Richard Connon
2017-Oct-04 21:14 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
Hi,
I have a samba 4.5.8 AD DC (debian 9.1 package) which is having problems
with RPC requests. This DC has been updated from the wheezy-backports
package (4.1.17) via the jessie package (4.2.14) but I'm not sure if RPC
worked immediately before the upgrade either since most of the time it
only serves LDAP and krb5.
Connecting using RSAT from windows gives "RPC Server Unavailable"
message.
To try and isolate the problem I firewalled traffic from all but one
host and attempted to connect using rpcclient. From this I see
NT_STATUS_INTERNAL_ERROR
Attached are files containing the output from rpcclient, the logs from
samba and smbd and the smb.conf from the client and the AD DC. The logs
are all at log level 3 but I can re-generate them at a higher debug
level if someone thinks this may be helpful.
The internal error seems to be shown in the smbd log but there's nothing
which really indicates (to me) what might have gone wrong to cause it.
Anyone have any ideas?
-------------- next part --------------
[2017/10/04 20:44:27.320667, 3] ../source3/param/loadparm.c:3739(lp_load_ex)
lp_load_ex: refreshing parameters
[2017/10/04 20:44:27.320711, 3] ../source3/param/loadparm.c:542(init_globals)
Initialising global parameters
[2017/10/04 20:44:27.320760, 3] ../source3/param/loadparm.c:2668(lp_do_section)
Processing section "[global]"
[2017/10/04 20:44:27.320833, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[netlogon]"
[2017/10/04 20:44:27.320864, 2] ../source3/param/loadparm.c:2685(lp_do_section)
Processing section "[sysvol]"
[2017/10/04 20:44:27.320898, 3] ../source3/param/loadparm.c:1585(lp_add_ipc)
adding IPC service
[2017/10/04 20:44:27.321111, 2] ../source3/lib/interface.c:345(add_interface)
added interface eth1 ip=2001:67c:248c:233::c bcast=
netmask=ffff:ffff:ffff:ffff::
[2017/10/04 20:44:27.321125, 2] ../source3/lib/interface.c:345(add_interface)
added interface eth0 ip=10.10.0.12 bcast=10.10.0.255 netmask=255.255.255.0
[2017/10/04 20:44:27.321151, 3] ../source3/smbd/server.c:1705(main)
loaded services
[2017/10/04 20:44:27.321183, 1]
../source3/profile/profile_dummy.c:30(set_profile_level)
INFO: Profiling support unavailable in this build.
[2017/10/04 20:44:27.321195, 3] ../source3/smbd/server.c:1737(main)
Becoming a daemon.
[2017/10/04 20:44:27.831804, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of idmap.ldb
[2017/10/04 20:44:27.882942, 3]
../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg)
Initialise the svcctl registry keys if needed.
[2017/10/04 20:44:27.885064, 3]
../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg)
Initialise the eventlog registry keys if needed.
[2017/10/04 20:44:27.894323, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'smbd' finished starting up and ready to serve
connections
[2017/10/04 20:44:27.895189, 2] ../source3/smbd/server.c:1382(smbd_parent_loop)
waiting for connections
[2017/10/04 20:44:36.308569, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 10.10.0.11 (10.10.0.11)
[2017/10/04 20:44:36.308713, 3] ../source3/smbd/oplock.c:1322(init_oplocks)
init_oplocks: initializing messages.
[2017/10/04 20:44:36.308877, 3] ../source3/smbd/process.c:1957(process_smb)
Transaction 0 of length 88 (0 toread)
[2017/10/04 20:44:36.308907, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 9055) conn 0x0
[2017/10/04 20:44:36.310049, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [NT LANMAN 1.0]
[2017/10/04 20:44:36.310081, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [NT LM 0.12]
[2017/10/04 20:44:36.310089, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [SMB 2.002]
[2017/10/04 20:44:36.310093, 3] ../source3/smbd/negprot.c:603(reply_negprot)
Requested protocol [SMB 2.???]
