We added a DNS entry to Samba via the Windows DNS Manager which apparently was invalid. Now we can't see the list of forward lookup in the Window DNS Manager because it immediately errors and we have to restart the Samba service. Running Samba 4.3.11-Ubuntu on Ubuntu 16.04 Additionally, a samba-tool dns query fails with the following error:> $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALL> ERROR(runtime): uncaught exception - (-1073741300, 'The transport> connection is now disconnected.') File> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175,> in _run> return self.run(*args, **kwargs) File"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in> run> None, record_type, select_flags, None, None)This samba-tool command works if I search for a specific entry instead of "@". How do we find/delete the bad DNS entry? Here is the full debug output - INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Using binding ncacn_ip_tcp:dc1.acme.com[,sign] Mapped to DCERPC endpoint 135 added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory rpc request data: [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ rpc reply data: [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ Mapped to DCERPC endpoint 1024 added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [acme\my-admin]: Received smb_krb5 packet of length 275 Received smb_krb5 packet of length 1373 ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically signed ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 rpc request data: [0000] 00 00 07 00 00 00 00 00 00 00 02 00 16 00 00 00 ........ ........ t: struct dcerpc_sec_verification_trailer _pad : DATA_BLOB length=0 magic : 0000000000000000 count: struct dcerpc_sec_vt_count count : 0x0002 (2) commands: ARRAY(2) commands: struct dcerpc_sec_vt command : 0x0001 (1) 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) 0: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x1) bitmask1 : 0x00000001 (1) 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING commands: struct dcerpc_sec_vt command : 0x4002 (16386) 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) 1: DCERPC_SEC_VT_COMMAND_END 0: DCERPC_SEC_VT_MUST_PROCESS u : union dcerpc_sec_vt_union(case 0x2) pcontext: struct dcerpc_sec_vt_pcontext abstract_syntax: struct ndr_syntax_id uuid : 50abc2a4-574d-40b3-9d66-ee4fd5fba076 if_version : 0x00000005 (5) transfer_syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ERROR(runtime): uncaught exception - (-1073741300, 'The transport connection is now disconnected.') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in run None, record_type, select_flags, None, None) Thanks, Robb Schiefer Director of Engineering Suture Health, Inc.
Hi Robb,> We added a DNS entry to Samba via the Windows DNS Manager which apparently > was invalid. Now we can't see the list of forward lookup in the Window DNS > Manager because it immediately errors and we have to restart the Samba > service. > > Running Samba 4.3.11-Ubuntu on Ubuntu 16.04that's a quite old Samba version and it is EOL'ed. You really should upgrade to latest 4.7, there are tons of bugfix since 4.3.> > Additionally, a samba-tool dns query fails with the following error: > >> $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALLI have seen issues with corrupted DNS entries in earlier Samba version. You could compare the zone between RSAT DNS console and Apache Directory Studio connection (look in CN=MicrosoftDNS,DC=DomainDNSZone,DC=,DC=) and see what extra spurious entry could lay in your DNS zone. A more expeditive way is to delete and recreate the zone using the samba-tool dns zonedelete / zonecreate. The SRV entries are recreated when the server restart. You should just be careful about having your kerberos configuration properly so it does not needs DNS to find its KDC (you can take a look at krb5.conf file in [1] for inspiration). Then you'll have to recreate your DNS entries in that clean'ed up zone. Cheers, Denis [1] https://dev.tranquil.it/wiki/SAMBA_-_Installation_samba4_comme_DC_secondaire> >> ERROR(runtime): uncaught exception - (-1073741300, 'The transport > >> connection is now disconnected.') File > >> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, > >> in _run > >> return self.run(*args, **kwargs) File > "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in > >> run > >> None, record_type, select_flags, None, None) > > > > This samba-tool command works if I search for a specific entry instead of > "@". > > How do we find/delete the bad DNS entry? > > Here is the full debug output - > > INFO: Current debug levels: > > all: 10 > > tdb: 10 > > printdrivers: 10 > > lanman: 10 > > smb: 10 > > rpc_parse: 10 > > rpc_srv: 10 > > rpc_cli: 10 > > passdb: 10 > > sam: 10 > > auth: 10 > > winbind: 10 > > vfs: 10 > > idmap: 10 > > quota: 10 > > acls: 10 > > locking: 10 > > msdfs: 10 > > dmapi: 10 > > registry: 10 > > scavenger: 10 > > dns: 10 > > ldb: 10 > > tevent: 10 > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > > Processing section "[global]" > > Processing section "[netlogon]" > > Processing section "[sysvol]" > > pm_process() returned Yes > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Using binding ncacn_ip_tcp:dc1.acme.com[,sign] > > Mapped to DCERPC endpoint 135 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such > file or directory > > rpc request data: > > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > > rpc reply data: > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > > Mapped to DCERPC endpoint 1024 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such > file or directory > > Starting GENSEC mechanism spnego > > Starting GENSEC submechanism gssapi_krb5 > > Password for [acme\my-admin]: > > Received smb_krb5 packet of length 275 > > Received smb_krb5 packet of length 1373 > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > gensec_gssapi: NO credentials were delegated > > GSSAPI Connection will be cryptographically signed > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > rpc request data: > > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 16 00 00 00 ........ ........ > > t: struct dcerpc_sec_verification_trailer > > _pad : DATA_BLOB length=0 > > magic : 0000000000000000 > > count: struct dcerpc_sec_vt_count > > count : 0x0002 (2) > > commands: ARRAY(2) > > commands: struct dcerpc_sec_vt > > command : 0x0001 (1) > > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > > 0: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x1) > > bitmask1 : 0x00000001 (1) > > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > > commands: struct dcerpc_sec_vt > > command : 0x4002 (16386) > > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > > 1: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x2) > > pcontext: struct dcerpc_sec_vt_pcontext > > abstract_syntax: struct ndr_syntax_id > > uuid : > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 > > if_version : 0x00000005 (5) > > transfer_syntax: struct ndr_syntax_id > > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > > if_version : 0x00000002 (2) > > ERROR(runtime): uncaught exception - (-1073741300, 'The transport connection > is now disconnected.') > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in > run > > None, record_type, select_flags, None, None) > > > > > > > > > > Thanks, > > > > Robb Schiefer > > Director of Engineering > > Suture Health, Inc. > > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
On Tue, 24 Apr 2018 09:50:10 +0200 Denis Cardon via samba <samba at lists.samba.org> wrote:> A more expeditive way is to delete and recreate the zone using the > samba-tool dns zonedelete / zonecreate. The SRV entries are recreated > when the server restart. You should just be careful about having your > kerberos configuration properly so it does not needs DNS to find its > KDC (you can take a look at krb5.conf file in [1] for inspiration). > Then you'll have to recreate your DNS entries in that clean'ed up > zone. >Hi Dennis, DNS is an integral part of Active Directory, so if the machine you are trying to join as a DC cannot find the KDC via dns, then it is likely to have problems later. You must have working dns before the join. I have read your join howto and have the following comments, based on my experience. I would also install libpam_winbind and libpam_krb5 /etc/krb5.conf needs to be only this: [libdefaults] default_realm = MONDOMAINE.LAN dns_lookup_realm = false dns_lookup_kdc = true I would stop smbd, nmbd, winbind before the join I would run the join command like this: samba-tool domain join mondomaine.lan DC -U administrator --realm=MONDOMAINE.LAN -W MONDOMAINE --option='idmap_ldb:use rfc2307 = yes' --option='dns forwarder = 8.8.8.8' if you copy netlogon and sysvol from the first DC, you really also need to copy idmap.ldb Please do not do this: ln -s /etc/krb5.conf /var/lib/samba/private/krb5.conf If you must do it, then do this instead: cp /var/lib/samba/private/krb5.conf to /etc/krb5.conf But it will just replace what is there, with the same content, if it has been set as suggested above. Finally, I would have set up NTP before the join and ensured the time was the same as on the DC. Rowland
What is you end back-end? On Mon, Apr 23, 2018, 8:37 AM Robb Schiefer via samba <samba at lists.samba.org> wrote:> We added a DNS entry to Samba via the Windows DNS Manager which apparently > was invalid. Now we can't see the list of forward lookup in the Window DNS > Manager because it immediately errors and we have to restart the Samba > service. > > Running Samba 4.3.11-Ubuntu on Ubuntu 16.04 > > Additionally, a samba-tool dns query fails with the following error: > > > $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALL > > > ERROR(runtime): uncaught exception - (-1073741300, 'The transport > > > connection is now disconnected.') File > > > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, > > > in _run > > > return self.run(*args, **kwargs) File > "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in > > > run > > > None, record_type, select_flags, None, None) > > > > This samba-tool command works if I search for a specific entry instead of > "@". > > How do we find/delete the bad DNS entry? > > Here is the full debug output - > > INFO: Current debug levels: > > all: 10 > > tdb: 10 > > printdrivers: 10 > > lanman: 10 > > smb: 10 > > rpc_parse: 10 > > rpc_srv: 10 > > rpc_cli: 10 > > passdb: 10 > > sam: 10 > > auth: 10 > > winbind: 10 > > vfs: 10 > > idmap: 10 > > quota: 10 > > acls: 10 > > locking: 10 > > msdfs: 10 > > dmapi: 10 > > registry: 10 > > scavenger: 10 > > dns: 10 > > ldb: 10 > > tevent: 10 > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > > Processing section "[global]" > > Processing section "[netlogon]" > > Processing section "[sysvol]" > > pm_process() returned Yes > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Using binding ncacn_ip_tcp:dc1.acme.com[,sign] > > Mapped to DCERPC endpoint 135 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such > file or directory > > rpc request data: > > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > rpc reply data: > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ > ........ > > Mapped to DCERPC endpoint 1024 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such > file or directory > > Starting GENSEC mechanism spnego > > Starting GENSEC submechanism gssapi_krb5 > > Password for [acme\my-admin]: > > Received smb_krb5 packet of length 275 > > Received smb_krb5 packet of length 1373 > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > gensec_gssapi: NO credentials were delegated > > GSSAPI Connection will be cryptographically signed > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > rpc request data: > > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 16 00 00 00 ........ > ........ > > t: struct dcerpc_sec_verification_trailer > > _pad : DATA_BLOB length=0 > > magic : 0000000000000000 > > count: struct dcerpc_sec_vt_count > > count : 0x0002 (2) > > commands: ARRAY(2) > > commands: struct dcerpc_sec_vt > > command : 0x0001 (1) > > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > > 0: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x1) > > bitmask1 : 0x00000001 (1) > > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > > commands: struct dcerpc_sec_vt > > command : 0x4002 (16386) > > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > > 1: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x2) > > pcontext: struct dcerpc_sec_vt_pcontext > > abstract_syntax: struct ndr_syntax_id > > uuid : > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 > > if_version : 0x00000005 (5) > > transfer_syntax: struct ndr_syntax_id > > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > > if_version : 0x00000002 (2) > > ERROR(runtime): uncaught exception - (-1073741300, 'The transport > connection > is now disconnected.') > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in > run > > None, record_type, select_flags, None, None) > > > > > > > > > > Thanks, > > > > Robb Schiefer > > Director of Engineering > > Suture Health, Inc. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Thanks for the reply Denis! I tried upgrading samba and it said "2:4.3.11+dfsg-0ubuntu0.16.04.13" is the latest version. The RSAT DNS Manager fails to list the contents of the zone. It actually kills the SMBD process when I try and I have to restart it. So I can't compare it to Apache Directory Studio. Is there some way to query the underlying samba DNS data store to find the most recently added DNS entry? I checked for but couldn't find krb4.conf so I guess I don't have Kerberos configured. Being a fairly new linux/Samba user the zonedelete option seems scary. Thanks, Robb ----------------------------------------- Hi Robb,> We added a DNS entry to Samba via the Windows DNS Manager which > apparently was invalid. Now we can't see the list of forward lookup in > the Window DNS Manager because it immediately errors and we have to > restart the Samba service. > > Running Samba 4.3.11-Ubuntu on Ubuntu 16.04that's a quite old Samba version and it is EOL'ed. You really should upgrade to latest 4.7, there are tons of bugfix since 4.3.> > Additionally, a samba-tool dns query fails with the following error: > >> $ samba-tool dns query dc1.mydomain.com mydomain.com @ ALLI have seen issues with corrupted DNS entries in earlier Samba version. You could compare the zone between RSAT DNS console and Apache Directory Studio connection (look in CN=MicrosoftDNS,DC=DomainDNSZone,DC=,DC=) and see what extra spurious entry could lay in your DNS zone. A more expeditive way is to delete and recreate the zone using the samba-tool dns zonedelete / zonecreate. The SRV entries are recreated when the server restart. You should just be careful about having your kerberos configuration properly so it does not needs DNS to find its KDC (you can take a look at krb5.conf file in [1] for inspiration). Then you'll have to recreate your DNS entries in that clean'ed up zone. Cheers, Denis [1] https://dev.tranquil.it/wiki/SAMBA_-_Installation_samba4_comme_DC_secondaire> >> ERROR(runtime): uncaught exception - (-1073741300, 'The transport > >> connection is now disconnected.') File > >> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line >> 175, > >> in _run > >> return self.run(*args, **kwargs) File > "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 994, in > >> run > >> None, record_type, select_flags, None, None) > > > > This samba-tool command works if I search for a specific entry instead > of "@". > > How do we find/delete the bad DNS entry? > > Here is the full debug output - > > INFO: Current debug levels: > > all: 10 > > tdb: 10 > > printdrivers: 10 > > lanman: 10 > > smb: 10 > > rpc_parse: 10 > > rpc_srv: 10 > > rpc_cli: 10 > > passdb: 10 > > sam: 10 > > auth: 10 > > winbind: 10 > > vfs: 10 > > idmap: 10 > > quota: 10 > > acls: 10 > > locking: 10 > > msdfs: 10 > > dmapi: 10 > > registry: 10 > > scavenger: 10 > > dns: 10 > > ldb: 10 > > tevent: 10 > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > > Processing section "[global]" > > Processing section "[netlogon]" > > Processing section "[sysvol]" > > pm_process() returned Yes > > GENSEC backend 'gssapi_spnego' registered > > GENSEC backend 'gssapi_krb5' registered > > GENSEC backend 'gssapi_krb5_sasl' registered > > GENSEC backend 'spnego' registered > > GENSEC backend 'schannel' registered > > GENSEC backend 'naclrpc_as_system' registered > > GENSEC backend 'sasl-EXTERNAL' registered > > GENSEC backend 'ntlmssp' registered > > GENSEC backend 'ntlmssp_resume_ccache' registered > > GENSEC backend 'http_basic' registered > > GENSEC backend 'http_ntlm' registered > > GENSEC backend 'krb5' registered > > GENSEC backend 'fake_gssapi_krb5' registered > > Using binding ncacn_ip_tcp:dc1.acme.com[,sign] > > Mapped to DCERPC endpoint 135 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 > netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 > netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > > rpc request data: > > [0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > > rpc reply data: > > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > > Mapped to DCERPC endpoint 1024 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 > netmask=255.255.255.0 > > added interface eth0 ip=11.55.3.22 bcast=11.55.3.255 > netmask=255.255.255.0 > > resolve_lmhosts: Attempting lmhosts lookup for name dc1.acme.com<0x20> > > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > such file or directory > > Starting GENSEC mechanism spnego > > Starting GENSEC submechanism gssapi_krb5 > > Password for [acme\my-admin]: > > Received smb_krb5 packet of length 275 > > Received smb_krb5 packet of length 1373 > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > gensec_gssapi: NO credentials were delegated > > GSSAPI Connection will be cryptographically signed > > ../librpc/rpc/dcerpc_util.c:173: auth_pad_length 0 > > rpc request data: > > [0000] 00 00 07 00 00 00 00 00 00 00 02 00 16 00 00 00 ........ ........ > > t: struct dcerpc_sec_verification_trailer > > _pad : DATA_BLOB length=0 > > magic : 0000000000000000 > > count: struct dcerpc_sec_vt_count > > count : 0x0002 (2) > > commands: ARRAY(2) > > commands: struct dcerpc_sec_vt > > command : 0x0001 (1) > > 0x01: DCERPC_SEC_VT_COMMAND_ENUM (1) > > 0: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x1) > > bitmask1 : 0x00000001 (1) > > 1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING > > commands: struct dcerpc_sec_vt > > command : 0x4002 (16386) > > 0x02: DCERPC_SEC_VT_COMMAND_ENUM (2) > > 1: DCERPC_SEC_VT_COMMAND_END > > 0: DCERPC_SEC_VT_MUST_PROCESS > > u : union dcerpc_sec_vt_union(case > 0x2) > > pcontext: struct dcerpc_sec_vt_pcontext > > abstract_syntax: struct ndr_syntax_id > > uuid : > 50abc2a4-574d-40b3-9d66-ee4fd5fba076 > > if_version : 0x00000005 (5) > > transfer_syntax: struct ndr_syntax_id > > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > > if_version : 0x00000002 (2) > > ERROR(runtime): uncaught exception - (-1073741300, 'The transport > connection is now disconnected.') > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line > 994, in run > > None, record_type, select_flags, None, None) > > > > > > > > > > Thanks, > > > > Robb Schiefer > > Director of Engineering > > Suture Health, Inc. > > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr