[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC

Richard Connon richard at connon.me.uk
Wed Oct 4 21:14:39 UTC 2017


Hi,

I have a samba 4.5.8 AD DC (debian 9.1 package) which is having problems 
with RPC requests. This DC has been updated from the wheezy-backports 
package (4.1.17) via the jessie package (4.2.14) but I'm not sure if RPC 
worked immediately before the upgrade either since most of the time it 
only serves LDAP and krb5.

Connecting using RSAT from windows gives "RPC Server Unavailable" message.

To try and isolate the problem I firewalled traffic from all but one 
host and attempted to connect using rpcclient. From this I see 
NT_STATUS_INTERNAL_ERROR

Attached are files containing the output from rpcclient, the logs from 
samba and smbd and the smb.conf from the client and the AD DC. The logs 
are all at log level 3 but I can re-generate them at a higher debug 
level if someone thinks this may be helpful.

The internal error seems to be shown in the smbd log but there's nothing 
which really indicates (to me) what might have gone wrong to cause it.

Anyone have any ideas?

-------------- next part --------------
[2017/10/04 20:44:27.320667,  3] ../source3/param/loadparm.c:3739(lp_load_ex)
  lp_load_ex: refreshing parameters
[2017/10/04 20:44:27.320711,  3] ../source3/param/loadparm.c:542(init_globals)
  Initialising global parameters
[2017/10/04 20:44:27.320760,  3] ../source3/param/loadparm.c:2668(lp_do_section)
  Processing section "[global]"
[2017/10/04 20:44:27.320833,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[netlogon]"
[2017/10/04 20:44:27.320864,  2] ../source3/param/loadparm.c:2685(lp_do_section)
  Processing section "[sysvol]"
[2017/10/04 20:44:27.320898,  3] ../source3/param/loadparm.c:1585(lp_add_ipc)
  adding IPC service
[2017/10/04 20:44:27.321111,  2] ../source3/lib/interface.c:345(add_interface)
  added interface eth1 ip=2001:67c:248c:233::c bcast= netmask=ffff:ffff:ffff:ffff::
[2017/10/04 20:44:27.321125,  2] ../source3/lib/interface.c:345(add_interface)
  added interface eth0 ip=10.10.0.12 bcast=10.10.0.255 netmask=255.255.255.0
[2017/10/04 20:44:27.321151,  3] ../source3/smbd/server.c:1705(main)
  loaded services
[2017/10/04 20:44:27.321183,  1] ../source3/profile/profile_dummy.c:30(set_profile_level)
  INFO: Profiling support unavailable in this build.
[2017/10/04 20:44:27.321195,  3] ../source3/smbd/server.c:1737(main)
  Becoming a daemon.
[2017/10/04 20:44:27.831804,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of idmap.ldb
[2017/10/04 20:44:27.882942,  3] ../source3/rpc_server/svcctl/srv_svcctl_reg.c:565(svcctl_init_winreg)
  Initialise the svcctl registry keys if needed.
[2017/10/04 20:44:27.885064,  3] ../source3/rpc_server/eventlog/srv_eventlog_reg.c:59(eventlog_init_winreg)
  Initialise the eventlog registry keys if needed.
[2017/10/04 20:44:27.894323,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[2017/10/04 20:44:27.895189,  2] ../source3/smbd/server.c:1382(smbd_parent_loop)
  waiting for connections
[2017/10/04 20:44:36.308569,  3] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 10.10.0.11 (10.10.0.11)
[2017/10/04 20:44:36.308713,  3] ../source3/smbd/oplock.c:1322(init_oplocks)
  init_oplocks: initializing messages.
[2017/10/04 20:44:36.308877,  3] ../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 88 (0 toread)
[2017/10/04 20:44:36.308907,  3] ../source3/smbd/process.c:1538(switch_message)
  switch message SMBnegprot (pid 9055) conn 0x0
[2017/10/04 20:44:36.310049,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [NT LANMAN 1.0]
[2017/10/04 20:44:36.310081,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [NT LM 0.12]
[2017/10/04 20:44:36.310089,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.002]
[2017/10/04 20:44:36.310093,  3] ../source3/smbd/negprot.c:603(reply_negprot)
  Requested protocol [SMB 2.???]
[2017/10/04 20:44:36.310187,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB2_FF
[2017/10/04 20:44:36.313276,  2] ../lib/util/modules.c:196(do_smb_load_module)
  Module 'samba4' loaded
[2017/10/04 20:44:36.314350,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2017/10/04 20:44:36.314373,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2017/10/04 20:44:36.314383,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2017/10/04 20:44:36.314393,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'spnego' registered
[2017/10/04 20:44:36.314410,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'schannel' registered
[2017/10/04 20:44:36.314422,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2017/10/04 20:44:36.314435,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2017/10/04 20:44:36.314448,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2017/10/04 20:44:36.314472,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/10/04 20:44:36.314485,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_basic' registered
[2017/10/04 20:44:36.314498,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2017/10/04 20:44:36.314510,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'krb5' registered
[2017/10/04 20:44:36.314526,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2017/10/04 20:44:36.315859,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.316521,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'sam' registered
[2017/10/04 20:44:36.316535,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2017/10/04 20:44:36.316544,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'anonymous' registered
[2017/10/04 20:44:36.316549,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'winbind' registered
[2017/10/04 20:44:36.316554,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2017/10/04 20:44:36.316565,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2017/10/04 20:44:36.316578,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'unix' registered
[2017/10/04 20:44:36.320048,  3] ../source3/smbd/negprot.c:730(reply_negprot)
  Selected protocol SMB 2.???
[2017/10/04 20:44:36.323093,  3] ../source3/smbd/smb2_negprot.c:290(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_02
[2017/10/04 20:44:36.323413,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.327230,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2017/10/04 20:44:36.328706,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.330092,  3] ../auth/ntlmssp/ntlmssp_server.c:452(ntlmssp_server_preauth)
  Got user=[richard] domain=[CONNON] workstation=[SHELL02] len1=24 len2=284
[2017/10/04 20:44:36.330134,  3] ../source4/auth/ntlm/auth.c:271(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user [CONNON]\[richard]@[SHELL02]
  auth_check_password_send: mapped user is: [CONNON]\[richard]@[SHELL02]
[2017/10/04 20:44:36.336080,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/10/04 20:44:36.336109,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.336139,  3] ../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/10/04 20:44:36.336146,  3] ../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/10/04 20:44:36.345588,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of privilege.ldb
[2017/10/04 20:44:36.346091,  3] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_INTERNAL_ERROR] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/10/04 20:44:36.347884,  3] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_END_OF_FILE)
[2017/10/04 20:44:36.353707,  3] ../source3/lib/util_procid.c:54(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
-------------- next part --------------
[2017/10/04 20:44:26.982686,  0] ../source4/smbd/server.c:372(binary_smbd_main)
  samba version 4.5.8-Debian started.
  Copyright Andrew Tridgell and the Samba Team 1992-2016
[2017/10/04 20:44:26.983323,  3] ../source4/smbd/server.c:383(binary_smbd_main)
  Becoming a daemon.
[2017/10/04 20:44:26.985861,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2017/10/04 20:44:26.985886,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2017/10/04 20:44:26.985893,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2017/10/04 20:44:26.985898,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'spnego' registered
[2017/10/04 20:44:26.985903,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'schannel' registered
[2017/10/04 20:44:26.985908,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'naclrpc_as_system' registered
[2017/10/04 20:44:26.985913,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'sasl-EXTERNAL' registered
[2017/10/04 20:44:26.985918,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2017/10/04 20:44:26.985924,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'ntlmssp_resume_ccache' registered
[2017/10/04 20:44:26.985932,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_basic' registered
[2017/10/04 20:44:26.985941,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'http_ntlm' registered
[2017/10/04 20:44:26.985947,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'krb5' registered
[2017/10/04 20:44:26.985952,  3] ../auth/gensec/gensec_start.c:908(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2017/10/04 20:44:26.986321,  3] ../source4/smbd/process_model.c:97(register_process_model)
  PROCESS_MODEL 'single' registered
[2017/10/04 20:44:26.986337,  3] ../source4/smbd/process_model.c:97(register_process_model)
  PROCESS_MODEL 'standard' registered
[2017/10/04 20:44:27.010314,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'sam' registered
[2017/10/04 20:44:27.010353,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2017/10/04 20:44:27.010359,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'anonymous' registered
[2017/10/04 20:44:27.010364,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'winbind' registered
[2017/10/04 20:44:27.010369,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2017/10/04 20:44:27.010373,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2017/10/04 20:44:27.010378,  3] ../source4/auth/ntlm/auth.c:675(auth_register)
  AUTH backend 'unix' registered
[2017/10/04 20:44:27.133366,  3] ../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
  ldb_wrap open of privilege.ldb
[2017/10/04 20:44:27.133573,  0] ../source4/smbd/server.c:479(binary_smbd_main)
  samba: using 'standard' process model
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2017/10/04 20:44:27.141201,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'rpcecho' registered
[2017/10/04 20:44:27.141256,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'epmapper' registered
[2017/10/04 20:44:27.141266,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'remote' registered
[2017/10/04 20:44:27.141780,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'wkssvc' registered
[2017/10/04 20:44:27.141801,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'unixinfo' registered
[2017/10/04 20:44:27.141824,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'samr' registered
[2017/10/04 20:44:27.141836,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'netlogon' registered
[2017/10/04 20:44:27.141855,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'dssetup' registered
[2017/10/04 20:44:27.141871,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'lsarpc' registered
[2017/10/04 20:44:27.141886,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'backupkey' registered
[2017/10/04 20:44:27.141898,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'drsuapi' registered
[2017/10/04 20:44:27.141909,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'browser' registered
