Rowland Penny
2017-Aug-10 09:26 UTC
[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
On Thu, 10 Aug 2017 08:14:33 +0700 Vladimir Frelikh via samba <samba at lists.samba.org> wrote:> > >> > > >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view> > att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw> > > >> > > >> > > >> -- > > >> Best regards, VladimirThere doesn't seem to be anything really wrong with the conf files you have posted so far, except (and this is just a nitpick) I would use 'search' instead of 'domain' in /etc/resolv.conf There also doesn't seem to be anything obvious in the log you posted. Have you tried asking smbclient to be a bit more verbose ? smbclient -L localhost -U% -d3 Try this and keep raising the last number until something does pop out (hopefully) Rowland
Vladimir Frelikh
2017-Aug-10 12:22 UTC
[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Hi, thanks for your participatioin, here's the output: smbclient -L $(hostname -f) -UAdministrator -d3 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" added interface eth0 ip=192.168.19.2 bcast=192.168.19.255 netmask=255.255.255.0 Client started (version 4.5.8-Debian). Enter Administrator's password: resolve_hosts: Attempting host lookup for name sambadc.rona.loc<0x20> Connecting to 192.168.19.2 at port 445 Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 SPNEGO login failed: An internal error occurred. session setup failed: NT_STATUS_INTERNAL_ERROR I could raise the log level if this is not enough -- С уважением, Владимир. 2017-08-10 16:26 GMT+07:00 Rowland Penny via samba <samba at lists.samba.org>:> On Thu, 10 Aug 2017 08:14:33 +0700 > Vladimir Frelikh via samba <samba at lists.samba.org> wrote: > > > > >> > > > >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view> > > att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw> > > > >> > > > >> > > > >> -- > > > >> Best regards, Vladimir > > There doesn't seem to be anything really wrong with the conf files you > have posted so far, except (and this is just a nitpick) I would use > 'search' instead of 'domain' in /etc/resolv.conf > > There also doesn't seem to be anything obvious in the log you posted. > > Have you tried asking smbclient to be a bit more verbose ? > > smbclient -L localhost -U% -d3 > > Try this and keep raising the last number until something does pop out > (hopefully) > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2017-Aug-10 12:53 UTC
[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
On Thu, 10 Aug 2017 19:22:58 +0700 Vladimir Frelikh <e285ne at gmail.com> wrote:> Hi, > thanks for your participatioin, >OK, if I compare your output with the one I get (that works) the differences (with common lines removed) are: You get: smbclient -L $(hostname -f) -UAdministrator -d3 Client started (version 4.5.8-Debian). Enter Administrator's password: Doing spnego session setup (blob length=96) got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 SPNEGO login failed: An internal error occurred. session setup failed: NT_STATUS_INTERNAL_ERROR I get: smbclient -L $(hostname -f) -UAdministrator -d3 Client started (version 4.6.0). Enter SAMDOM\Administrator's password: Sharename Type Comment --------- ---- ------- netlogon Disk sysvol Disk IPC$ IPC IPC Service (Samba 4.6.0) E2BIG: convert_string(UTF-8,CP850): srclen=27 destlen=16 - 'DC1.SAMDOM.EXAMPLE.COM' Connecting to 192.168.0.2 at port 139 got OID=1.2.840.48018.1.2.2 Server Comment --------- ------- Workgroup Master --------- ------- I have libnss_winbind setup on the DC, do you ? Or to put it another way, what packages did you install ? Rowland
L.P.H. van Belle
2017-Aug-10 13:03 UTC
[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Hai, So after review all posts things again. This is the AD DC, can you show the output of : systemctl status smbd nmbd winbind samba samba-ad-dc ( yes, one line ) And. To make sure the right things are enabled. Run this: ( this ONLY for a AD AD samba setup) systemctl disable smbd nmbd winbind samba systemctl mask smbd nmbd winbind samba systemctl stop smbd nmbd winbind samba systemctl unmask samba-ad-dc systemctl enable samba-ad-dc You logs shows: For example : Kerberos: AS-REQ Administrator at RONA from ipv4:192.168.19.29:49815 for krbtgt/RONA at RONA And Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' https://bugzilla.samba.org/show_bug.cgi?id=7605 Can you change your resolv.conf to .. domain rona.loc search rona.loc nameserver 192.168.19.2 Yes Rowland, i know... About ... You know, lets not go there.. ( for now ;-) ) but Vladimir, please set this, reboot the server and try again. Post the result. I agree with rowland, only the resolv.conf is different compaired most setups. If the test works, Can you change your resolv.conf to .. search rona.loc nameserver 192.168.19.2 And reboot the server, and try again. Whats the diffence between Rowland and me.. I did keep all settings from the debian install. ( thats why i have domain and search, no other reason ) Last, i think this is resolving. Kerberos: AS-REQ Administrator at RONA should show Kerberos: AS-REQ Administrator at RONA.LOC Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Vladimir Frelikh via samba > Verzonden: donderdag 10 augustus 2017 14:23 > Aan: Rowland Penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] cannot join windows 7 samba4-ad-dc > fresh install, get NT_STATUS_INTERNAL_ERROR > > Hi, > thanks for your participatioin, > > here's the output: > > smbclient -L $(hostname -f) -UAdministrator -d3 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows > limit (16384) > Processing section "[global]" > added interface eth0 ip=192.168.19.2 bcast=192.168.19.255 > netmask=255.255.255.0 > Client started (version 4.5.8-Debian). > Enter Administrator's password: > resolve_hosts: Attempting host lookup for name sambadc.rona.loc<0x20> > Connecting to 192.168.19.2 at port 445 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Got challenge flags: > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088215 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088215 > SPNEGO login failed: An internal error occurred. > session setup failed: NT_STATUS_INTERNAL_ERROR > > I could raise the log level if this is not enough > > > -- > ?? ??????????????????, ????????????????. > > 2017-08-10 16:26 GMT+07:00 Rowland Penny via samba > <samba at lists.samba.org>: > > > On Thu, 10 Aug 2017 08:14:33 +0700 > > Vladimir Frelikh via samba <samba at lists.samba.org> wrote: > > > > > > >> > > > > >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view> > > > > att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw> > > > > >> > > > > >> > > > > >> -- > > > > >> Best regards, Vladimir > > > > There doesn't seem to be anything really wrong with the > conf files you > > have posted so far, except (and this is just a nitpick) I would use > > 'search' instead of 'domain' in /etc/resolv.conf > > > > There also doesn't seem to be anything obvious in the log > you posted. > > > > Have you tried asking smbclient to be a bit more verbose ? > > > > smbclient -L localhost -U% -d3 > > > > Try this and keep raising the last number until something > does pop out > > (hopefully) > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Vladimir Frelikh
2017-Aug-11 01:13 UTC
[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
Hi, I've changed /etc/resolv.conf, rebooted, here is the output: cat /etc/resolv.conf domain rona.loc search rona.loc nameserver 192.168.19.2 ------ smbclient -L $(hostname -f) -UAdministrator%<password> -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 scavenger: 5 dns: 5 ldb: 5 tevent: 5 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 scavenger: 5 dns: 5 ldb: 5 tevent: 5 Processing section "[global]" doing parameter netbios name = SAMBADC doing parameter realm = RONA.LOC doing parameter workgroup = RONA doing parameter dns forwarder = 192.168.19.1 doing parameter server role = active directory domain controller doing parameter idmap_ldb:use rfc2307 = yes doing parameter log level = 5 pm_process() returned Yes added interface eth0 ip=192.168.19.2 bcast=192.168.19.255 netmask=255.255.255.0 Netbios name list:- my_netbios_names[0]="SAMBADC" Client started (version 4.5.8-Debian). Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb sitename_fetch: No stored sitename for realm 'RONA.LOC' no entry for sambadc.rona.loc#20 found. resolve_hosts: Attempting host lookup for name sambadc.rona.loc<0x20> namecache_store: storing 1 address for sambadc.rona.loc#20: 192.168.19.2 Connecting to 192.168.19.2 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 2626560 SO_RCVBUF = 1061808 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 Could not test socket option SO_SNDTIMEO. Could not test socket option SO_RCVTIMEO. TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 session request ok Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_DOMAIN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SPNEGO login failed: An internal error occurred. session setup failed: NT_STATUS_INTERNAL_ERROR -- С уважением, Владимир. 2017-08-10 20:03 GMT+07:00 L.P.H. van Belle via samba <samba at lists.samba.org>:> Hai, > > So after review all posts things again. > > This is the AD DC, can you show the output of : > systemctl status smbd nmbd winbind samba samba-ad-dc > ( yes, one line ) > > And. To make sure the right things are enabled. > Run this: ( this ONLY for a AD AD samba setup) > > systemctl disable smbd nmbd winbind samba > systemctl mask smbd nmbd winbind samba > systemctl stop smbd nmbd winbind samba > > systemctl unmask samba-ad-dc > systemctl enable samba-ad-dc > > You logs shows: > For example : Kerberos: AS-REQ Administrator at RONA from ipv4: > 192.168.19.29:49815 for krbtgt/RONA at RONA > > And > Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() > - NT_STATUS_CONNECTION_DISCONNECTED' > https://bugzilla.samba.org/show_bug.cgi?id=7605 > > > Can you change your resolv.conf to .. > domain rona.loc > search rona.loc > nameserver 192.168.19.2 > > Yes Rowland, i know... About ... You know, lets not go there.. ( for now > ;-) ) > but Vladimir, please set this, reboot the server and try again. > > Post the result. > I agree with rowland, only the resolv.conf is different compaired most > setups. > > If the test works, > Can you change your resolv.conf to .. > search rona.loc > nameserver 192.168.19.2 > > And reboot the server, and try again. > > Whats the diffence between Rowland and me.. > I did keep all settings from the debian install. > ( thats why i have domain and search, no other reason ) > > Last, i think this is resolving. > Kerberos: AS-REQ Administrator at RONA should show Kerberos: AS-REQ > Administrator at RONA.LOC > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Vladimir Frelikh via samba > > Verzonden: donderdag 10 augustus 2017 14:23 > > Aan: Rowland Penny > > CC: samba at lists.samba.org > > Onderwerp: Re: [Samba] cannot join windows 7 samba4-ad-dc > > fresh install, get NT_STATUS_INTERNAL_ERROR > > > > Hi, > > thanks for your participatioin, > > > > here's the output: > > > > smbclient -L $(hostname -f) -UAdministrator -d3 > > lp_load_ex: refreshing parameters > > Initialising global parameters > > rlimit_max: increasing rlimit_max (1024) to minimum Windows > > limit (16384) > > Processing section "[global]" > > added interface eth0 ip=192.168.19.2 bcast=192.168.19.255 > > netmask=255.255.255.0 > > Client started (version 4.5.8-Debian). > > Enter Administrator's password: > > resolve_hosts: Attempting host lookup for name sambadc.rona.loc<0x20> > > Connecting to 192.168.19.2 at port 445 > > Doing spnego session setup (blob length=96) > > got OID=1.2.840.48018.1.2.2 > > got OID=1.2.840.113554.1.2.2 > > got OID=1.3.6.1.4.1.311.2.2.10 > > got principal=not_defined_in_RFC4178 at please_ignore > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Got challenge flags: > > Got NTLMSSP neg_flags=0x62898215 > > NTLMSSP: Set final flags: > > Got NTLMSSP neg_flags=0x62088215 > > NTLMSSP Sign/Seal - Initialising with flags: > > Got NTLMSSP neg_flags=0x62088215 > > SPNEGO login failed: An internal error occurred. > > session setup failed: NT_STATUS_INTERNAL_ERROR > > > > I could raise the log level if this is not enough > > > > > > -- > > ?? ??????????????????, ????????????????. > > > > 2017-08-10 16:26 GMT+07:00 Rowland Penny via samba > > <samba at lists.samba.org>: > > > > > On Thu, 10 Aug 2017 08:14:33 +0700 > > > Vladimir Frelikh via samba <samba at lists.samba.org> wrote: > > > > > > > > >> > > > > > >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view> > > > > > > att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw> > > > > > >> > > > > > >> > > > > > >> -- > > > > > >> Best regards, Vladimir > > > > > > There doesn't seem to be anything really wrong with the > > conf files you > > > have posted so far, except (and this is just a nitpick) I would use > > > 'search' instead of 'domain' in /etc/resolv.conf > > > > > > There also doesn't seem to be anything obvious in the log > > you posted. > > > > > > Have you tried asking smbclient to be a bit more verbose ? > > > > > > smbclient -L localhost -U% -d3 > > > > > > Try this and keep raising the last number until something > > does pop out > > > (hopefully) > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Apparently Analagous Threads
- cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR
- cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR