
Yes it wil work fine, if correct configured.
But i see you use sssd, and i dont know anything of sssd.
Post de debug logs first..
About the .local ( and .lan ) these are reserved names.
https://en.wikipedia.org/wiki/.local
++> Microsoft recommendations
TechNet article 726016[5] cautioned against using .local:
…we do not recommend using unregistered suffixes, such as .local.
>> https://technet.microsoft.com/en-us/library/cc726016
But if you in a running .local domain DONT CHANGE IT, changeing a domain name is really not recommended.
Just keep it in mind for a new setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Ricardo Pardim
> Claus
> Verzonden: dinsdag 26 juli 2016 15:37
> Aan: h.re...@thelounge.net; sa...@lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
>
>
>
>
But i see you use sssd, and i dont know anything of sssd.
Post de debug logs first..
About the .local ( and .lan ) these are reserved names.
https://en.wikipedia.org/wiki/.local
++> Microsoft recommendations
TechNet article 726016[5] cautioned against using .local:
…we do not recommend using unregistered suffixes, such as .local.
>> https://technet.microsoft.com/en-us/library/cc726016
But if you in a running .local domain DONT CHANGE IT, changeing a domain name is really not recommended.
Just keep it in mind for a new setup.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Ricardo Pardim
> Claus
> Aan: h.re...@thelounge.net; sa...@lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
>
>
>
>
Ricardo Pardim Claus
Jul 26, 2016, 10:00:03 AM7/26/16
to
Rowland:
I took the "dns" from "server services" line in smb.conf, then restart the Samba service.
The commands I have given, is running on the DC Samba
Run the command:
[root@srv14 ~]# kinit administrator
Password for admini...@DOMAIN.LOCAL:
[root@srv14 ~]# klist -e
Ticket cache: KEYRING:persistent:0:0
Default principal: admini...@DOMAIN.LOCAL
Valid starting Expires Service principal
26-07-2016 10:43:48 26-07-2016 20:43:48 krbtgt/DOMAIN...@DOMAIN.LOCAL
renew until 02-08-2016 10:43:46, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
[root@srv14 ~]#
Louis:
I ran the following command to display the results:
smbclient -k -L //srv.domain.local -d5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
Processing section "[global]"
doing parameter interfaces = lo eno16777984
doing parameter netbios name = SRV14
doing parameter realm = DOMAIN.LOCAL
doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = DOMAIN
doing parameter server role = active directory domain controller
doing parameter comment =
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 9
pm_process() returned Yes
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eno16777984 ip=172.16.16.3 bcast=172.16.17.255 netmask=255.255.254.0
Netbios name list:-
my_netbios_names[0]="SRV14"
Client started (version 4.4.5).
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: No stored sitename for DOMAIN.LOCAL
name srv13.domain.local#20 found.
Connecting to 172.16.16.19 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 367360
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/srv13.dom...@DOMAIN.LOCAL
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
I took the "dns" from "server services" line in smb.conf, then restart the Samba service.
The commands I have given, is running on the DC Samba
Run the command:
[root@srv14 ~]# kinit administrator
Password for admini...@DOMAIN.LOCAL:
[root@srv14 ~]# klist -e
Ticket cache: KEYRING:persistent:0:0
Default principal: admini...@DOMAIN.LOCAL
Valid starting Expires Service principal
26-07-2016 10:43:48 26-07-2016 20:43:48 krbtgt/DOMAIN...@DOMAIN.LOCAL
renew until 02-08-2016 10:43:46, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
[root@srv14 ~]#
Louis:
I ran the following command to display the results:
smbclient -k -L //srv.domain.local -d5
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
Processing section "[global]"
doing parameter interfaces = lo eno16777984
doing parameter netbios name = SRV14
doing parameter realm = DOMAIN.LOCAL
doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = DOMAIN
doing parameter server role = active directory domain controller
doing parameter comment =
doing parameter log file = /var/log/samba/%m.log
doing parameter log level = 9
pm_process() returned Yes
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eno16777984 ip=172.16.16.3 bcast=172.16.17.255 netmask=255.255.254.0
Netbios name list:-
my_netbios_names[0]="SRV14"
Client started (version 4.4.5).