[2017/10/04 20:44:27.141926,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'eventlog6' registered
[2017/10/04 20:44:27.141941,  3] ../source4/rpc_server/dcerpc_server.c:1721(dcerpc_register_ep_server)
  DCERPC endpoint server 'dnsserver' registered
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2017/10/04 20:44:27.177803,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177863,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177882,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177899,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.177922,  2] ../source4/dsdb/repl/drepl_partitions.c:116(dreplsrv_load_partitions)
  dreplsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2017/10/04 20:44:27.193116,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[CN=Schema,CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193155,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193165,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193179,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.193194,  2] ../source4/dsdb/kcc/kcc_service.c:127(kccsrv_load_partitions)
  kccsrv_partition[DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk] loaded
[2017/10/04 20:44:27.206309,  0] ../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'samba' finished starting up and ready to serve connections
samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.
[2017/10/04 20:44:27.209907,  3] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_check_names)
  Calling DNS name update script
[2017/10/04 20:44:27.220238,  3] ../source4/dsdb/dns/dns_update.c:345(dnsupdate_check_names)
  Calling SPN name update script
[2017/10/04 20:44:28.198435,  3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
  Child /usr/sbin/samba_spnupdate exited with status 0
[2017/10/04 20:44:28.198504,  3] ../source4/dsdb/dns/dns_update.c:315(dnsupdate_spnupdate_done)
  Completed SPN update check OK
[2017/10/04 20:44:28.328796,  3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
  Child /usr/sbin/samba_dnsupdate exited with status 0
[2017/10/04 20:44:28.328854,  3] ../source4/dsdb/dns/dns_update.c:292(dnsupdate_nameupdate_done)
  Completed DNS update check OK
[2017/10/04 20:44:31.149029,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DC01<00> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149137,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DC01<03> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149167,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered DC01<20> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149183,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered CONNON<1b> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149199,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered CONNON<1c> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:31.149213,  3] ../source4/nbt_server/register.c:155(nbtd_register_name_handler)
  Registered CONNON<00> with 10.10.0.12 on interface 10.10.0.255
[2017/10/04 20:44:42.205290,  2] ../source4/dsdb/kcc/kcc_periodic.c:711(kccsrv_samba_kcc)
  Calling samba_kcc script
[2017/10/04 20:44:42.215313,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=ForestDnsZones,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects
[2017/10/04 20:44:42.223303,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=DomainDnsZones,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects
[2017/10/04 20:44:42.229635,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects
[2017/10/04 20:44:42.266468,  1] ../source4/dsdb/kcc/garbage_collect_tombstones.c:68(garbage_collect_tombstones_part)
  Doing a full scan on CN=Configuration,DC=ads,DC=connon,DC=me,DC=uk and looking for deleted objects
[2017/10/04 20:44:42.381205,  0] ../lib/util/util_runcmd.c:316(samba_runcmd_io_handler)
  /usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
[2017/10/04 20:44:42.595155,  3] ../lib/util/util_runcmd.c:296(samba_runcmd_io_handler)
  Child /usr/sbin/samba_kcc exited with status 0
[2017/10/04 20:44:42.595220,  3] ../source4/dsdb/kcc/kcc_periodic.c:696(samba_kcc_done)
  Completed samba_kcc OK
-------------- next part --------------
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
added interface eth0 ip=2001:67c:248c:233::b bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.10.0.11 bcast=10.10.0.255 netmask=255.255.255.0
invalid ownership on directory /var/cache/samba/lck
messaging_dgm_lockfile_create: Could not create lock directory: No such file or directory
messaging_dgm_init: messaging_dgm_create_lockfile failed: No such file or directory
messaging_dgm_init failed: No such file or directory
Enter richard's password:
Connecting to 10.10.0.12 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
SPNEGO login failed: An internal error occurred.
Cannot connect to server.  Error was NT_STATUS_INTERNAL_ERROR
-------------- next part --------------
[global]
        security = ads
        netbios name = SHELL02
        realm = ADS.CONNON.ME.UK
        workgroup = CONNON
        private dir = /var/lib/samba/private
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = dedicated keytab
-------------- next part --------------
[global]
        log level = 2
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
        netbios name = DC01
        realm = ADS.CONNON.ME.UK
        workgroup = CONNON
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, ntp_signd, kcc, dnsupdate
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = dedicated keytab
        dsdb:schema update allowed = Yes

[netlogon]
        path = /var/lib/samba/sysvol/ads.connon.me.uk/scripts
        read only = No
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


More information about the samba mailing list