[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR

Vladimir Frelikh e285ne at gmail.com
Thu Aug 10 01:14:33 UTC 2017 

hi,

here is the output from win 7 machine, cutted non-us local symbols are
substituted by [cut]:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : testing
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter [cut]:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : [cut] Intel(R) PRO/1000 MT
   Physical Address. . . . . . . . . : 08-00-27-E0-C1-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . :
fe80::6085:e816:b3a6:e25c%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.19.29(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.19.1
   DHCPv6 IAID . . . . . . . . . . . : 235405351
   DHCPv6 Client DUID. . . . . . . . :
00-01-00-01-20-EC-BC-5A-08-00-27-E0-C1-08
   DNS Servers . . . . . . . . . . . : 192.168.19.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{84FC8508-AFBB-4080-B7CD-06BC11FC86F0}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : [cut] Microsoft ISATAP
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter [cut] 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . :
2001:0:9d38:6ab8:2c17:6c6:3f57:ece2(Preferred)
   Link-local IPv6 Address . . . . . :
fe80::2c17:6c6:3f57:ece2%13(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

------
here is the output of smbclient:

smbclient -L $(hostname -f) -Uadministrator%<password> -m smb2

if I give correct password, it gives me:
session setup failed: NT_STATUS_INTERNAL_ERROR
if I give wrong password (on purpose) it gives me:
session setup failed: NT_STATUS_LOGON_FAILURE

------
here is the output if ip addr of the sambadc.rona.loc host:

ip -f inet addr show eth0
5: eth0 at if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000 link-netnsid 0
    inet 192.168.19.2/24 brd 192.168.19.255 scope global eth0
       valid_lft forever preferred_lft forever


--
Best regards, Vladimir

2017-08-10 1:50 GMT+07:00 L.P.H. van Belle via samba <samba at lists.samba.org>
:

> hi,
>
> can you post a ipconfig /all from the windows pc also.
>
> a quick look at the server config looks ok to me.
>
> and does smbclient -L $(hostname -f) -U% -m smb2
> work.
>
> greetz,
>
> Louis
>
>
> > Op 9 aug. 2017 om 17:23 heeft Vladimir Frelikh via samba <
> samba at lists.samba.org> het volgende geschreven:
> >
> > Sorry forgot to mention samba version and build options:
> >
> > samba -b
> > Samba version: 4.5.8-Debian
> > Build environment:
> > Paths:
> >   BINDIR: /usr/bin
> >   SBINDIR: /usr/sbin
> >   CONFIGFILE: /etc/samba/smb.conf
> >   NCALRPCDIR: /var/run/samba/ncalrpc
> >   LOGFILEBASE: /var/log/samba
> >   LMHOSTSFILE: /etc/samba/lmhosts
> >   DATADIR: /usr/share
> >   MODULESDIR: /usr/lib/i386-linux-gnu/samba
> >   LOCKDIR: /var/run/samba
> >   STATEDIR: /var/lib/samba
> >   CACHEDIR: /var/cache/samba
> >   PIDDIR: /var/run/samba
> >   PRIVATE_DIR: /var/lib/samba/private
> >   CODEPAGEDIR: /usr/share/samba/codepages
> >   SETUPDIR: /usr/share/samba/setup
> >   WINBINDD_SOCKET_DIR: /var/run/samba/winbindd
> >   WINBINDD_PRIVILEGED_SOCKET_DIR: /var/lib/samba/winbindd_privileged
> >   NTP_SIGND_SOCKET_DIR: /var/lib/samba/ntp_signd
> >
> > and the log file is located here:
> >
> > https://pastebin.com/SqCUj5xm
> >
> >
> > 2017-08-08 23:43 GMT+07:00 Vladimir Frelikh <e285ne at gmail.com>:
> >
> >> Hello,
> >> I've a problem joining windows 7 samba4 ad
> >> I'm doing a completely clean install on debian 9.1
> >> When trying to join AD Win 7 gives me "internal error"
> >> I also get error on "Verifying the File Server" step of the
> >>
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Acti
> >> ve_Directory_Domain_Controller
> >>
> >> here's the output:
> >>
> >> smbclient -L localhost -U%
> >> session setup failed: NT_STATUS_INTERNAL_ERROR
> >>
> >> smbclient //localhost/netlogon -UAdministrator -c `ls`
> >> Enter Administrator's password:
> >> session setup failed: NT_STATUS_INTERNAL_ERROR
> >> ------
> >> If you need more info (config, trace, debug, tcpdump etc) I will post it
> >> Please help
> >>
> >> provision script, configs and log are below:
> >>
> >> samba-tool domain provision --server-role=dc --use-rfc2307
> >> --dns-backend=SAMBA_INTERNAL --realm=RONA.LOC --domain=RONA
> >> --adminpass=<mypassword>
> >> ------
> >> cat /etc/debian_version
> >> 9.1
> >> ------
> >> cat /etc/samba/smb.conf
> >> # Global parameters
> >> [global]
> >>        netbios name = SAMBADC
> >>        realm = RONA.LOC
> >>        workgroup = RONA
> >>        dns forwarder = 192.168.19.1
> >>        server role = active directory domain controller
> >>        idmap_ldb:use rfc2307 = yes
> >>        log level = 5
> >>
> >> [netlogon]
> >>        path = /var/lib/samba/sysvol/rona.loc/scripts
> >>        read only = No
> >>
> >> [sysvol]
> >>        path = /var/lib/samba/sysvol
> >>        read only = No
> >> ------
> >> cat /etc/krb5.conf
> >> [libdefaults]
> >>        default_realm = RONA.LOC
> >>        dns_lookup_realm = false
> >>        dns_lookup_kdc = true
> >> ------
> >> cat /etc/resolv.conf
> >> domain rona.loc
> >> nameserver 192.168.19.2
> >> ------
> >> cat /etc/hosts
> >> 127.0.0.1       localhost
> >> ::1             localhost ip6-localhost ip6-loopback
> >> ff02::1         ip6-allnodes
> >> ff02::2         ip6-allrouters
> >> 192.168.19.2    sambadc.rona.loc sambadc
> >> ------
> >> kinit administrator at RONA.LOC
> >> Password for administrator at RONA.LOC:
> >> Warning: Your password will expire in 41 days on Tue Sep 19 20:53:26
> 2017
> >> ------
> >> klist
> >> Ticket cache: FILE:/tmp/krb5cc_0
> >> Default principal: administrator at RONA.LOC
> >>
> >> Valid starting     Expires            Service principal
> >> 08/08/17 23:23:40  08/09/17 09:23:40  krbtgt/RONA.LOC at RONA.LOC
> >>        renew until 08/09/17 23:23:37
> >> ------
> >> log file of the joining windows 7 session:
> >> log.out
> >> (38 ????)
> >>
> >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view=
> att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw>
> >>
> >>
> >> --
> >> Best regards, Vladimir
> >>
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list