[Samba] NT_STATUS_NO_LOGON_SERVERS

Rowland Penny rpenny at samba.org
Sun Nov 13 11:37:18 UTC 2016


On Sun, 13 Nov 2016 09:50:09 +0000
niya levi via samba <samba at lists.samba.org> wrote:

> hi everyone
> 
> i'm having trouble figuring out why i'm getting
> NT_STATUS_NO_LOGON_SERVERS errors,
> i have two samba ad domain controllers running on raspberry pi's
> i think it a recent problem since an upgrade because
> i was able to list domain users on a joined member server
> but now getent only lists local users,
> i've read that the problem might be due to avahi which i stop with
> systemd or it might be a dns issue,
> the following commands run on a dc all succeed except for the last
> nmblookup command
> what further commands could i run to identify the problem ?
> 
> [ashanti ~]$ host -t SRV _ldap._tcp.ad.tissisat.co.uk
> _ldap._tcp.ad.tissisat.co.uk has SRV record 0 100 389
> khafu.ad.tissisat.co.uk.
> _ldap._tcp.ad.tissisat.co.uk has SRV record 0 100 389
> ashanti.ad.tissisat.co.uk.
> [ashanti ~]$ host -t SRV _kerberos._udp.ad.tissisat.co.uk
> _kerberos._udp.ad.tissisat.co.uk has SRV record 0 100 88
> khafu.ad.tissisat.co.uk.
> _kerberos._udp.ad.tissisat.co.uk has SRV record 0 100 88
> ashanti.ad.tissisat.co.uk.
> [ashanti ~]$ host -t A ashanti.ad.tissisat.co.uk
> ashanti.ad.tissisat.co.uk has address 10.2.1.6
> 
> sudo smbclient -L ashanti -U%
> Domain=[TISSISAT] OS=[Windows 6.1] Server=[Samba 4.5.1]
> 
>     Sharename       Type      Comment
>     ---------       ----      -------
>     netlogon        Disk     
>     sysvol          Disk     
>     IPC$            IPC       IPC Service (Samba 4.5.1)
> Domain=[TISSISAT] OS=[Windows 6.1] Server=[Samba 4.5.1]
> 
>     Server               Comment
>     ---------            -------
> 
>     Workgroup            Master
>     ---------            -------
> 
> sudo smbclient //tardis/smb/home/phil -Uphil
> Enter phil's password:
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
> 
> [ashanti ~]$ sudo nmblookup 'TISSISAT#1b' 'TISSISAT#1c'
> 10.2.1.9 TISSISAT<1b>
> name_query failed to find name TISSISAT#1c
> 
> [ashanti ~]$ sudo smbclient -d=5 //TARDIS/smb/home/phil -Uphil
> INFO: Current debug levels:
>   all: 5
>   tdb: 5
>   printdrivers: 5
>   lanman: 5
>   smb: 5
>   rpc_parse: 5
>   rpc_srv: 5
>   rpc_cli: 5
>   passdb: 5
>   sam: 5
>   auth: 5
>   winbind: 5
>   vfs: 5
>   idmap: 5
>   quota: 5
>   acls: 5
>   locking: 5
>   msdfs: 5
>   dmapi: 5
>   registry: 5
>   scavenger: 5
>   dns: 5
>   ldb: 5
>   tevent: 5
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) INFO: Current debug levels:
>   all: 5
>   tdb: 5
>   printdrivers: 5
>   lanman: 5
>   smb: 5
>   rpc_parse: 5
>   rpc_srv: 5
>   rpc_cli: 5
>   passdb: 5
>   sam: 5
>   auth: 5
>   winbind: 5
>   vfs: 5
>   idmap: 5
>   quota: 5
>   acls: 5
>   locking: 5
>   msdfs: 5
>   dmapi: 5
>   registry: 5
>   scavenger: 5
>   dns: 5
>   ldb: 5
>   tevent: 5
> Processing section "[global]"
> doing parameter netbios name = ASHANTI
> doing parameter realm = AD.TISSISAT.CO.UK
> doing parameter server services = s3fs, rpc, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> doing parameter workgroup = TISSISAT
> doing parameter server role = active directory domain controller
> doing parameter idmap_ldb:use rfc2307 = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter load printers = no
> doing parameter printing = bsd
> doing parameter printcap name = /dev/null
> doing parameter disable spoolss = yes
> doing parameter interfaces = lo eth0
> doing parameter bind interfaces only = yes
> doing parameter allow dns updates = nonsecure
> doing parameter client ldap sasl wrapping = sign
> doing parameter tls enabled = yes
> doing parameter tls keyfile = tls/key.pem
> doing parameter tls certfile = tls/cert.pem
> doing parameter tls cafile = tls/ca.pem
> doing parameter log file = /var/log/samba/%m.log
> doing parameter max log size = 50
> pm_process() returned Yes
> added interface lo ip=::1 bcast=
> netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
> added interface lo ip=127.0.0.1 bcast=127.255.255.255
> netmask=255.0.0.0 added interface eth0 ip=10.2.1.6 bcast=10.2.1.255
> netmask=255.255.255.0 Netbios name list:-
> my_netbios_names[0]="ASHANTI"
> Client started (version 4.5.1).
> Enter philmore's password:
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/cache/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for realm 'AD.TISSISAT.CO.UK'
> no entry for TARDIS#20 found.
> resolve_lmhosts: Attempting lmhosts lookup for name TARDIS<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
> such file or directory
> resolve_wins: WINS server resolution selected and no WINS servers
> listed. resolve_hosts: Attempting host lookup for name TARDIS<0x20>
> namecache_store: storing 1 address for TARDIS#20: 10.2.1.9
> Connecting to 10.2.1.9 at port 445
> Socket options:
>     SO_KEEPALIVE = 0
>     SO_REUSEADDR = 0
>     SO_BROADCAST = 0
>     TCP_NODELAY = 1
>     TCP_KEEPCNT = 9
>     TCP_KEEPIDLE = 7200
>     TCP_KEEPINTVL = 75
>     IPTOS_LOWDELAY = 0
>     IPTOS_THROUGHPUT = 0
>     SO_REUSEPORT = 0
>     SO_SNDBUF = 44800
>     SO_RCVBUF = 341760
>     SO_SNDLOWAT = 1
>     SO_RCVLOWAT = 1
>     SO_SNDTIMEO = 0
>     SO_RCVTIMEO = 0
>     TCP_QUICKACK = 1
>     TCP_DEFER_ACCEPT = 0
>  session request ok
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_TARGET_TYPE_DOMAIN
>   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>   NTLMSSP_NEGOTIATE_TARGET_INFO
>   NTLMSSP_NEGOTIATE_VERSION
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>   NTLMSSP_NEGOTIATE_VERSION
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>   NTLMSSP_NEGOTIATE_VERSION
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> SPNEGO login failed: No logon servers
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
> 
> thanks
> shadrock
> 
> 

One thing jumps out here:

doing parameter server services = s3fs, rpc, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate

What happened to 'nbt' ??

Rowland



More information about the samba mailing list