[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Stefan Bellon bellon at axivion.com
Wed Mar 31 11:03:19 UTC 2021

On Wed, 31 Mar, Andrew Bartlett via samba wrote:

> On Wed, 2021-03-31 at 09:06 +0200, Stefan Bellon via samba wrote:

> > I have the feeling this is directly connected to sysvol
> > permissions.  
> That would be incredibly unlikely.  This is about failing to setup the
> Kerberos code that accepts incoming tickets, so it could fail if the
> DC things it is not a DC or can't find the secrets.ldb entry etc.

I'm fully open to suggestions and ideas on how to debug this further.

I can only tell you my observation, that after I do a "sysvolreset" and
do not touch the sysvol at all, neither from GNU/Linux side nor from
Windows side, then the log.smbd is completely free of those messages.

As soon as I edit a group policy on the windows side, the messages
appear in the log and also sysvolcheck reports issues.

Are the permissions that I showed in my last email correct? Is it
expected that on the GNU/Linux side the uid and gid of those folders is
something in the 3000000 range? Or is it expected that those belong to
root:root below sysvol?


Stefan Bellon

More information about the samba mailing list