Richard Connon
2017-Oct-04 21:14 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
Hi, I have a samba 4.5.8 AD DC (debian 9.1 package) which is having problems with RPC requests. This DC has been updated from the wheezy-backports package (4.1.17) via the jessie package (4.2.14) but I'm not sure if RPC worked immediately before the upgrade either since most of the time it only serves LDAP and krb5. Connecting using RSAT from windows gives "RPC Server Unavailable" message. To try and isolate the problem I firewalled traffic from all but one host and attempted to connect using rpcclient. From this I see NT_STATUS_INTERNAL_ERROR Attached are files containing the output from rpcclient, the logs from samba and smbd and the smb.conf from the client and the AD DC. The logs are all at log level 3 but I can re-generate them at a higher debug level if someone thinks this may be helpful. The internal error seems to be shown in the smbd log but there's nothing which really indicates (to me) what might have gone wrong to cause it. Anyone have any ideas? -------------- next part -------------- [2017/10/04 20:44:27.320667, 3] ../source3/param/loadparm.c:3739(lp_load_ex) lp_load_ex: refreshing parameters [2017/10/04 20:44:27.320711, 3] ../source3/param/loadparm.c:542(init_globals) Initialising global parameters [2017/10/04 20:44:27.320760, 3] ../source3/param/loadparm.c:2668(lp_do_section) Processing section "[global]" [2017/10/04 20:44:27.320833, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[netlogon]" [2017/10/04 20:44:27.320864, 2] ../source3/param/loadparm.c:2685(lp_do_section) Processing section "[sysvol]" [2017/10/04 20:44:27.320898, 3] ../source3/param/loadparm.c:1585(lp_add_ipc) adding IPC service [2017/10/04 20:44:27.321111, 2] ../source3/lib/interface.c:345(add_interface) added interface eth1 ip=2001:67c:248c:233::c bcast= netmask=ffff:ffff:ffff:ffff:: [2017/10/04 20:44:27.321125, 2] ../source3/lib/interface.c:345(add_interface) added interface eth0 ip=10.10.0.12 bcast=10.10.0.255 netmask=255.255.255.0 [2017/10/04 20:44:27.321151, 3] ../source3/smbd/server.c:1705(main) loaded services [2017/10/04 20:44:27.321183, 1] ../source3/profile/profile_dummy.c:30(set_profile_level) INFO: Profiling support unavailable in this build. [2017/10/04 20:44:27.321195, 3] ../source3/smbd/server.c:1737(main) Becoming a daemon. [2017/10/04 20:44:27.831804, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of idmap.ldb [2017/10/04 20:44:27.882942, 3] ../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg) Initialise the svcctl registry keys if needed. [2017/10/04 20:44:27.885064, 3] ../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg) Initialise the eventlog registry keys if needed. [2017/10/04 20:44:27.894323, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'smbd' finished starting up and ready to serve connections [2017/10/04 20:44:27.895189, 2] ../source3/smbd/server.c:1382(smbd_parent_loop) waiting for connections [2017/10/04 20:44:36.308569, 3] ../source3/lib/access.c:338(allow_access) Allowed connection from 10.10.0.11 (10.10.0.11) [2017/10/04 20:44:36.308713, 3] ../source3/smbd/oplock.c:1322(init_oplocks) init_oplocks: initializing messages. [2017/10/04 20:44:36.308877, 3] ../source3/smbd/process.c:1957(process_smb) Transaction 0 of length 88 (0 toread) [2017/10/04 20:44:36.308907, 3] ../source3/smbd/process.c:1538(switch_message) switch message SMBnegprot (pid 9055) conn 0x0 [2017/10/04 20:44:36.310049, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [NT LANMAN 1.0] [2017/10/04 20:44:36.310081, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [NT LM 0.12] [2017/10/04 20:44:36.310089, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.002] [2017/10/04 20:44:36.310093, 3] ../source3/smbd/negprot.c:603(reply_negprot) Requested protocol [SMB 2.???] [2017/10/04 20:44:36.310187, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB2_FF [2017/10/04 20:44:36.313276, 2] ../lib/util/modules.c:196(do_smb_load_module) Module 'samba4' loaded [2017/10/04 20:44:36.314350, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_spnego' registered [2017/10/04 20:44:36.314373, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_krb5' registered [2017/10/04 20:44:36.314383, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2017/10/04 20:44:36.314393, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'spnego' registered [2017/10/04 20:44:36.314410, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'schannel' registered [2017/10/04 20:44:36.314422, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2017/10/04 20:44:36.314435, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2017/10/04 20:44:36.314448, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'ntlmssp' registered [2017/10/04 20:44:36.314472, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2017/10/04 20:44:36.314485, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'http_basic' registered [2017/10/04 20:44:36.314498, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'http_ntlm' registered [2017/10/04 20:44:36.314510, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'krb5' registered [2017/10/04 20:44:36.314526, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2017/10/04 20:44:36.315859, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/10/04 20:44:36.316521, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'sam' registered [2017/10/04 20:44:36.316535, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'sam_ignoredomain' registered [2017/10/04 20:44:36.316544, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'anonymous' registered [2017/10/04 20:44:36.316549, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'winbind' registered [2017/10/04 20:44:36.316554, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'winbind_wbclient' registered [2017/10/04 20:44:36.316565, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'name_to_ntstatus' registered [2017/10/04 20:44:36.316578, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'unix' registered [2017/10/04 20:44:36.320048, 3] ../source3/smbd/negprot.c:730(reply_negprot) Selected protocol SMB 2.??? [2017/10/04 20:44:36.323093, 3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot) Selected protocol SMB3_02 [2017/10/04 20:44:36.323413, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/10/04 20:44:36.327230, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2017/10/04 20:44:36.328706, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62088215 [2017/10/04 20:44:36.330092, 3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth) Got user=[richard] domain=[CONNON] workstation=[SHELL02] len1=24 len2=284 [2017/10/04 20:44:36.330134, 3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send) auth_check_password_send: Checking password for unmapped user [CONNON]\[richard]@[SHELL02] auth_check_password_send: mapped user is: [CONNON]\[richard]@[SHELL02] [2017/10/04 20:44:36.336080, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2017/10/04 20:44:36.336109, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62088215 [2017/10/04 20:44:36.336139, 3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset) NTLMSSP Sign/Seal - Initialising with flags: [2017/10/04 20:44:36.336146, 3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62088215 [2017/10/04 20:44:36.345588, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of privilege.ldb [2017/10/04 20:44:36.346091, 3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex) smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INTERNAL_ERROR] || at ../source3/smbd/smb2_sesssetup.c:134 [2017/10/04 20:44:36.347884, 3] ../source3/smbd/server_exit.c:246(exit_server_common) Server exit (NT_STATUS_END_OF_FILE) [2017/10/04 20:44:36.353707, 3] ../source3/lib/util_procid.c:54(pid_to_procid) pid_to_procid: messaging_dgm_get_unique failed: No such file or directory -------------- next part -------------- [2017/10/04 20:44:26.982686, 0] ../source4/smbd/server.c:372(binary_smbd_main) samba version 4.5.8-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2016 [2017/10/04 20:44:26.983323, 3] ../source4/smbd/server.c:383(binary_smbd_main) Becoming a daemon. [2017/10/04 20:44:26.985861, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_spnego' registered [2017/10/04 20:44:26.985886, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_krb5' registered [2017/10/04 20:44:26.985893, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2017/10/04 20:44:26.985898, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'spnego' registered [2017/10/04 20:44:26.985903, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'schannel' registered [2017/10/04 20:44:26.985908, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'naclrpc_as_system' registered [2017/10/04 20:44:26.985913, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'sasl-EXTERNAL' registered [2017/10/04 20:44:26.985918, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'ntlmssp' registered [2017/10/04 20:44:26.985924, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'ntlmssp_resume_ccache' registered [2017/10/04 20:44:26.985932, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'http_basic' registered [2017/10/04 20:44:26.985941, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'http_ntlm' registered [2017/10/04 20:44:26.985947, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'krb5' registered [2017/10/04 20:44:26.985952, 3] ../auth/gensec/gensec_start.c:908(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2017/10/04 20:44:26.986321, 3] ../source4/smbd/process_model.c:97(register_process_model) PROCESS_MODEL 'single' registered [2017/10/04 20:44:26.986337, 3] ../source4/smbd/process_model.c:97(register_process_model) PROCESS_MODEL 'standard' registered [2017/10/04 20:44:27.010314, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'sam' registered [2017/10/04 20:44:27.010353, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'sam_ignoredomain' registered [2017/10/04 20:44:27.010359, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'anonymous' registered [2017/10/04 20:44:27.010364, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'winbind' registered [2017/10/04 20:44:27.010369, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'winbind_wbclient' registered [2017/10/04 20:44:27.010373, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'name_to_ntstatus' registered [2017/10/04 20:44:27.010378, 3] ../source4/auth/ntlm/auth.c:675(auth_register) AUTH backend 'unix' registered [2017/10/04 20:44:27.133366, 3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect) ldb_wrap open of privilege.ldb [2017/10/04 20:44:27.133573, 0] ../source4/smbd/server.c:479(binary_smbd_main) samba: using 'standard' process model samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. [2017/10/04 20:44:27.141201, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'rpcecho' registered [2017/10/04 20:44:27.141256, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'epmapper' registered [2017/10/04 20:44:27.141266, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'remote' registered [2017/10/04 20:44:27.141780, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'wkssvc' registered [2017/10/04 20:44:27.141801, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'unixinfo' registered [2017/10/04 20:44:27.141824, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'samr' registered [2017/10/04 20:44:27.141836, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'netlogon' registered [2017/10/04 20:44:27.141855, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'dssetup' registered [2017/10/04 20:44:27.141871, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'lsarpc' registered [2017/10/04 20:44:27.141886, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'backupkey' registered [2017/10/04 20:44:27.141898, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'drsuapi' registered [2017/10/04 20:44:27.141909, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'browser' registered [2017/10/04 20:44:27.141926, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'eventlog6' registered [2017/10/04 20:44:27.141941, 3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server) DCERPC endpoint server 'dnsserver' registered samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. [2017/10/04 20:44:27.177803, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions) dreplsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.177863, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions) dreplsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.177882, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions) dreplsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.177899, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions) dreplsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.177922, 2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions) dreplsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. [2017/10/04 20:44:27.193116, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions) kccsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.193155, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions) kccsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.193165, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions) kccsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.193179, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions) kccsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.193194, 2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions) kccsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded [2017/10/04 20:44:27.206309, 0] ../lib/util/become_daemon.c:124(daemon_ready) STATUS=daemon 'samba' finished starting up and ready to serve connections samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor. [2017/10/04 20:44:27.209907, 3] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_check_names) Calling DNS name update script [2017/10/04 20:44:27.220238, 3] ../source4/dsdb/dns/dns_update.c:345(dnsupdate_check_names) Calling SPN name update script [2017/10/04 20:44:28.198435, 3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler) Child /usr/sbin/samba_spnupdate exited with status 0 [2017/10/04 20:44:28.198504, 3] ../source4/dsdb/dns/dns_update.c:315(dnsupdate_spnupdate_done) Completed SPN update check OK [2017/10/04 20:44:28.328796, 3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler) Child /usr/sbin/samba_dnsupdate exited with status 0 [2017/10/04 20:44:28.328854, 3] ../source4/dsdb/dns/dns_update.c:292(dnsupdate_nameupdate_done) Completed DNS update check OK [2017/10/04 20:44:31.149029, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered DC01<00> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:31.149137, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered DC01<03> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:31.149167, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered DC01<20> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:31.149183, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered CONNON<1b> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:31.149199, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered CONNON<1c> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:31.149213, 3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler) Registered CONNON<00> with 10.10.0.12 on interface 10.10.0.255 [2017/10/04 20:44:42.205290, 2] ../source4/dsdb/kcc/kcc_periodic.c:711(kccsrv_samba_kcc) Calling samba_kcc script [2017/10/04 20:44:42.215313, 1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part) Doing a full scan on DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects [2017/10/04 20:44:42.223303, 1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part) Doing a full scan on DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects [2017/10/04 20:44:42.229635, 1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part) Doing a full scan on DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects [2017/10/04 20:44:42.266468, 1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part) Doing a full scan on CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects [2017/10/04 20:44:42.381205, 0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler) /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb [2017/10/04 20:44:42.595155, 3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler) Child /usr/sbin/samba_kcc exited with status 0 [2017/10/04 20:44:42.595220, 3] ../source4/dsdb/kcc/kcc_periodic.c:696(samba_kcc_done) Completed samba_kcc OK -------------- next part -------------- lp_load_ex: refreshing parameters Initialising global parameters Processing section "[global]" added interface eth0 ip=2001:67c:248c:233::b bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.10.0.11 bcast=10.10.0.255 netmask=255.255.255.0 invalid ownership on directory /var/cache/samba/lck messaging_dgm_lockfile_create: Could not create lock directory: No such file or directory messaging_dgm_init: messaging_dgm_create_lockfile failed: No such file or directory messaging_dgm_init failed: No such file or directory Enter richard's password: Connecting to 10.10.0.12 at port 445 Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 SPNEGO login failed: An internal error occurred. Cannot connect to server. Error was NT_STATUS_INTERNAL_ERROR -------------- next part -------------- [global] security = ads netbios name = SHELL02 realm = ADS.CONNON.ME.UK workgroup = CONNON private dir = /var/lib/samba/private dedicated keytab file = /etc/krb5.keytab kerberos method = dedicated keytab -------------- next part -------------- [global] log level = 2 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes netbios name = DC01 realm = ADS.CONNON.ME.UK workgroup = CONNON server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate dedicated keytab file = /etc/krb5.keytab kerberos method = dedicated keytab dsdb:schema update allowed = Yes [netlogon] path = /var/lib/samba/sysvol/ads.connon.me.uk/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No
Richard Connon
2017-Oct-16 16:01 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
To try and narrow down this issue I tried to setup a test environment using two fresh install Debian 9.2 VMs, now running samba 4.5.12 since it was updated in Debian. I provisioned a new domain using `samba-tool domain provision` on the first VM, let it generate the smb.conf itself, and configured it using the BIND9_DLZ DNS backend. I tried to join the domain using a second Debian 9.2 VM using `net ads join -UAdministrator` after setting the DNS resolver to be the test DC and synchronising with NTP on the DC. This failed with the error: "Failed to join domain: failed to lookup DC info for domain 'ADS.TEST.LOCAL' over rpc: An internal error occurred." Finally, I tried to connect to RPC on the DC using `rpcclient` which failed, as before, with NT_STATUS_INTERNAL_ERROR. Is there some inherent problem with the Debian packages and the RPC server component of the DC? Alternatively, is there somewhere else I should be looking for the root cause of this? Regards, Richard On 04/10/2017 22:14, Richard Connon wrote:> Hi, > > I have a samba 4.5.8 AD DC (debian 9.1 package) which is having > problems with RPC requests. This DC has been updated from the > wheezy-backports package (4.1.17) via the jessie package (4.2.14) but > I'm not sure if RPC worked immediately before the upgrade either since > most of the time it only serves LDAP and krb5. > > Connecting using RSAT from windows gives "RPC Server Unavailable" > message. > > To try and isolate the problem I firewalled traffic from all but one > host and attempted to connect using rpcclient. From this I see > NT_STATUS_INTERNAL_ERROR > > Attached are files containing the output from rpcclient, the logs from > samba and smbd and the smb.conf from the client and the AD DC. The > logs are all at log level 3 but I can re-generate them at a higher > debug level if someone thinks this may be helpful. > > The internal error seems to be shown in the smbd log but there's > nothing which really indicates (to me) what might have gone wrong to > cause it. > > Anyone have any ideas? >
Rowland Penny
2017-Oct-16 16:26 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
On Mon, 16 Oct 2017 17:01:29 +0100 Richard Connon via samba <samba at lists.samba.org> wrote:> To try and narrow down this issue I tried to setup a test environment > using two fresh install Debian 9.2 VMs, now running samba 4.5.12 > since it was updated in Debian. > > I provisioned a new domain using `samba-tool domain provision` on the > first VM, let it generate the smb.conf itself, and configured it > using the BIND9_DLZ DNS backend. > > I tried to join the domain using a second Debian 9.2 VM using `net > ads join -UAdministrator` after setting the DNS resolver to be the > test DC and synchronising with NTP on the DC. This failed with the > error: > > "Failed to join domain: failed to lookup DC info for domain > 'ADS.TEST.LOCAL' over rpc: An internal error occurred." > > Finally, I tried to connect to RPC on the DC using `rpcclient` which > failed, as before, with NT_STATUS_INTERNAL_ERROR. > > Is there some inherent problem with the Debian packages and the RPC > server component of the DC? Alternatively, is there somewhere else I > should be looking for the root cause of this? >This isn't a known problem with the debian packages, it should work. Can you post the provision command you used on the DC. I know you posted the smb.conf from a DC before, but can you post it again. Can you post the following files: /etc/resolv.conf /etc/hostname /etc/hosts /etc/krb5.conf From both the DC and the domain member The named.conf files from the DC and finally the smb.conf from the domain member. Rowland
Possibly Parallel Threads
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Second DC won't start LDAP daemon
- Samba 4.8 RODC not working