[Samba] NT_STATUS_NO_LOGON_SERVERS

niya levi niyalevi at gmail.com
Sun Nov 13 09:50:09 UTC 2016 

hi everyone

i'm having trouble figuring out why i'm getting
NT_STATUS_NO_LOGON_SERVERS errors,
i have two samba ad domain controllers running on raspberry pi's
i think it a recent problem since an upgrade because
i was able to list domain users on a joined member server
but now getent only lists local users,
i've read that the problem might be due to avahi which i stop with systemd
or it might be a dns issue,
the following commands run on a dc all succeed except for the last
nmblookup command
what further commands could i run to identify the problem ?

[ashanti ~]$ host -t SRV _ldap._tcp.ad.tissisat.co.uk
_ldap._tcp.ad.tissisat.co.uk has SRV record 0 100 389
khafu.ad.tissisat.co.uk.
_ldap._tcp.ad.tissisat.co.uk has SRV record 0 100 389
ashanti.ad.tissisat.co.uk.
[ashanti ~]$ host -t SRV _kerberos._udp.ad.tissisat.co.uk
_kerberos._udp.ad.tissisat.co.uk has SRV record 0 100 88
khafu.ad.tissisat.co.uk.
_kerberos._udp.ad.tissisat.co.uk has SRV record 0 100 88
ashanti.ad.tissisat.co.uk.
[ashanti ~]$ host -t A ashanti.ad.tissisat.co.uk
ashanti.ad.tissisat.co.uk has address 10.2.1.6

sudo smbclient -L ashanti -U%
Domain=[TISSISAT] OS=[Windows 6.1] Server=[Samba 4.5.1]

    Sharename       Type      Comment
    ---------       ----      -------
    netlogon        Disk     
    sysvol          Disk     
    IPC$            IPC       IPC Service (Samba 4.5.1)
Domain=[TISSISAT] OS=[Windows 6.1] Server=[Samba 4.5.1]

    Server               Comment
    ---------            -------

    Workgroup            Master
    ---------            -------

sudo smbclient //tardis/smb/home/phil -Uphil
Enter phil's password:
session setup failed: NT_STATUS_NO_LOGON_SERVERS

[ashanti ~]$ sudo nmblookup 'TISSISAT#1b' 'TISSISAT#1c'
10.2.1.9 TISSISAT<1b>
name_query failed to find name TISSISAT#1c

[ashanti ~]$ sudo smbclient -d=5 //TARDIS/smb/home/phil -Uphil
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[global]"
doing parameter netbios name = ASHANTI
doing parameter realm = AD.TISSISAT.CO.UK
doing parameter server services = s3fs, rpc, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = TISSISAT
doing parameter server role = active directory domain controller
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter interfaces = lo eth0
doing parameter bind interfaces only = yes
doing parameter allow dns updates = nonsecure
doing parameter client ldap sasl wrapping = sign
doing parameter tls enabled = yes
doing parameter tls keyfile = tls/key.pem
doing parameter tls certfile = tls/cert.pem
doing parameter tls cafile = tls/ca.pem
doing parameter log file = /var/log/samba/%m.log
doing parameter max log size = 50
pm_process() returned Yes
added interface lo ip=::1 bcast=
netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.1.6 bcast=10.2.1.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="ASHANTI"
Client started (version 4.5.1).
Enter philmore's password:
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'AD.TISSISAT.CO.UK'
no entry for TARDIS#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name TARDIS<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name TARDIS<0x20>
namecache_store: storing 1 address for TARDIS#20: 10.2.1.9
Connecting to 10.2.1.9 at port 445
Socket options:
    SO_KEEPALIVE = 0
    SO_REUSEADDR = 0
    SO_BROADCAST = 0
    TCP_NODELAY = 1
    TCP_KEEPCNT = 9
    TCP_KEEPIDLE = 7200
    TCP_KEEPINTVL = 75
    IPTOS_LOWDELAY = 0
    IPTOS_THROUGHPUT = 0
    SO_REUSEPORT = 0
    SO_SNDBUF = 44800
    SO_RCVBUF = 341760
    SO_SNDLOWAT = 1
    SO_RCVLOWAT = 1
    SO_SNDTIMEO = 0
    SO_RCVTIMEO = 0
    TCP_QUICKACK = 1
    TCP_DEFER_ACCEPT = 0
 session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: No logon servers
session setup failed: NT_STATUS_NO_LOGON_SERVERS

thanks
shadrock

More information about the samba mailing list