[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR

L.P.H. van Belle belle at bazuin.nl
Thu Aug 10 13:03:25 UTC 2017 

Hai, 

So after review all posts things again.

This is the AD DC, can you show the output of : 
systemctl status smbd nmbd winbind samba samba-ad-dc
( yes, one line ) 

And. To make sure the right things are enabled. 
Run this: ( this ONLY for a AD AD samba setup) 

systemctl disable smbd nmbd winbind samba
systemctl mask smbd nmbd winbind samba
systemctl stop smbd nmbd winbind samba

systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc

You logs shows:
For example : Kerberos: AS-REQ Administrator at RONA from ipv4:192.168.19.29:49815 for krbtgt/RONA at RONA 

And 
 Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED' 
https://bugzilla.samba.org/show_bug.cgi?id=7605 


Can you change your resolv.conf to ..
domain rona.loc
search rona.loc
nameserver 192.168.19.2

Yes Rowland, i know... About ... You know, lets not go there.. ( for now ;-) ) 
but Vladimir, please set this, reboot the server and try again. 

Post the result. 
I agree with rowland, only the resolv.conf is different compaired most setups. 

If the test works, 
Can you change your resolv.conf to ..
search rona.loc
nameserver 192.168.19.2

And reboot the server, and try again.  

Whats the diffence between Rowland and me.. 
I did keep all settings from the debian install. 
( thats why i have domain and search, no other reason ) 

Last, i think this is resolving.
Kerberos: AS-REQ Administrator at RONA should show Kerberos: AS-REQ Administrator at RONA.LOC 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Vladimir Frelikh via samba
> Verzonden: donderdag 10 augustus 2017 14:23
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] cannot join windows 7 samba4-ad-dc 
> fresh install, get NT_STATUS_INTERNAL_ERROR
> 
> Hi,
> thanks for your participatioin,
> 
> here's the output:
> 
> smbclient -L $(hostname -f) -UAdministrator -d3
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows 
> limit (16384)
> Processing section "[global]"
> added interface eth0 ip=192.168.19.2 bcast=192.168.19.255
> netmask=255.255.255.0
> Client started (version 4.5.8-Debian).
> Enter Administrator's password:
> resolve_hosts: Attempting host lookup for name sambadc.rona.loc<0x20>
> Connecting to 192.168.19.2 at port 445
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898215
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088215
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088215
> SPNEGO login failed: An internal error occurred.
> session setup failed: NT_STATUS_INTERNAL_ERROR
> 
> I could raise the log level if this is not enough
> 
> 
> --
> ?? ??????????????????, ????????????????.
> 
> 2017-08-10 16:26 GMT+07:00 Rowland Penny via samba 
> <samba at lists.samba.org>:
> 
> > On Thu, 10 Aug 2017 08:14:33 +0700
> > Vladimir Frelikh via samba <samba at lists.samba.org> wrote:
> >
> > > > >>
> > > > >> <https://mail.google.com/mail/u/0/?ui=2&ik=7f6f030913&view=
> > > > 
> att&th=15dc2ba7d7a63129&attid=0.1&disp=safe&realattid=f_j63tfts50&zw>
> > > > >>
> > > > >>
> > > > >> --
> > > > >> Best regards, Vladimir
> >
> > There doesn't seem to be anything really wrong with the 
> conf files you
> > have posted so far, except (and this is just a nitpick) I would use
> > 'search' instead of 'domain' in /etc/resolv.conf
> >
> > There also doesn't seem to be anything obvious in the log 
> you posted.
> >
> > Have you tried asking smbclient to be a bit more verbose ?
> >
> > smbclient -L localhost -U% -d3
> >
> > Try this and keep raising the last number until something 
> does pop out
> > (hopefully)
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list