[Samba] classicupgrade, net rpc rights grant NT_STATUS_IO_TIMEOUT and NT_STATUS_INTERNAL_ERROR

Rowland Penny rpenny at samba.org
Tue Mar 12 21:28:49 UTC 2019 

On Tue, 12 Mar 2019 22:10:25 +0100
Christian via samba <samba at lists.samba.org> wrote:


> >  
> >>> What OS ?  
> >> Debian stable with LPHvB 4.8 packages.  
> > Good, you are using the same packages as myself and it works for
> > me, so it sounds like it is a configuration problem somewhere.
> >
> OK, just to make that clear: What I am trying to understand here is
> why there have to be a few failures after the service restart. After
> the first privilege has eventually been set successfully, all the
> others go through just fine. Here is the content of the files:
> 
> ******** /etc/resolv.conf
> 
> nameserver 127.0.0.1
> search ad_domain.main_domain main_domain

I would replace '127.0.0.1' with the DC's actual ipaddress, I would
also remove 'main_domain' from the search line.

> ******** /etc/hosts
> 
> 127.0.0.1       localhost
> public_ip       dc1.ad_domain.main_domain dc1

I take it 'public_ip' is another way of saying 'the computers ipaddress'

> 
> ******** /etc/bind/named.conf
> 
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> 
> ******** /etc/bind/named.conf.options
> 
> options {
>         directory "/var/cache/bind";
>         forwarders {
>                 main_org_dns_1_ip;
>                 main_org_dns_2_ip;
>         };
>         dnssec-validation auto;
>         auth-nxdomain yes;    # conform to RFC1035 is no
>         listen-on-v6 { any; };
>         empty-zones-enable no;
>         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
> 

This is mine:

options {
    directory "/var/cache/bind";
    version "0.0.7";
    notify no;
    empty-zones-enable no;
    allow-query { 127.0.0.1; 192.168.0.0/24; };
    allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
    forwarders { 8.8.8.8; 8.8.4.4; };
    allow-transfer { none; };
    dnssec-validation no;
    dnssec-enable no;
    dnssec-lookaside no;
    listen-on-v6 { none; };
    listen-on port 53 { 192.168.0.6; 127.0.0.1; };

    //tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};



> 
> I think this may be related to Louis's instructions for the DC setup;
> he also has plenty of "sleep"s in there... Thanks for any insights,

I ran your script and it worked for me.

Rowland

More information about the samba mailing list