[2017/10/04 20:44:36.310187, 3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2017/10/04 20:44:36.313276, 2] ../lib/util/modules.c:196(do_smb_load_module)
Module 'samba4' loaded
[2017/10/04 20:44:36.314350, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2017/10/04 20:44:36.314373, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2017/10/04 20:44:36.314383, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2017/10/04 20:44:36.314393, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'spnego' registered
[2017/10/04 20:44:36.314410, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'schannel' registered
[2017/10/04 20:44:36.314422, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2017/10/04 20:44:36.314435, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2017/10/04 20:44:36.314448, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp' registered
[2017/10/04 20:44:36.314472, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/10/04 20:44:36.314485, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_basic' registered
[2017/10/04 20:44:36.314498, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_ntlm' registered
[2017/10/04 20:44:36.314510, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'krb5' registered
[2017/10/04 20:44:36.314526, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2017/10/04 20:44:36.315859, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.316521, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam' registered
[2017/10/04 20:44:36.316535, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2017/10/04 20:44:36.316544, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'anonymous' registered
[2017/10/04 20:44:36.316549, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind' registered
[2017/10/04 20:44:36.316554, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind_wbclient' registered
[2017/10/04 20:44:36.316565, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2017/10/04 20:44:36.316578, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'unix' registered
[2017/10/04 20:44:36.320048, 3] ../source3/smbd/negprot.c:730(reply_negprot)
Selected protocol SMB 2.???
[2017/10/04 20:44:36.323093, 3]
../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
Selected protocol SMB3_02
[2017/10/04 20:44:36.323413, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.327230, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.328706, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.330092, 3]
../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
Got user=[richard] domain=[CONNON] workstation=[SHELL02] len1=24 len2=284
[2017/10/04 20:44:36.330134, 3]
../source4/auth/ntlm/auth.c:271(auth_check_password_send)
auth_check_password_send: Checking password for unmapped user
[CONNON]\[richard]@[SHELL02]
auth_check_password_send: mapped user is: [CONNON]\[richard]@[SHELL02]
[2017/10/04 20:44:36.336080, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2017/10/04 20:44:36.336109, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.336139, 3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
NTLMSSP Sign/Seal - Initialising with flags:
[2017/10/04 20:44:36.336146, 3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.345588, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of privilege.ldb
[2017/10/04 20:44:36.346091, 3]
../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_INTERNAL_ERROR] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/10/04 20:44:36.347884, 3]
../source3/smbd/server_exit.c:246(exit_server_common)
Server exit (NT_STATUS_END_OF_FILE)
[2017/10/04 20:44:36.353707, 3] ../source3/lib/util_procid.c:54(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
-------------- next part --------------
[2017/10/04 20:44:26.982686, 0] ../source4/smbd/server.c:372(binary_smbd_main)
samba version 4.5.8-Debian started.
Copyright Andrew Tridgell and the Samba Team 1992-2016
[2017/10/04 20:44:26.983323, 3] ../source4/smbd/server.c:383(binary_smbd_main)
Becoming a daemon.
[2017/10/04 20:44:26.985861, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2017/10/04 20:44:26.985886, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2017/10/04 20:44:26.985893, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2017/10/04 20:44:26.985898, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'spnego' registered
[2017/10/04 20:44:26.985903, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'schannel' registered
[2017/10/04 20:44:26.985908, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2017/10/04 20:44:26.985913, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2017/10/04 20:44:26.985918, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp' registered
[2017/10/04 20:44:26.985924, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/10/04 20:44:26.985932, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_basic' registered
[2017/10/04 20:44:26.985941, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'http_ntlm' registered
[2017/10/04 20:44:26.985947, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'krb5' registered
[2017/10/04 20:44:26.985952, 3]
../auth/gensec/gensec_start.c:908(gensec_register)
GENSEC backend 'fake_gssapi_krb5' registered
[2017/10/04 20:44:26.986321, 3]
../source4/smbd/process_model.c:97(register_process_model)
PROCESS_MODEL 'single' registered
[2017/10/04 20:44:26.986337, 3]
../source4/smbd/process_model.c:97(register_process_model)
PROCESS_MODEL 'standard' registered
[2017/10/04 20:44:27.010314, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam' registered
[2017/10/04 20:44:27.010353, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'sam_ignoredomain' registered
[2017/10/04 20:44:27.010359, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'anonymous' registered
[2017/10/04 20:44:27.010364, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind' registered
[2017/10/04 20:44:27.010369, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind_wbclient' registered
[2017/10/04 20:44:27.010373, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2017/10/04 20:44:27.010378, 3] ../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'unix' registered
[2017/10/04 20:44:27.133366, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of privilege.ldb
[2017/10/04 20:44:27.133573, 0] ../source4/smbd/server.c:479(binary_smbd_main)
samba: using 'standard' process model
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
[2017/10/04 20:44:27.141201, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'rpcecho' registered
[2017/10/04 20:44:27.141256, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'epmapper' registered
[2017/10/04 20:44:27.141266, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'remote' registered
[2017/10/04 20:44:27.141780, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'wkssvc' registered
[2017/10/04 20:44:27.141801, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'unixinfo' registered
[2017/10/04 20:44:27.141824, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'samr' registered
[2017/10/04 20:44:27.141836, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'netlogon' registered
[2017/10/04 20:44:27.141855, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'dssetup' registered
[2017/10/04 20:44:27.141871, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'lsarpc' registered
[2017/10/04 20:44:27.141886, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'backupkey' registered
[2017/10/04 20:44:27.141898, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'drsuapi' registered
[2017/10/04 20:44:27.141909, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'browser' registered
[2017/10/04 20:44:27.141926, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'eventlog6' registered
[2017/10/04 20:44:27.141941, 3]
../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
DCERPC endpoint server 'dnsserver' registered
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
[2017/10/04 20:44:27.177803, 2]
../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177863, 2]
../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk]
loaded
[2017/10/04 20:44:27.177882, 2]
../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177899, 2]
../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177922, 2]
../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
dreplsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
[2017/10/04 20:44:27.193116, 2]
../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk]
loaded
[2017/10/04 20:44:27.193155, 2]
../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193165, 2]
../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193179, 2]
../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193194, 2]
../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
kccsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.206309, 0] ../lib/util/become_daemon.c:124(daemon_ready)
STATUS=daemon 'samba' finished starting up and ready to serve
connections
samba: setproctitle not initialized, please either call setproctitle_init() or
link against libbsd-ctor.
[2017/10/04 20:44:27.209907, 3]
../source4/dsdb/dns/dns_update.c:330(dnsupdate_check_names)
Calling DNS name update script
[2017/10/04 20:44:27.220238, 3]
../source4/dsdb/dns/dns_update.c:345(dnsupdate_check_names)
Calling SPN name update script
[2017/10/04 20:44:28.198435, 3]
../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
Child /usr/sbin/samba_spnupdate exited with status 0
[2017/10/04 20:44:28.198504, 3]
../source4/dsdb/dns/dns_update.c:315(dnsupdate_spnupdate_done)
Completed SPN update check OK
[2017/10/04 20:44:28.328796, 3]
../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
Child /usr/sbin/samba_dnsupdate exited with status 0
[2017/10/04 20:44:28.328854, 3]
../source4/dsdb/dns/dns_update.c:292(dnsupdate_nameupdate_done)
Completed DNS update check OK
[2017/10/04 20:44:31.149029, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DC01<00> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149137, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DC01<03> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149167, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered DC01<20> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149183, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered CONNON<1b> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149199, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered CONNON<1c> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149213, 3]
../source4/nbt_server/register.c:155(nbtd_register_name_handler)
Registered CONNON<00> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:42.205290, 2]
../source4/dsdb/kcc/kcc_periodic.c:711(kccsrv_samba_kcc)
Calling samba_kcc script
[2017/10/04 20:44:42.215313, 1]
../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
Doing a full scan on DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk and
looking for deleted objects
[2017/10/04 20:44:42.223303, 1]
../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
Doing a full scan on DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk and
looking for deleted objects
[2017/10/04 20:44:42.229635, 1]
../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
Doing a full scan on DC=ads,DC=connon,DC=me,DC=uk and looking for deleted
objects
[2017/10/04 20:44:42.266468, 1]
../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
Doing a full scan on CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk and looking
for deleted objects
[2017/10/04 20:44:42.381205, 0]
../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
/usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
[2017/10/04 20:44:42.595155, 3]
../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
Child /usr/sbin/samba_kcc exited with status 0
[2017/10/04 20:44:42.595220, 3]
../source4/dsdb/kcc/kcc_periodic.c:696(samba_kcc_done)
Completed samba_kcc OK
-------------- next part --------------
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
added interface eth0 ip=2001:67c:248c:233::b bcast=
netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.10.0.11 bcast=10.10.0.255 netmask=255.255.255.0
invalid ownership on directory /var/cache/samba/lck
messaging_dgm_lockfile_create: Could not create lock directory: No such file or
directory
messaging_dgm_init: messaging_dgm_create_lockfile failed: No such file or
directory
messaging_dgm_init failed: No such file or directory
Enter richard's password:
Connecting to 10.10.0.12 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: An internal error occurred.