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: No stored sitename for DOMAIN.LOCAL
name srv13.domain.local#20 found.
Connecting to 172.16.16.19 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 367360
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/srv13.dom...@DOMAIN.LOCAL
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
Ricardo Pardim Claus
Jul 28, 2016, 7:30:03 AM7/28/16
to
Dear,
Does anyone have any idea what may be causing this error?
Even I had to leave off Samba, because I believe that due to NT_STATUS_INTERNAL_ERROR error, several desktops are presenting failure credentials when they try to access shares. After I left off Samba, the errors are gone.
------------------- Mensagem original -------------------------------
Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR
Does anyone have any idea what may be causing this error?
Even I had to leave off Samba, because I believe that due to NT_STATUS_INTERNAL_ERROR error, several desktops are presenting failure credentials when they try to access shares. After I left off Samba, the errors are gone.
------------------- Mensagem original -------------------------------
Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR
Ricardo Pardim Claus
Aug 2, 2016, 9:10:02 AM8/2/16
to
To follow the historical post, follow the link:
[Samba] NT_STATUS_INTERNAL_ERROR
| |
| | | | | |
| [Samba] NT_STATUS_INTERNAL_ERROR[Samba] NT_STATUS_INTERNAL_ERROR Ricardo Pardim Claus ricardo.claus at yahoo.com.br Mon Jul 25 17:27:10 UTC 2016 Previous message: [Samba] Samba domain member and rfc2307 user IDs |
| |
| Visualizar em lists.samba.org | Visualizado por Yahoo |
Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR
Dear,I found the solution to the error: NT_STATUS_INTERNAL_ERRORThis error acontencia in Samba versions: 4.4.4, 4.4.5 and 4.5.0rc1.For my case, after checking the logs, something wrong about authentication.I solved the problem by releasing the ports and services (AD, DC, DNS, SMB, etc.) on the firewall. In Centos 7, I had already released these ports, but can not explain why he returned to block everything.the tip is recorded if someone will go through this problem.Greetings to all !
[Samba] NT_STATUS_INTERNAL_ERROR
| |
| | | | | |
| [Samba] NT_STATUS_INTERNAL_ERROR[Samba] NT_STATUS_INTERNAL_ERROR Ricardo Pardim Claus ricardo.claus at yahoo.com.br Mon Jul 25 17:27:10 UTC 2016 Previous message: [Samba] Samba domain member and rfc2307 user IDs |
| |
| Visualizar em lists.samba.org | Visualizado por Yahoo |
| |
| |
De: Ricardo Pardim Claus <ricard...@yahoo.com.br>
Para: "sa...@lists.samba.org" <sa...@lists.samba.org>
Enviadas: Terça-feira, 2 de Agosto de 2016 9:59
| |
De: Ricardo Pardim Claus <ricard...@yahoo.com.br>
Para: "sa...@lists.samba.org" <sa...@lists.samba.org>
Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR
Dear,I found the solution to the error: NT_STATUS_INTERNAL_ERRORThis error acontencia in Samba versions: 4.4.4, 4.4.5 and 4.5.0rc1.For my case, after checking the logs, something wrong about authentication.I solved the problem by releasing the ports and services (AD, DC, DNS, SMB, etc.) on the firewall. In Centos 7, I had already released these ports, but can not explain why he returned to block everything.the tip is recorded if someone will go through this problem.Greetings to all !
Ricardo Pardim Claus
Aug 2, 2016, 9:10:03 AM8/2/16
to
Dear,I found the solution to the error: NT_STATUS_INTERNAL_ERRORThis error acontencia in Samba versions: 4.4.4, 4.4.5 and 4.5.0rc1.For my case, after checking the logs, something wrong about authentication.I solved the problem by releasing the ports and services (AD, DC, DNS, SMB, etc.) on the firewall. In Centos 7, I had already released these ports, but can not explain why he returned to block everything.the tip is recorded if someone will go through this problem.Greetings to all !
0 new messages