samba - Aug 2016 - NT_STATUS_INTERNAL_ERROR

Dear, 
Does anyone have any idea what may be causing this error? 
Even I had to leave off Samba, because I believe that due to
NT_STATUS_INTERNAL_ERROR error, several desktops are presenting failure
credentials when they try to access shares. After I left off Samba, the errors
are gone.

 
------------------- Mensagem original -------------------------------
Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR

Rowland: 

I took the "dns" from "server services" line in smb.conf,
then restart the Samba service.
The commands I have given, is running on the DC Samba 

Run the command: 

[root at srv14 ~]# kinit administrator 
Password for administrator at DOMAIN.LOCAL: 


[root at srv14 ~]# klist -e 
Ticket cache: KEYRING:persistent:0:0 
Default principal: administrator at DOMAIN.LOCAL 

Valid starting       Expires              Service principal 
26-07-2016 10:43:48  26-07-2016 20:43:48  krbtgt/DOMAIN.LOCAL at DOMAIN.LOCAL 
renew until 02-08-2016 10:43:46, Etype (skey, tkt): arcfour-hmac,
aes256-cts-hmac-sha1-96
[root at srv14 ~]# 


Louis: 

I ran the following command to display the results: 

smbclient -k -L //srv.domain.local -d5 

INFO: Current debug levels: 
all: 5 
tdb: 5 
printdrivers: 5 
lanman: 5 
smb: 5 
rpc_parse: 5 
rpc_srv: 5 
rpc_cli: 5 
passdb: 5 
sam: 5 
auth: 5 
winbind: 5 
vfs: 5 
idmap: 5 
quota: 5 
acls: 5 
locking: 5 
msdfs: 5 
dmapi: 5 
registry: 5 
scavenger: 5 
dns: 5 
ldb: 5 
tevent: 5 
lp_load_ex: refreshing parameters 
Initialising global parameters 
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) 
INFO: Current debug levels: 
all: 5 
tdb: 5 
printdrivers: 5 
lanman: 5 
smb: 5 
rpc_parse: 5 
rpc_srv: 5 
rpc_cli: 5 
passdb: 5 
sam: 5 
auth: 5 
winbind: 5 
vfs: 5 
idmap: 5 
quota: 5 
acls: 5 
locking: 5 
msdfs: 5 
dmapi: 5 
registry: 5 
scavenger: 5 
dns: 5 
ldb: 5 
tevent: 5 
Processing section "[global]" 
doing parameter interfaces = lo eno16777984 
doing parameter netbios name = SRV14 
doing parameter realm = DOMAIN.LOCAL 
doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = DOMAIN 
doing parameter server role = active directory domain controller 
doing parameter comment = 
doing parameter log file = /var/log/samba/%m.log 
doing parameter log level = 9 
pm_process() returned Yes 
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 
added interface eno16777984 ip=172.16.16.3 bcast=172.16.17.255
netmask=255.255.254.0
Netbios name list:- 
my_netbios_names[0]="SRV14" 
Client started (version 4.4.5). 
Opening cache file at /usr/local/samba/var/cache/gencache.tdb 
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb 
sitename_fetch: No stored sitename for DOMAIN.LOCAL 
name srv13.domain.local#20 found. 
Connecting to 172.16.16.19 at port 445 
Socket options: 
SO_KEEPALIVE = 0 
SO_REUSEADDR = 0 
SO_BROADCAST = 0 
TCP_NODELAY = 1 
TCP_KEEPCNT = 9 
TCP_KEEPIDLE = 7200 
TCP_KEEPINTVL = 75 
IPTOS_LOWDELAY = 0 
IPTOS_THROUGHPUT = 0 
SO_REUSEPORT = 0 
SO_SNDBUF = 87040 
SO_RCVBUF = 367360 
SO_SNDLOWAT = 1 
SO_RCVLOWAT = 1 
SO_SNDTIMEO = 0 
SO_RCVTIMEO = 0 
TCP_QUICKACK = 1 
TCP_DEFER_ACCEPT = 0 
session request ok 
Doing spnego session setup (blob length=120) 
got OID=1.3.6.1.4.1.311.2.2.30 
got OID=1.2.840.48018.1.2.2 
got OID=1.2.840.113554.1.2.2 
got OID=1.2.840.113554.1.2.2.3 
got OID=1.3.6.1.4.1.311.2.2.10 
got principal=not_defined_in_RFC4178 at please_ignore 
cli_session_setup_spnego: using target hostname not SPNEGO principal 
cli_session_setup_spnego: guessed server principal=cifs/srv13.domain.local at
DOMAIN.LOCAL
GENSEC backend 'gssapi_spnego' registered 
GENSEC backend 'gssapi_krb5' registered 
GENSEC backend 'gssapi_krb5_sasl' registered 
GENSEC backend 'spnego' registered 
GENSEC backend 'schannel' registered 
GENSEC backend 'naclrpc_as_system' registered 
GENSEC backend 'sasl-EXTERNAL' registered 
GENSEC backend 'ntlmssp' registered 
GENSEC backend 'ntlmssp_resume_ccache' registered 
GENSEC backend 'http_basic' registered 
GENSEC backend 'http_ntlm' registered 
GENSEC backend 'krb5' registered 
GENSEC backend 'fake_gssapi_krb5' registered 
Starting GENSEC mechanism spnego 
Starting GENSEC submechanism gse_krb5 
gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied,
or the credentials were unavailable or inaccessible.: unknown mech-code 0 for
mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR 
SPNEGO login failed: An internal error occurred. 

session setup failed: NT_STATUS_INTERNAL_ERROR

Dear,I found the solution to the error: NT_STATUS_INTERNAL_ERRORThis error
acontencia in Samba versions: 4.4.4, 4.4.5 and 4.5.0rc1.For my case, after
checking the logs, something wrong about authentication.I solved the problem by
releasing the ports and services (AD, DC, DNS, SMB, etc.) on the firewall. In
Centos 7, I had already released these ports, but can not explain why he
returned to block everything.the tip is recorded if someone will go through this
problem.Greetings to all !

To follow the historical post, follow the link:
[Samba] NT_STATUS_INTERNAL_ERROR


|   |
|   |   |   |   |   |
| [Samba] NT_STATUS_INTERNAL_ERROR[Samba] NT_STATUS_INTERNAL_ERROR Ricardo
Pardim Claus ricardo.claus at yahoo.com.br Mon Jul 25 17:27:10 UTC 2016 Previous
message: [Samba] Samba domain member and rfc2307 user IDs  |
|  |
| Visualizar em lists.samba.org | Visualizado por Yahoo |
|  |
|   |


 

      De: Ricardo Pardim Claus <ricardo.claus at yahoo.com.br>
 Para: "samba at lists.samba.org" <samba at lists.samba.org> 
 Enviadas: Terça-feira, 2 de Agosto de 2016 9:59
 Assunto: Re: [Samba] NT_STATUS_INTERNAL_ERROR
   
Dear,I found the solution to the error: NT_STATUS_INTERNAL_ERRORThis error
acontencia in Samba versions: 4.4.4, 4.4.5 and 4.5.0rc1.For my case, after
checking the logs, something wrong about authentication.I solved the problem by
releasing the ports and services (AD, DC, DNS, SMB, etc.) on the firewall. In
Centos 7, I had already released these ports, but can not explain why he
returned to block everything.the tip is recorded if someone will go through this
problem.Greetings to all !