samba - Jul 2016 - NT_STATUS_INTERNAL_ERROR

Dear Rowland,
Follows the requested information:DC Primary: Windows 2008 R2Secondary DC: Samba
4.4.5
Content smb.conf
[global]        #bind interfaces only = Yes        interfaces = lo eno16777984 
      netbios name = SRV14        realm = DOMAIN.LOCAL        server services =
s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc,
dnsupdate, dns        workgroup = DOMAIN        server role = active directory
domain controller        comment =        #vfs objects = acl_xattr        #map
acl inherit = yes        #store dos attributes = yes        log file =
/var/log/samba/%m.log        log level = 9
[netlogon]        path = /usr/local/samba/var/locks/sysvol/domain.local/scripts 
      read only = No
[sysvol]        path = /usr/local/samba/var/locks/sysvol        read only = No

Content krb5.conf

[logging] default = FILE:/var/log/krb5libs.log kdc =
FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log
[libdefaults] dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime =
24h renew_lifetime = 7d forwardable = true rdns = false default_realm =
DOMAIN.LOCAL default_ccache_name = KEYRING:persistent:%{uid}
[realms]# EXAMPLE.COM = {#  kdc = kerberos.example.com#  admin_server =
kerberos.example.com# }
[domain_realm]# .example.com = EXAMPLE.COM# example.com = EXAMPLE.COM

I hope I have passed all the necessary information. If you need any more
information, I ask you to let me know.Thank you!

I apologize for the lack of standardization and alignment of text to post the
answers. I will try to send the information a little more standardized and
aligned.


Dear Rowland,
Follows the requested information:
DC Primary: Windows 2008 R2
Secondary DC: Samba 4.4.5

Content smb.conf

[global]
        #bind interfaces only = Yes
        interfaces = lo eno16777984
        netbios name = SRV14
        realm = DOMAIN.LOCAL
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate, dns
        workgroup = DOMAIN
        server role = active directory domain controller
        comment         #vfs objects = acl_xattr
        #map acl inherit = yes
        #store dos attributes = yes
        log file = /var/log/samba/%m.log
        log level = 9

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
        read only = No


[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


Content krb5.conf


[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 dns_lookup_kdc = true
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = DOMAIN.LOCAL
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM


I hope I have passed all the necessary information. If you need any more
information, I ask you to let me know.
Thank you!

On 26/07/16 12:41, Ricardo Pardim Claus wrote:
> I apologize for the lack of standardization and alignment of text to post
the answers. I will try to send the information a little more standardized and
aligned.
>
>
> Dear Rowland,
> Follows the requested information:
> DC Primary: Windows 2008 R2
> Secondary DC: Samba 4.4.5
>
> Content smb.conf
>
> [global]
>          #bind interfaces only = Yes
>          interfaces = lo eno16777984
>          netbios name = SRV14
>          realm = DOMAIN.LOCAL
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate, dns
>          workgroup = DOMAIN
>          server role = active directory domain controller
>          comment >          #vfs objects = acl_xattr
>          #map acl inherit = yes
>          #store dos attributes = yes
>          log file = /var/log/samba/%m.log
>          log level = 9
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>          read only = No
>
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
>
> Content krb5.conf
>
>
> [logging]
>   default = FILE:/var/log/krb5libs.log
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>   dns_lookup_realm = false
>   dns_lookup_kdc = true
>   ticket_lifetime = 24h
>   renew_lifetime = 7d
>   forwardable = true
>   rdns = false
>   default_realm = DOMAIN.LOCAL
>   default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> # EXAMPLE.COM = {
> #  kdc = kerberos.example.com
> #  admin_server = kerberos.example.com
> # }
>
> [domain_realm]
> # .example.com = EXAMPLE.COM
> # example.com = EXAMPLE.COM
>
>
> I hope I have passed all the necessary information. If you need any more
information, I ask you to let me know.
> Thank you!
OK, Your smb.conf looks fairly correct (you don't need the 'server 
services' line, yours is the default, provided you are using the 
internal DNS server)

Your krb5.conf only needs to look like this:

[libdefaults]
  default_realm = DOMAIN.LOCAL
  dns_lookup_realm = false
  dns_lookup_kdc = true

Which brings us to potential problem, if your domain name does end in 
'.local' it could interfere with Avahi if it is running on the DC, if it
is running, I would suggest turning it off.

In your first post you posted the command 'smbclient -k -L 
//domain.local' , this will not work, try:

smbclient -k -L //DC

Where 'DC' is the short hostname, this works for me.

Rowland

Dear Rowland 
Strange thing is that I do not receive notification on my email about your
answers.

Here we run an internal DNS. Samba was configured with Bind 9 as secondary DNS. 

When I put in domain.local settings, it is because we omit the company name. But
the name of my domain ends with .local.

I disabled Avahi daemon. 

When I try to run the command you quoted: 
smbclient -k -L //srv.domain.local 

I get the same error: 
session setup failed: NT_STATUS_INTERNAL_ERROR 

The command "kinit administrator" works perfectly.

Can you run it again but now with the debug parameter. 

smbclient -k -L //srv.domain.local -d3 
or 
smbclient -k -L //srv.domain.local -d5

and post that output again.

Greetz, 

Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ricardo Pardim
> Claus
> Verzonden: dinsdag 26 juli 2016 15:02
> Aan: rpenny at samba.org; samba at lists.samba.org
> Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR
> 
> Dear Rowland
> Strange thing is that I do not receive notification on my email about your
> answers.
> 
> Here we run an internal DNS. Samba was configured with Bind 9 as secondary
> DNS.
> 
> When I put in domain.local settings, it is because we omit the company
> name. But the name of my domain ends with .local.
> 
> I disabled Avahi daemon.
> 
> When I try to run the command you quoted:
> smbclient -k -L //srv.domain.local
> 
> I get the same error:
> session setup failed: NT_STATUS_INTERNAL_ERROR
> 
> The command "kinit administrator" works perfectly.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba