[Samba] net rpc Connection failed: NT_STATUS_INVALID_PARAMETER after samba upgrade

Jelle de Jong jelledejong at powercraft.nl
Fri Dec 16 13:05:35 UTC 2016

Dear Samba users,

After my samba upgrade I can't fully use my net rpc commands any more 
and I would like some help debugging....

2016-12-15 15:10:16 upgrade samba:amd64 2:3.6.6-6+deb7u7 2:3.6.6-6+deb7u10
2016-12-15 15:10:23 upgrade samba-common:all 2:3.6.6-6+deb7u7 
2016-12-15 15:10:41 upgrade samba-common-bin:amd64 2:3.6.6-6+deb7u7 
2016-12-15 15:10:42 upgrade samba-doc:all 2:3.6.6-6+deb7u7 2:3.6.6-6+deb7u10

first I had to add the bellow to make the windows 7 pro clients to work 
    os level = 240
    client use spnego = no
    server signing = auto
    client schannel = no

stayce:~# net rpc group members "Domain Users" -S localhost -U 
Could not connect to server localhost

stayce:~# smbclient -L localhost -U jelledj%<secret>
session setup failed: NT_STATUS_INVALID_PARAMETER

It looks like some kind of user authorisation block/issue??? But how can 
I debug this?

stayce:~# net idmap secret alloc <secret>
The only currently supported backend is LDAP

stayce:~# wbinfo -t
checking the trust secret for domain COMPANY via RPC calls succeeded

stayce:~# wbinfo -p
Ping to winbindd succeeded

stayce:~# net rpc testjoin -S localhost -U Administrator%<secret>
Join to 'COMPANY' is OK

stayce:~# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[documenten]"
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[profiles]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

	workgroup = COMPANY
	netbios name = SERVER
	interfaces = lo, br0
	bind interfaces only = Yes
	client schannel = No
	passdb backend = ldapsam
	log file = /var/log/samba/log.%m
	time server = Yes
	server signing = auto
	client use spnego = No
	max open files = 17404
	load printers = No
	printcap name = /dev/null
	disable spoolss = Yes
	logon script = netlogon.bat
	logon path = \\%N\profiles\%U
	domain logons = Yes
	os level = 240
	preferred master = Yes
	domain master = Yes
	dns proxy = No
	wins support = Yes
	ldap admin dn = cn=admin,dc=company,dc=nl
	ldap delete dn = Yes
	ldap group suffix = ou=groups
	ldap idmap suffix = ou=idmap
	ldap machine suffix = ou=computers
	ldap passwd sync = yes
	ldap suffix = dc=company,dc=nl
	ldap ssl = no
	ldap user suffix = ou=users
	usershare max shares = 0
	usershare path = /srv/storage/shares
	template homedir = /srv/storage/shares/
	template shell = /bin/bash
	ldapsam:trusted = yes
	ldapsam:editposix = yes
	idmap config * : range = 10000-30000000
	idmap config * : ldap_url = ldap://localhost/
	idmap alloc config : ldap_base_dn = ou=idmap,dc=company,dc=nl
	idmap alloc config : ldap_user_dn = cn=admin,dc=company,dc=nl
	idmap config * : backend = ldap
	printing = bsd
	print command = lpr -r -P'%p' %s
	lpq command = lpq -P'%p'
	lprm command = lprm -P'%p' %j

	path = /srv/storage/shares
	read only = No
	create mask = 0660
	security mask = 0770
	directory mask = 0770
	directory security mask = 0770
	inherit acls = Yes
	map acl inherit = Yes
	hide unreadable = Yes
	store dos attributes = Yes
	vfs objects = recycle
	recycle:keeptree = Yes
	recycle:versions = Yes
	recycle:touch_mtime = Yes

	comment = Home Directories
	path = /srv/storage/samba/homes/%U
	read only = No
	inherit acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No
	root preexec = /usr/local/bin/samba-mkdir-home %U

	comment = Network Logon Service
	path = /srv/storage/samba/netlogon
	read only = No
	inherit acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No

	comment = Users profiles
	path = /srv/storage/samba/profiles
	read only = No
	inherit acls = Yes
	profile acls = Yes
	map acl inherit = Yes
	store dos attributes = Yes
	browseable = No

Kind regards,

Jelle de Jong

More information about the samba mailing list