[Samba] Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE

Rowland Penny rpenny at samba.org
Wed Nov 3 12:01:26 UTC 2021


On Wed, 2021-11-03 at 12:01 +0100, Marcel de Reuver via samba wrote:
> My logging is flooded with these notifications: [2021/11/03
> 11:53:51.573128, 0]
> ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
> dcesrv_auth_gensec_prepare: Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.683035, 0]
> ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
> dcesrv_auth_gensec_prepare: Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.710025, 0]
> ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
> dcesrv_auth_gensec_prepare: Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.842878, 0]
> ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
> dcesrv_auth_gensec_prepare: Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE [2021/11/03 11:53:51.983252, 0]
> ../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
> dcesrv_auth_gensec_prepare: Failed to prepare gensec:
> NT_STATUS_INVALID_SERVER_STATE All seems to wo
> 
> rk but I am wondering what these messages meen. My setup: Collected
> config --- 2021-11-03-11:55 ----------- Hostname: DC002 DNS Domain:
> ad.bib.lan FQDN: DC002.ad.bib.lan ipaddress: 10.97.37.4 -----------
> Kerberos SRV _kerberos._tcp.ad.bib.lan record verified ok, sample
> output: Server: 10.97.37.4 Address: 10.97.37.4#53
> _kerberos._tcp.ad.bib.lan service = 0 100 88 dc002.ad.bib.lan.
> _kerberos._tcp.ad.bib.lan service = 0 100 88 dc003.ad.bib.lan. Samba
> is running as an AD DC ----------- Checking file: /etc/os-release
> NAME="Ubuntu" VERSION="20.04.3 LTS (Focal Fossa)" ID=ubuntu
> ID_LIKE=debian PRETTY_NAME="Ubuntu 20.04.3 LTS" VERSION_ID="20.04"
> HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="
> https://help.ubuntu.com/" BUG_REPORT_URL="
> https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="
> https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
> VERSION_CODENAME=focal UBUNTU_CODENAME=focal ----------- This
> computer is running Ubuntu 20.04.3 LTS x86_64 ----------- running
> command : ip a 
> 
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> group default qlen 1000 link/loopback 00:00:00:00:00:00 brd
> 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope
> host 2: eth0 at if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP group default qlen 1000 link/ether 1e:b4:24:c3:c0:61
> brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.97.37.4/24 brd
> 10.97.37.255 scope global eth0 inet6 fe80::1cb4:24ff:fec3:c061/64
> scope link ----------- Checking file: /etc/hosts 127.0.0.1 localhost
> ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2
> ip6-allrouters # --- BEGIN PVE --- 10.97.37.4 DC002.ad.bib.lan DC002
> # --- END PVE --- ----------- Checking file: /etc/resolv.conf # ---
> BEGIN PVE --- search ad.bib.lan nameserver 10.97.37.4 nameserver
> 10.97.36.7 # --- END PVE --- ----------- Checking file:
> /etc/krb5.conf [libdefaults] default_realm = AD.BIB.LAN
> dns_lookup_realm = false dns_lookup_kdc = true [realms] AD.BIB.LAN =
> { default_domai
> 
> n = ad.bib.lan } [domain_realm] DC002 = AD.BIB.LAN -----------
> Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example
> configuration of GNU Name Service Switch functionality. # If you have
> the `glibc-doc-reference' and `info' packages installed, try: # `info
> libc "Name Service Switch"' for information about this file. passwd:
> files systemd winbind group: files systemd winbind shadow: files
> gshadow: files hosts: files mdns4_minimal [NOTFOUND=return] dns
> networks: files protocols: db files services: db files ethers: db
> files rpc: db files netgroup: nis ----------- Checking file:
> /etc/samba/smb.conf # Global parameters [global] netbios name = DC002
> realm = AD.BIB.LAN server role = active directory domain controller
> workgroup = AD idmap_ldb:use rfc2307 = yes dns forwarder = 10.97.37.5
> 10.97.36.8 winbind enum users = yes winbind enum groups = yes winbind
> refresh tickets = yes dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab template shell = /bin/bas
> 
> h # Freeradius winbind use default domain = yes winbind max domain
> connections = 5 winbind max clients = 1000 password server = * ldap
> server require strong auth = no ntlm auth = mschapv2-and-ntlmv2-only
> # log level = 3 # printing printing = cups load printers = yes
> rpc_server:spoolss = external rpc_daemon:spoolssd = fork spoolss:
> architecture = Windows x64 [sysvol] path = /var/lib/samba/sysvol read
> only = no [netlogon] path = /var/lib/samba/sysvol/ad.bib.lan/scripts
> read only = no [printers] path = /var/spool/samba/ printable = yes
> [print$] path = /srv/samba/printer_drivers/ read only = no ----------
> - BIND_DLZ not detected in smb.conf ----------- Installed packages:
> ii acl 2.2.53-6 amd64 access control list - utilities ii attr
> 1:2.4.48-5 amd64 utilities for manipulating filesystem extended
> attributes ii krb5-config 2.6ubuntu1 all Configuration files for
> Kerberos Version 5 ii krb5-locales 1.17-6ubuntu4.1 all
> internationalization support for MIT Kerberos ii krb5-user 1.17-
> 6ubuntu4.1 a
> 
> md64 basic programs to authenticate using MIT Kerberos ii
> libacl1:amd64 2.2.53-6 amd64 access control list - shared library ii
> libattr1:amd64 1:2.4.48-5 amd64 extended attribute handling - shared
> library ii libgssapi-krb5-2:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos
> runtime libraries - krb5 GSS-API Mechanism ii libkrb5-26-
> heimdal:amd64 7.7.0+dfsg-1ubuntu1 amd64 Heimdal Kerberos - libraries
> ii libkrb5-3:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime
> libraries ii libkrb5support0:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos
> runtime libraries - Support library ii libnss-winbind:amd64
> 2:4.15.1+dfsg-0.1focal1 amd64 Samba nameservice integration plugins
> ii libpam-winbind:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Windows domain
> authentication integration plugin ii libwbclient0:amd64
> 2:4.15.1+dfsg-0.1focal1 amd64 Samba winbind client library ii
> python3-nacl 1.3.0-5 amd64 Python bindings to libsodium (Python 3) ii
> python3-samba 2:4.15.1+dfsg-0.1focal1 amd64 Python 3 bindings for
> Samba ii samba 2:4.15.1+
> 
> dfsg-0.1focal1 amd64 SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.15.1+dfsg-0.1focal1 all common files used by both
> the Samba server and client ii samba-common-bin 2:4.15.1+dfsg-
> 0.1focal1 amd64 Samba common files used by both the server and the
> client ii samba-dsdb-modules:amd64 2:4.15.1+dfsg-0.1focal1 amd64
> Samba Directory Services Database ii samba-libs:amd64 2:4.15.1+dfsg-
> 0.1focal1 amd64 Samba core libraries ii samba-vfs-modules:amd64
> 2:4.15.1+dfsg-0.1focal1 amd64 Samba Virtual FileSystem plugins ii
> winbind 2:4.15.1+dfsg-0.1focal1 amd64 service to resolve user and
> group information from Windows NT servers -----------
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Do you think you can find a better mail client and try again, I cannot
read the above.

Rowland
 




More information about the samba mailing list