[Samba] RPC and NDR errors in log file

james.atwell365 at gmail.com james.atwell365 at gmail.com
Mon Oct 29 17:20:18 UTC 2018


Hello List,

 

                I'm receiving several of these messages in my samba log
file. I'm not entirely sure what the errors are referencing either. I'm
under the assumption DNS related. 

 

ndr_pull_error(11): Pull bytes 1 (../librpc/ndr/ndr_basic.c:81)

 

../librpc/rpc/dcerpc_util.c:264: ERROR: pad length mismatch. Calculated 44
got 0

 

 

I have 3 sites with 2 DC's per site.  These messages are only coming from
one site and both DC's are logging the errors.

 

Since I suspect DNS related, I will provide my setup configs.

 

Ubuntu 14.04

named -v BIND 9.10.3-P4-Ubuntu

samba -V Version 4.9.1  (Built from tar)

 

 

 

 

cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";

include "/etc/bind/named.conf.local";

include "/etc/bind/named.conf.default-zones";

 

----------------------------------------------------------------------------
----------

 

 

cat /etc/bind/named.conf.default-zones

// prime the server with knowledge of the root servers

zone "." {

        type hint;

        file "/etc/bind/db.root";

};

 

// be authoritative for the localhost forward and reverse zones, and for

// broadcast zones as per RFC 1912

 

zone "localhost" {

        type master;

        file "/etc/bind/db.local";

};

 

zone "127.in-addr.arpa" {

        type master;

        file "/etc/bind/db.127";

};

 

zone "0.in-addr.arpa" {

        type master;

        file "/etc/bind/db.0";

};

 

zone "255.in-addr.arpa" {

        type master;

        file "/etc/bind/db.255";

};

 

---------------------------------------------------------

 

cat /etc/bind/named.conf.local

 

include "/usr/local/samba/private/named.conf";

 

 

----------------------------------------------------------

 

 

cat /etc/bind/named.conf.options

options {

        directory "/var/cache/bind";

 

 

        dnssec-validation no;

        dnssec-enable no;

        version "0.0.7";

        notify no;

        empty-zones-enable no;

        allow-query { 127.0.0.1/32; 172.0.0.0/8; };

        allow-recursion { 172.0.0.0/8; 127.0.0.1/32; };

        forwarders { 8.8.8.8; 8.8.4.4;};

        allow-transfer {none; };

        auth-nxdomain no;    # conform to RFC1035

        listen-on-v6 { none; };

        listen-on port 53 { 172.16.232.29; 127.0.0.1; };

 

        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";

};

 

 

------------------------------------------------------------------

 

 

dpkg -l | grep bind9

ii  bind9                                1:9.10.3.dfsg.P4-8ubuntu1.11
amd64        Internet Domain Name Server

ii  bind9-host                           1:9.10.3.dfsg.P4-8ubuntu1.11
amd64        Version of 'host' bundled with BIND 9.X

ii  bind9utils                           1:9.10.3.dfsg.P4-8ubuntu1.11
amd64        Utilities for BIND

ii  libbind9-140:amd64                   1:9.10.3.dfsg.P4-8ubuntu1.11
amd64        BIND9 Shared Library used by BIND

rc  libbind9-80                          1:9.8.1.dfsg.P1-4ubuntu0.21
amd64        BIND9 Shared Library used by BIND

rc  libbind9-90                          1:9.9.5.dfsg-3ubuntu0.17
amd64        BIND9 Shared Library used by BIND

 

-----------------------------------------------------------------------

 

cat /usr/local/samba/etc/smb.conf

# Global parameters

[global]

        workgroup = DOMAIN

        realm = DOMAIN.LOCAL    // I know about using .local as a domain
isn't ideal

        netbios name = PFDC1

        server role = active directory domain controller

        dns forwarder = 75.75.75.75 208.67.222.222

        idmap_ldb:use rfc2307 = Yes

        server services = -dns

        log file = /usr/local/samba/var/log.samba

        log level = 1 auth_audit:3 auth_json_audit:3

        debug timestamp = Yes

        debug uid = Yes

        debug pid = Yes

 

        load printers = No

        printcap name = /dev/null

        disable spoolss = Yes

 

        tls enabled  = yes

        tls keyfile  = tls/myKey.pem

        tls certfile = tls/myCert.pem

        tls cafile   =

 

        ldap server require strong auth = no

 

        

[netlogon]

        path = /usr/local/samba/var/locks/sysvol/domain.local/scripts

        read only = No

 

[sysvol]

        path = /usr/local/samba/var/locks/sysvol

        read only = No

 

[backup$]

        comment = PFDC1 Weekly Backup Folder

        browseable = No

        path = /usr/local/backups

        read only = No

 

 

Thanks for your assistance.

 

James Atwell



More information about the samba mailing list