[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Marcel de Reuver marcel at de.reuver.org
Wed Nov 3 11:01:34 UTC 2021


My logging is flooded with these notifications: [2021/11/03 11:53:51.573128, 0] ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.683035, 0] ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.710025, 0] ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.842878, 0] ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.983252, 0] ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE All seems to wo

rk but I am wondering what these messages meen. My setup: Collected config --- 2021-11-03-11:55 ----------- Hostname: DC002 DNS Domain: ad.bib.lan FQDN: DC002.ad.bib.lan ipaddress: 10.97.37.4 ----------- Kerberos SRV _kerberos._tcp.ad.bib.lan record verified ok, sample output: Server: 10.97.37.4 Address: 10.97.37.4#53 _kerberos._tcp.ad.bib.lan service = 0 100 88 dc002.ad.bib.lan. _kerberos._tcp.ad.bib.lan service = 0 100 88 dc003.ad.bib.lan. Samba is running as an AD DC ----------- Checking file: /etc/os-release NAME="Ubuntu" VERSION="20.04.3 LTS (Focal Fossa)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.3 LTS" VERSION_ID="20.04" HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" VERSION_CODENAME=focal UBUNTU_CODENAME=focal ----------- This computer is running Ubuntu 20.04.3 LTS x86_64 ----------- running command : ip a 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: eth0 at if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 1e:b4:24:c3:c0:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.97.37.4/24 brd 10.97.37.255 scope global eth0 inet6 fe80::1cb4:24ff:fec3:c061/64 scope link ----------- Checking file: /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # --- BEGIN PVE --- 10.97.37.4 DC002.ad.bib.lan DC002 # --- END PVE --- ----------- Checking file: /etc/resolv.conf # --- BEGIN PVE --- search ad.bib.lan nameserver 10.97.37.4 nameserver 10.97.36.7 # --- END PVE --- ----------- Checking file: /etc/krb5.conf [libdefaults] default_realm = AD.BIB.LAN dns_lookup_realm = false dns_lookup_kdc = true [realms] AD.BIB.LAN = { default_domai

n = ad.bib.lan } [domain_realm] DC002 = AD.BIB.LAN ----------- Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files systemd winbind group: files systemd winbind shadow: files gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /etc/samba/smb.conf # Global parameters [global] netbios name = DC002 realm = AD.BIB.LAN server role = active directory domain controller workgroup = AD idmap_ldb:use rfc2307 = yes dns forwarder = 10.97.37.5 10.97.36.8 winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab template shell = /bin/bas

h # Freeradius winbind use default domain = yes winbind max domain connections = 5 winbind max clients = 1000 password server = * ldap server require strong auth = no ntlm auth = mschapv2-and-ntlmv2-only # log level = 3 # printing printing = cups load printers = yes rpc_server:spoolss = external rpc_daemon:spoolssd = fork spoolss: architecture = Windows x64 [sysvol] path = /var/lib/samba/sysvol read only = no [netlogon] path = /var/lib/samba/sysvol/ad.bib.lan/scripts read only = no [printers] path = /var/spool/samba/ printable = yes [print$] path = /srv/samba/printer_drivers/ read only = no ----------- BIND_DLZ not detected in smb.conf ----------- Installed packages: ii acl 2.2.53-6 amd64 access control list - utilities ii attr 1:2.4.48-5 amd64 utilities for manipulating filesystem extended attributes ii krb5-config 2.6ubuntu1 all Configuration files for Kerberos Version 5 ii krb5-locales 1.17-6ubuntu4.1 all internationalization support for MIT Kerberos ii krb5-user 1.17-6ubuntu4.1 a

md64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-6 amd64 access control list - shared library ii libattr1:amd64 1:2.4.48-5 amd64 extended attribute handling - shared library ii libgssapi-krb5-2:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-26-heimdal:amd64 7.7.0+dfsg-1ubuntu1 amd64 Heimdal Kerberos - libraries ii libkrb5-3:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries ii libkrb5support0:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries - Support library ii libnss-winbind:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba nameservice integration plugins ii libpam-winbind:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Windows domain authentication integration plugin ii libwbclient0:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba winbind client library ii python3-nacl 1.3.0-5 amd64 Python bindings to libsodium (Python 3) ii python3-samba 2:4.15.1+dfsg-0.1focal1 amd64 Python 3 bindings for Samba ii samba 2:4.15.1+

dfsg-0.1focal1 amd64 SMB/CIFS file, print, and login server for Unix ii samba-common 2:4.15.1+dfsg-0.1focal1 all common files used by both the Samba server and client ii samba-common-bin 2:4.15.1+dfsg-0.1focal1 amd64 Samba common files used by both the server and the client ii samba-dsdb-modules:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba Directory Services Database ii samba-libs:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba core libraries ii samba-vfs-modules:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba Virtual FileSystem plugins ii winbind 2:4.15.1+dfsg-0.1focal1 amd64 service to resolve user and group information from Windows NT servers -----------


More information about the samba mailing list