[Samba] cannot join windows 7 samba4-ad-dc fresh install, get NT_STATUS_INTERNAL_ERROR

Tue Aug 15 08:16:58 UTC 2017

On Tue, 15 Aug 2017 13:40:15 +0700
Vladimir Frelikh via samba <samba at lists.samba.org> wrote:

> Hello, sorry for the delay,
> kinit goes fine, here is the output of
> klist :
> 
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at RONA.LOC
> 
> Valid starting       Expires              Service principal
> 15.08.2017 13:36:07  15.08.2017 23:36:07  krbtgt/RONA.LOC at RONA.LOC
>         renew until 16.08.2017 13:36:03
> ------
> here's the output of
> smbclient -k -L //sambadc.rona.loc -d9 -UAdministrator%password :
> 
> INFO: Current debug levels:
>   all: 9
>   tdb: 9
>   printdrivers: 9
>   lanman: 9
>   smb: 9
>   rpc_parse: 9
>   rpc_srv: 9
>   rpc_cli: 9
>   passdb: 9
>   sam: 9
>   auth: 9
>   winbind: 9
>   vfs: 9
>   idmap: 9
>   quota: 9
>   acls: 9
>   locking: 9
>   msdfs: 9
>   dmapi: 9
>   registry: 9
>   scavenger: 9
>   dns: 9
>   ldb: 9
>   tevent: 9
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384) INFO: Current debug levels:
>   all: 9
>   tdb: 9
>   printdrivers: 9
>   lanman: 9
>   smb: 9
>   rpc_parse: 9
>   rpc_srv: 9
>   rpc_cli: 9
>   passdb: 9
>   sam: 9
>   auth: 9
>   winbind: 9
>   vfs: 9
>   idmap: 9
>   quota: 9
>   acls: 9
>   locking: 9
>   msdfs: 9
>   dmapi: 9
>   registry: 9
>   scavenger: 9
>   dns: 9
>   ldb: 9
>   tevent: 9
> Processing section "[global]"
> doing parameter netbios name = SAMBADC
> doing parameter realm = RONA.LOC
> doing parameter workgroup = RONA
> doing parameter dns forwarder = 192.168.19.1
> doing parameter server role = active directory domain controller
> doing parameter idmap_ldb:use rfc2307 = yes
> doing parameter log level = 5
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> added interface eth0 ip=192.168.19.2 bcast=192.168.19.255
> netmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="SAMBADC"
> Client started (version 4.5.8-Debian).
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: No stored sitename for realm 'RONA.LOC'
> name sambadc.rona.loc#20 found.
> Connecting to 192.168.19.2 at port 445
> Socket options:
>         SO_KEEPALIVE = 0
>         SO_REUSEADDR = 0
>         SO_BROADCAST = 0
>         TCP_NODELAY = 1
>         TCP_KEEPCNT = 9
>         TCP_KEEPIDLE = 7200
>         TCP_KEEPINTVL = 75
>         IPTOS_LOWDELAY = 0
>         IPTOS_THROUGHPUT = 0
>         SO_REUSEPORT = 0
>         SO_SNDBUF = 2626560
>         SO_RCVBUF = 1061808
>         SO_SNDLOWAT = 1
>         SO_RCVLOWAT = 1
>         Could not test socket option SO_SNDTIMEO.
>         Could not test socket option SO_RCVTIMEO.
>         TCP_QUICKACK = 1
>         TCP_DEFER_ACCEPT = 0
>  session request ok
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> cli_session_setup_spnego: guessed server
> principal=cifs/sambadc.rona.loc at RONA.LOC
> Kinit for Administrator to access cifs/sambadc.rona.loc at RONA.LOC
> failed: Preauthentication failed
> SPNEGO login failed: Preauthentication failed
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> 
> 

can you run 'pam-auth-update' in a terminal and then post what PAM
profiles are enabled ?

Rowland