Cannot connect to server. Error was NT_STATUS_INTERNAL_ERROR
-------------- next part --------------
[global]
security = ads
netbios name = SHELL02
realm = ADS.CONNON.ME.UK
workgroup = CONNON
private dir = /var/lib/samba/private
dedicated keytab file = /etc/krb5.keytab
kerberos method = dedicated keytab
-------------- next part --------------
[global]
log level = 2
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
netbios name = DC01
realm = ADS.CONNON.ME.UK
workgroup = CONNON
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
ntp_signd, kcc, dnsupdate
dedicated keytab file = /etc/krb5.keytab
kerberos method = dedicated keytab
dsdb:schema update allowed = Yes
[netlogon]
path = /var/lib/samba/sysvol/ads.connon.me.uk/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Richard Connon
2017-Oct-16 16:01 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
To try and narrow down this issue I tried to setup a test environment using two fresh install Debian 9.2 VMs, now running samba 4.5.12 since it was updated in Debian. I provisioned a new domain using `samba-tool domain provision` on the first VM, let it generate the smb.conf itself, and configured it using the BIND9_DLZ DNS backend. I tried to join the domain using a second Debian 9.2 VM using `net ads join -UAdministrator` after setting the DNS resolver to be the test DC and synchronising with NTP on the DC. This failed with the error: "Failed to join domain: failed to lookup DC info for domain 'ADS.TEST.LOCAL' over rpc: An internal error occurred." Finally, I tried to connect to RPC on the DC using `rpcclient` which failed, as before, with NT_STATUS_INTERNAL_ERROR. Is there some inherent problem with the Debian packages and the RPC server component of the DC? Alternatively, is there somewhere else I should be looking for the root cause of this? Regards, Richard On 04/10/2017 22:14, Richard Connon wrote:> Hi, > > I have a samba 4.5.8 AD DC (debian 9.1 package) which is having > problems with RPC requests. This DC has been updated from the > wheezy-backports package (4.1.17) via the jessie package (4.2.14) but > I'm not sure if RPC worked immediately before the upgrade either since > most of the time it only serves LDAP and krb5. > > Connecting using RSAT from windows gives "RPC Server Unavailable" > message. > > To try and isolate the problem I firewalled traffic from all but one > host and attempted to connect using rpcclient. From this I see > NT_STATUS_INTERNAL_ERROR > > Attached are files containing the output from rpcclient, the logs from > samba and smbd and the smb.conf from the client and the AD DC. The > logs are all at log level 3 but I can re-generate them at a higher > debug level if someone thinks this may be helpful. > > The internal error seems to be shown in the smbd log but there's > nothing which really indicates (to me) what might have gone wrong to > cause it. > > Anyone have any ideas? >
Rowland Penny
2017-Oct-16 16:26 UTC
[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC
On Mon, 16 Oct 2017 17:01:29 +0100 Richard Connon via samba <samba at lists.samba.org> wrote:> To try and narrow down this issue I tried to setup a test environment > using two fresh install Debian 9.2 VMs, now running samba 4.5.12 > since it was updated in Debian. > > I provisioned a new domain using `samba-tool domain provision` on the > first VM, let it generate the smb.conf itself, and configured it > using the BIND9_DLZ DNS backend. > > I tried to join the domain using a second Debian 9.2 VM using `net > ads join -UAdministrator` after setting the DNS resolver to be the > test DC and synchronising with NTP on the DC. This failed with the > error: > > "Failed to join domain: failed to lookup DC info for domain > 'ADS.TEST.LOCAL' over rpc: An internal error occurred." > > Finally, I tried to connect to RPC on the DC using `rpcclient` which > failed, as before, with NT_STATUS_INTERNAL_ERROR. > > Is there some inherent problem with the Debian packages and the RPC > server component of the DC? Alternatively, is there somewhere else I > should be looking for the root cause of this? >This isn't a known problem with the debian packages, it should work. Can you post the provision command you used on the DC. I know you posted the smb.conf from a DC before, but can you post it again. Can you post the following files: /etc/resolv.conf /etc/hostname /etc/hosts /etc/krb5.conf From both the DC and the domain member The named.conf files from the DC and finally the smb.conf from the domain member. Rowland
Possibly Parallel Threads
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Second DC won't start LDAP daemon
- Samba 4.8 RODC not working