[Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC

Richard Connon richard at connon.me.uk
Mon Oct 16 18:06:20 UTC 2017 

Hi,

I provided the dump of all the conf files to Rowland by email but in 
case anyone else is curious they are also here:

http://www.irconan.co.uk/dc.tar http://www.irconan.co.uk/member.tar

I tried providing -S to the join command which didn't change the 
behaviour. It doesn't seem to have trouble finding the DC, only when 
connecting to the RPC server.

Cheers,

Richard


On 16/10/2017 18:13, L.P.H. van Belle via samba wrote:
> yes, this should work fine but this is something in your setup.
> can you try this
>
>
> kinit Administrator
> net
>   ads join -k -s fqdn-dc1.dom.tld
>
>
> if kinit fails, then Rowland wil find your error..
> ive seen this few times.. -S  solves it most of the times.
>
>
>
>
> Greetz,
>
>
> Louis
> (mobile)
>
>
>
>
>
> Op 16 okt. 2017 om 18:27 heeft Rowland Penny via samba <samba at lists.samba.org> het volgende geschreven:
>
>
> On Mon, 16 Oct 2017 17:01:29 +0100
> Richard Connon via samba <samba at lists.samba.org> wrote:
>
> To try and narrow down this issue I tried to setup a test environment
> using two fresh install Debian 9.2 VMs, now running samba 4.5.12
> since it was updated in Debian.
>
> I provisioned a new domain using `samba-tool domain provision` on the
> first VM, let it generate the smb.conf itself, and configured it
> using the BIND9_DLZ DNS backend.
>
> I tried to join the domain using a second Debian 9.2 VM using `net
> ads join -UAdministrator` after setting the DNS resolver to be the
> test DC and synchronising with NTP on the DC. This failed with the
> error:
>
> "Failed to join domain: failed to lookup DC info for domain
> 'ADS.TEST.LOCAL' over rpc: An internal error occurred."
>
> Finally, I tried to connect to RPC on the DC using `rpcclient` which
> failed, as before, with NT_STATUS_INTERNAL_ERROR.
>
> Is there some inherent problem with the Debian packages and the RPC
> server component of the DC? Alternatively, is there somewhere else I
> should be looking for the root cause of this?
>
>
> This isn't a known problem with the debian packages, it should work.
>
> Can you post the provision command you used on the DC.
>
> I know you posted the smb.conf from a DC before, but can you post it
> again.
>
> Can you post the following files:
> /etc/resolv.conf
> /etc/hostname
> /etc/hosts
> /etc/krb5.conf
>
>  From both the DC and the domain member
>
> The named.conf files from the DC
>
> and finally the smb.conf from the domain member.
>
> Rowland
>
>
>
>

More information about the samba mailing list