[Samba] NT_STATUS_INTERNAL_ERROR

Rowland penny rpenny at samba.org
Tue Jul 26 12:19:49 UTC 2016 

On 26/07/16 12:41, Ricardo Pardim Claus wrote:
> I apologize for the lack of standardization and alignment of text to post the answers. I will try to send the information a little more standardized and aligned.
>
>
> Dear Rowland,
> Follows the requested information:
> DC Primary: Windows 2008 R2
> Secondary DC: Samba 4.4.5
>
> Content smb.conf
>
> [global]
>          #bind interfaces only = Yes
>          interfaces = lo eno16777984
>          netbios name = SRV14
>          realm = DOMAIN.LOCAL
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
>          workgroup = DOMAIN
>          server role = active directory domain controller
>          comment =
>          #vfs objects = acl_xattr
>          #map acl inherit = yes
>          #store dos attributes = yes
>          log file = /var/log/samba/%m.log
>          log level = 9
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>          read only = No
>
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
>
> Content krb5.conf
>
>
> [logging]
>   default = FILE:/var/log/krb5libs.log
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
>   dns_lookup_realm = false
>   dns_lookup_kdc = true
>   ticket_lifetime = 24h
>   renew_lifetime = 7d
>   forwardable = true
>   rdns = false
>   default_realm = DOMAIN.LOCAL
>   default_ccache_name = KEYRING:persistent:%{uid}
>
> [realms]
> # EXAMPLE.COM = {
> #  kdc = kerberos.example.com
> #  admin_server = kerberos.example.com
> # }
>
> [domain_realm]
> # .example.com = EXAMPLE.COM
> # example.com = EXAMPLE.COM
>
>
> I hope I have passed all the necessary information. If you need any more information, I ask you to let me know.
> Thank you!

OK, Your smb.conf looks fairly correct (you don't need the 'server 
services' line, yours is the default, provided you are using the 
internal DNS server)

Your krb5.conf only needs to look like this:

[libdefaults]
  default_realm = DOMAIN.LOCAL
  dns_lookup_realm = false
  dns_lookup_kdc = true

Which brings us to potential problem, if your domain name does end in 
'.local' it could interfere with Avahi if it is running on the DC, if it 
is running, I would suggest turning it off.

In your first post you posted the command 'smbclient -k -L 
//domain.local' , this will not work, try:

smbclient -k -L //DC

Where 'DC' is the short hostname, this works for me.

Rowland

More information about the samba mailing list