Hello, a short history, I am using samba 4 with Debian 9 from the repository, 2 days ago the server was broken, but I was copy all the /var/lib/samba directory to a safe place, then I was installed a new server with the same Debian and samba from repository, and stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied all the directory from the old server to the new server and started the samba, all works fine, the bind is integrated with samba_dlz, etc. But now when i go to join a Windows 7 PC to the domain show an error with "Internal Error". Inside the AD server i put this command kinit administrator smbclient -k -L dc.mtz.desoft.cu -m smb2 -d5 and the output is INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 scavenger: 5 dns: 5 ldb: 5 tevent: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 scavenger: 5 dns: 5 ldb: 5 tevent: 5 Processing section "[global]" doing parameter netbios name = DC doing parameter realm = MTZ.DESOFT.CU doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate doing parameter workgroup = MTZ doing parameter server role = active directory domain controller doing parameter idmap_ldb:use rfc2307 = yes doing parameter client ldap sasl wrapping = sign doing parameter ldap server require strong auth = No doing parameter full_audit:prefix = %u|%I|%S doing parameter full_audit:failure = connect doing parameter full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath doing parameter full_audit:facility = local5 doing parameter full_audit:priority = notice doing parameter tls enabled = yes doing parameter tls certfile = /var/lib/samba/private/tls/dc-cert.pem doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem doing parameter ntlm auth = yes doing parameter winbind max clients = 10000 doing parameter min protocol = SMB2 pm_process() returned Yes added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=10.11.0.1 bcast=10.11.0.255 netmask=255.255.255.0 added interface eth0 ip=192.168.0.1 bcast=192.168.0.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="DC" Client started (version 4.5.8-Debian). Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb sitename_fetch: No stored sitename for realm 'MTZ.DESOFT.CU' name dc.mtz.desoft.cu#20 found. Connecting to 192.168.0.1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061808 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore cli_session_setup_spnego: using target hostname not SPNEGO principal cli_session_setup_spnego: guessed server principal=cifs/dc.mtz.desoft.cu at MTZ.DESOFT.CU GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 SPNEGO login failed: An internal error occurred. session setup failed: NT_STATUS_INTERNAL_ERROR --------------------------------------------------------------------- smb.conf ---------------------------------------------------------------------- # Global parameters [global] netbios name = DC realm = MTZ.DESOFT.CU server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MTZ server role = active directory domain controller idmap_ldb:use rfc2307 = yes client ldap sasl wrapping = sign ldap server require strong auth = No # map to guest = bad user # Audit settings full_audit:prefix = %u|%I|%S full_audit:failure = connect full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath full_audit:facility = local5 full_audit:priority = notice tls enabled = yes tls certfile = /var/lib/samba/private/tls/dc-cert.pem tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem tls cafile = /var/lib/samba/private/tls/cacert.pem tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem ntlm auth = yes # lanman auth = yes # lanman auth = yes winbind max clients = 10000 min protocol = SMB2 [netlogon] path = /var/lib/samba/sysvol/mtz.desoft.cu/scripts read only = No vfs objects = full_audit [sysvol] path = /var/lib/samba/sysvol read only = No vfs objects = full_audit -- Luis Felipe Dominguez Vega System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ] [ https://www.facebook.com/lfdominguez0104 | ] [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ | ] [ https://twitter.com/LuisFelipeDV1 | ]
On Thu, 10 Aug 2017 15:43:10 -0400 (CDT) Ing. Luis Felipe Domínguez Vega via samba <samba at lists.samba.org> wrote:> Hello, a short history, I am using samba 4 with Debian 9 from the > repository, 2 days ago the server was broken, but I was copy all > the /var/lib/samba directory to a safe place, then I was installed a > new server with the same Debian and samba from repository, and > stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied > all the directory from the old server to the new server and started > the samba, all works fine, the bind is integrated with samba_dlz, > etc. But now when i go to join a Windows 7 PC to the domain show an > error with "Internal Error". Inside the AD server i put this command >Did you use exactly the same FQDN and ipaddress for the new computer ?> > tls enabled = yes > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem > tls cafile = /var/lib/samba/private/tls/cacert.pem > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem >You could try recreating the cert files. Rowland
L.P.H. van Belle
2017-Aug-11 08:29 UTC
[Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Hai, We have 2 persons with exact the same problem. Based on the configs shown by both personsn (Vladimir and Ing. Luis). I dont see issues which should case this, so as Andrew suggest, keep increasing the debug levels and post these. Lets hope we see something here, im bit puzzled about this one. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: donderdag 10 augustus 2017 22:43 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR > > On Thu, 10 Aug 2017 15:43:10 -0400 (CDT) Ing. Luis Felipe > Domínguez Vega via samba <samba at lists.samba.org> wrote: > > > Hello, a short history, I am using samba 4 with Debian 9 from the > > repository, 2 days ago the server was broken, but I was > copy all the > > /var/lib/samba directory to a safe place, then I was > installed a new > > server with the same Debian and samba from repository, and stopped > > smbd, nmbd and winbind, unmask samba-ad-dc and finally > copied all the > > directory from the old server to the new server and started > the samba, > > all works fine, the bind is integrated with samba_dlz, etc. But now > > when i go to join a Windows 7 PC to the domain show an error with > > "Internal Error". Inside the AD server i put this command > > > > Did you use exactly the same FQDN and ipaddress for the new computer ? > > > > > tls enabled = yes > > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > > tls keyfile = > /var/lib/samba/private/tls/secure/dc-privkey.pem > > tls cafile = /var/lib/samba/private/tls/cacert.pem > > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem > > > > You could try recreating the cert files. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Ing. Luis Felipe Domínguez Vega
2017-Aug-11 12:02 UTC
[Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
This is with -d10, I test in Windows 10 (joining to domain) and same error, "Internal error". One thing, I don't execute the domain provision command because I put all the files created in the old server into the new server, that's metter??? INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter netbios name = DC doing parameter realm = MTZ.DESOFT.CU doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate doing parameter workgroup = MTZ doing parameter server role = active directory domain controller doing parameter idmap_ldb:use rfc2307 = yes doing parameter client ldap sasl wrapping = sign doing parameter ldap server require strong auth = No doing parameter full_audit:prefix = %u|%I|%S doing parameter full_audit:failure = connect doing parameter full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath doing parameter full_audit:facility = local5 doing parameter full_audit:priority = notice doing parameter tls enabled = yes doing parameter tls certfile = /var/lib/samba/private/tls/dc-cert.pem doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem doing parameter ntlm auth = yes doing parameter winbind max clients = 10000 doing parameter min protocol = SMB2 pm_process() returned Yes lp_servicenumber: couldn't find homes added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=10.11.0.1 bcast=10.11.0.255 netmask=255.255.255.0 added interface eth0 ip=192.168.0.1 bcast=192.168.0.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="DC" Client started (version 4.5.8-Debian). Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb Adding cache entry with key=[AD_SITENAME/DOMAIN/MTZ.DESOFT.CU] and timeout=[Thu Jan 1 00:00:00 1970 UTC] (-1502452663 seconds in the past) sitename_fetch: No stored sitename for realm 'MTZ.DESOFT.CU' internal_resolve_name: looking up dc.mtz.desoft.cu#20 (sitename (null)) Adding cache entry with key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Thu Jan 1 00:00:00 1970 UTC] (-1502452663 seconds in the past) no entry for dc.mtz.desoft.cu#20 found. resolve_hosts: Attempting host lookup for name dc.mtz.desoft.cu<0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 1 address for dc.mtz.desoft.cu#20: 192.168.0.1 Adding cache entry with key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Fri Aug 11 12:08:43 2017 UTC] (660 seconds ahead) internal_resolve_name: returning 1 addresses: 192.168.0.1:0 Connecting to 192.168.0.1 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061808 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore cli_session_setup_spnego: using target hostname not SPNEGO principal cli_session_setup_spnego: guessed server principal=cifs/dc.mtz.desoft.cu at MTZ.DESOFT.CU GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gss_init_sec_context failed with [ The context has expired: Success] SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR SPNEGO login failed: An internal error occurred. session setup failed: NT_STATUS_INTERNAL_ERROR ----- Mensaje original ----- De: "samba" <samba at lists.samba.org> Para: "samba" <samba at lists.samba.org> Enviados: Viernes, 11 de Agosto 2017 4:29:32 Asunto: [Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR Hai, We have 2 persons with exact the same problem. Based on the configs shown by both personsn (Vladimir and Ing. Luis). I dont see issues which should case this, so as Andrew suggest, keep increasing the debug levels and post these. Lets hope we see something here, im bit puzzled about this one. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: donderdag 10 augustus 2017 22:43 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR > > On Thu, 10 Aug 2017 15:43:10 -0400 (CDT) Ing. Luis Felipe > Domínguez Vega via samba <samba at lists.samba.org> wrote: > > > Hello, a short history, I am using samba 4 with Debian 9 from the > > repository, 2 days ago the server was broken, but I was > copy all the > > /var/lib/samba directory to a safe place, then I was > installed a new > > server with the same Debian and samba from repository, and stopped > > smbd, nmbd and winbind, unmask samba-ad-dc and finally > copied all the > > directory from the old server to the new server and started > the samba, > > all works fine, the bind is integrated with samba_dlz, etc. But now > > when i go to join a Windows 7 PC to the domain show an error with > > "Internal Error". Inside the AD server i put this command > > > > Did you use exactly the same FQDN and ipaddress for the new computer ? > > > > > tls enabled = yes > > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > > tls keyfile = > /var/lib/samba/private/tls/secure/dc-privkey.pem > > tls cafile = /var/lib/samba/private/tls/cacert.pem > > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem > > > > You could try recreating the cert files. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Luis Felipe Dominguez Vega System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ] [ https://www.facebook.com/lfdominguez0104 | ] [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ | ] [ https://twitter.com/LuisFelipeDV1 | ]
L.P.H. van Belle
2017-Aug-11 12:16 UTC
[Samba] NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Can you post the output of klist -ket /var/lib/samba/private/secrets.keytab And yes, its possible that after the copy some rights are wrong. My output, for the "none" root:root folders. ls -al /var/lib/samba/ | egrep "dns|winbind|ntp|private|user|sysvol" drwxr-x--- 2 root ntp 4096 Aug 10 11:46 ntp_signd drwxr-xr-x 8 root root 4096 Aug 11 14:11 private drwxrwx---+ 3 root BUILTIN\administrators 4096 Apr 28 2015 sysvol drwxrwx--T 2 root sambashare 4096 May 6 2016 usershares -rw------- 1 root root 286720 Aug 11 14:11 winbindd_cache.tdb drwxr-x--- 2 root winbindd_priv 4096 Aug 10 11:46 winbindd_privileged And ls -al /var/lib/samba/private/ | egrep "dns|sam" drwxrwx--- 3 root bind 4096 Aug 11 13:06 dns -rw-r----- 1 root bind 877 Apr 28 2015 dns.keytab -rw------- 1 root root 2195 Apr 28 2015 dns_update_cache -rw-r--r-- 1 root root 3183 Apr 28 2015 dns_update_list -rw------- 1 root root 4247552 Jun 1 2015 sam.ldb drwxr-x--- 2 root bind 4096 Aug 11 13:06 sam.ldb.d Can you check these? @Vladimir, you dont have bind installed so your rights my differ a bit. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Ing. Luis Felipe Domínguez Vega > [mailto:luis.dominguez at mtz.desoft.cu] > Verzonden: vrijdag 11 augustus 2017 14:02 > Aan: L.P.H. van Belle; samba > Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR and cannot > join windows 7 samba4-ad-dc fresh install, get > NT_STATUS_INTERNAL_ERROR > > This is with -d10, I test in Windows 10 (joining to domain) > and same error, "Internal error". One thing, I don't execute > the domain provision command because I put all the files > created in the old server into the new server, that's metter??? > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows > limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter netbios name = DC > doing parameter realm = MTZ.DESOFT.CU > doing parameter server services = s3fs, rpc, nbt, wrepl, > ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate > doing parameter workgroup = MTZ doing parameter server role = > active directory domain controller doing parameter > idmap_ldb:use rfc2307 = yes doing parameter client ldap sasl > wrapping = sign doing parameter ldap server require strong > auth = No doing parameter full_audit:prefix = %u|%I|%S doing > parameter full_audit:failure = connect doing parameter > full_audit:success = connect disconnect opendir mkdir rmdir > closedir open close read pread write pwrite sendfile rename > unlink chmod fchmod chown fchown chdir ftruncate lock symlink > readlink link mknod realpath doing parameter > full_audit:facility = local5 doing parameter > full_audit:priority = notice doing parameter tls enabled = > yes doing parameter tls certfile = > /var/lib/samba/private/tls/dc-cert.pem > doing parameter tls keyfile = > /var/lib/samba/private/tls/secure/dc-privkey.pem > doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem > doing parameter tls crlfile = > /var/lib/samba/private/tls/mtz.desoft.cu.crl > doing parameter tls dhparams file = > /var/lib/samba/private/tls/dc-dhparams.pem > doing parameter ntlm auth = yes > doing parameter winbind max clients = 10000 doing parameter > min protocol = SMB2 > pm_process() returned Yes > lp_servicenumber: couldn't find homes > added interface eth1 > ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= > netmask=ffff:ffff:ffff:ffff:: > added interface eth1 ip=10.11.0.1 bcast=10.11.0.255 > netmask=255.255.255.0 added interface eth0 ip=192.168.0.1 > bcast=192.168.0.255 netmask=255.255.255.0 Netbios name list:- > my_netbios_names[0]="DC" > Client started (version 4.5.8-Debian). > Opening cache file at /var/cache/samba/gencache.tdb Opening > cache file at /var/run/samba/gencache_notrans.tdb > Adding cache entry with > key=[AD_SITENAME/DOMAIN/MTZ.DESOFT.CU] and timeout=[Thu Jan > 1 00:00:00 1970 UTC] (-1502452663 seconds in the past) > sitename_fetch: No stored sitename for realm 'MTZ.DESOFT.CU' > internal_resolve_name: looking up dc.mtz.desoft.cu#20 > (sitename (null)) Adding cache entry with > key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Thu Jan 1 > 00:00:00 1970 UTC] (-1502452663 seconds in the past) no entry > for dc.mtz.desoft.cu#20 found. > resolve_hosts: Attempting host lookup for name dc.mtz.desoft.cu<0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 1 address for dc.mtz.desoft.cu#20: > 192.168.0.1 Adding cache entry with > key=[NBT/DC.MTZ.DESOFT.CU#20] and timeout=[Fri Aug 11 > 12:08:43 2017 UTC] (660 seconds ahead) > internal_resolve_name: returning 1 addresses: 192.168.0.1:0 > Connecting to 192.168.0.1 at port 445 Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 2626560 > SO_RCVBUF = 1061808 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > session request ok > Doing spnego session setup (blob length=96) got > OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got > OID=1.3.6.1.4.1.311.2.2.10 got > principal=not_defined_in_RFC4178 at please_ignore > cli_session_setup_spnego: using target hostname not SPNEGO principal > cli_session_setup_spnego: guessed server > principal=cifs/dc.mtz.desoft.cu at MTZ.DESOFT.CU > GENSEC backend 'gssapi_spnego' registered GENSEC backend > 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' > registered GENSEC backend 'spnego' registered GENSEC backend > 'schannel' registered GENSEC backend 'naclrpc_as_system' > registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC > backend 'ntlmssp' registered GENSEC backend > 'ntlmssp_resume_ccache' registered GENSEC backend > 'http_basic' registered GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered GENSEC backend > 'fake_gssapi_krb5' registered Starting GENSEC mechanism > spnego Starting GENSEC submechanism gse_krb5 > gss_init_sec_context failed with [ The context has expired: Success] > SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: > NT_STATUS_INTERNAL_ERROR Failed to setup SPNEGO negTokenInit > request: NT_STATUS_INTERNAL_ERROR SPNEGO login failed: An > internal error occurred. > session setup failed: NT_STATUS_INTERNAL_ERROR > > > ----- Mensaje original ----- > De: "samba" <samba at lists.samba.org> > Para: "samba" <samba at lists.samba.org> > Enviados: Viernes, 11 de Agosto 2017 4:29:32 > Asunto: [Samba] NT_STATUS_INTERNAL_ERROR and cannot join > windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR > > Hai, > > We have 2 persons with exact the same problem. > Based on the configs shown by both personsn (Vladimir and Ing. Luis). > I dont see issues which should case this, so as Andrew > suggest, keep increasing the debug levels and post these. > Lets hope we see something here, im bit puzzled about this one. > > > Greetz, > > Louis > > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: donderdag 10 augustus 2017 22:43 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] NT_STATUS_INTERNAL_ERROR > > > > On Thu, 10 Aug 2017 15:43:10 -0400 (CDT) Ing. Luis Felipe > > Domínguez Vega via samba <samba at lists.samba.org> wrote: > > > > > Hello, a short history, I am using samba 4 with Debian 9 from the > > > repository, 2 days ago the server was broken, but I was > > copy all the > > > /var/lib/samba directory to a safe place, then I was > > installed a new > > > server with the same Debian and samba from repository, > and stopped > > > smbd, nmbd and winbind, unmask samba-ad-dc and finally > > copied all the > > > directory from the old server to the new server and started > > the samba, > > > all works fine, the bind is integrated with samba_dlz, > etc. But now > > > when i go to join a Windows 7 PC to the domain show an error with > > > "Internal Error". Inside the AD server i put this command > > > > > > > Did you use exactly the same FQDN and ipaddress for the new > computer ? > > > > > > > > tls enabled = yes > > > tls certfile = /var/lib/samba/private/tls/dc-cert.pem > > > tls keyfile = > > /var/lib/samba/private/tls/secure/dc-privkey.pem > > > tls cafile = /var/lib/samba/private/tls/cacert.pem > > > tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl > > > tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem > > > > > > > You could try recreating the cert files. > > > > Rowland > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > Luis Felipe Dominguez Vega > System Administration in Desoft Matanzas | Mob: [ > tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | > www.desoft.cu ] > [ https://www.facebook.com/lfdominguez0104 | ] [ > https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47 > 725794/ | ] [ https://twitter.com/LuisFelipeDV1 | ] > >
Apparently Analagous Threads
- NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- Error with samba update in debian.
- NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- strange auth issue
- NT_STATUS_INTERNAL_ERROR and cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR