[Samba] Fwd: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE
Marcel de Reuver
marcel at de.reuver.org
Wed Nov 3 12:57:52 UTC 2021
I will try again with a different email client, plain text only and keep
my fingers crossed.....
My logging is flooded with these notifications:
[2021/11/03 11:53:51.573128, 0]
../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
dcesrv_auth_gensec_prepare: Failed to prepare gensec:
NT_STATUS_INVALID_SERVER_STATE
[2021/11/03 11:53:51.683035, 0]
../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
dcesrv_auth_gensec_prepare: Failed to prepare gensec:
NT_STATUS_INVALID_SERVER_STATE
[2021/11/03 11:53:51.710025, 0]
../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
dcesrv_auth_gensec_prepare: Failed to prepare gensec:
NT_STATUS_INVALID_SERVER_STATE
[2021/11/03 11:53:51.842878, 0]
../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
dcesrv_auth_gensec_prepare: Failed to prepare gensec:
NT_STATUS_INVALID_SERVER_STATE
[2021/11/03 11:53:51.983252, 0]
../../source3/rpc_server/rpc_server.c:556(dcesrv_auth_gensec_prepare)
dcesrv_auth_gensec_prepare: Failed to prepare gensec:
NT_STATUS_INVALID_SERVER_STATE
All seems to work but I am wondering what these messages meen.
My setup:
Collected config --- 2021-11-03-11:55 -----------
Hostname: DC002
DNS Domain: ad.bib.lan
FQDN: DC002.ad.bib.lan
ipaddress: 10.97.37.4
-----------
Kerberos SRV _kerberos._tcp.ad.bib.lan record verified ok, sample output:
Server: 10.97.37.4
Address: 10.97.37.4#53
_kerberos._tcp.ad.bib.lan service = 0 100 88 dc002.ad.bib.lan.
_kerberos._tcp.ad.bib.lan service = 0 100 88 dc003.ad.bib.lan.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.3 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
-----------
This computer is running Ubuntu 20.04.3 LTS x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0 at if80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP group default qlen 1000
link/ether 1e:b4:24:c3:c0:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.97.37.4/24 brd 10.97.37.255 scope global eth0
inet6 fe80::1cb4:24ff:fec3:c061/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# --- BEGIN PVE ---
10.97.37.4 DC002.ad.bib.lan DC002
# --- END PVE ---
-----------
Checking file: /etc/resolv.conf
# --- BEGIN PVE ---
search ad.bib.lan
nameserver 10.97.37.4
nameserver 10.97.36.7
# --- END PVE ---
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = AD.BIB.LAN
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
AD.BIB.LAN = {
default_domain = ad.bib.lan
}
[domain_realm]
DC002 = AD.BIB.LAN
-----------
Checking file: /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files systemd winbind
group: files systemd winbind
shadow: files
gshadow: files
hosts: files mdns4_minimal [NOTFOUND=return] dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DC002
realm = AD.BIB.LAN
server role = active directory domain controller
workgroup = AD
idmap_ldb:use rfc2307 = yes
dns forwarder = 10.97.37.5 10.97.36.8
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
template shell = /bin/bash
# Freeradius
winbind use default domain = yes
winbind max domain connections = 5
winbind max clients = 1000
password server = *
ldap server require strong auth = no
ntlm auth = mschapv2-and-ntlmv2-only
# log level = 3
# printing
printing = cups
load printers = yes
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss: architecture = Windows x64
[sysvol]
path = /var/lib/samba/sysvol
read only = no
[netlogon]
path = /var/lib/samba/sysvol/ad.bib.lan/scripts
read only = no
[printers]
path = /var/spool/samba/
printable = yes
[print$]
path = /srv/samba/printer_drivers/
read only = no
-----------
BIND_DLZ not detected in smb.conf
-----------
Installed packages:
ii acl 2.2.53-6 amd64 access control list - utilities
ii attr 1:2.4.48-5 amd64 utilities for manipulating filesystem extended
attributes
ii krb5-config 2.6ubuntu1 all Configuration files for Kerberos Version 5
ii krb5-locales 1.17-6ubuntu4.1 all internationalization support for MIT
Kerberos
ii krb5-user 1.17-6ubuntu4.1 amd64 basic programs to authenticate using
MIT Kerberos
ii libacl1:amd64 2.2.53-6 amd64 access control list - shared library
ii libattr1:amd64 1:2.4.48-5 amd64 extended attribute handling - shared
library
ii libgssapi-krb5-2:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime
libraries - krb5 GSS-API Mechanism
ii libkrb5-26-heimdal:amd64 7.7.0+dfsg-1ubuntu1 amd64 Heimdal Kerberos -
libraries
ii libkrb5-3:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.17-6ubuntu4.1 amd64 MIT Kerberos runtime
libraries - Support library
ii libnss-winbind:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba nameservice
integration plugins
ii libpam-winbind:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Windows domain
authentication integration plugin
ii libwbclient0:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba winbind client
library
ii python3-nacl 1.3.0-5 amd64 Python bindings to libsodium (Python 3)
ii python3-samba 2:4.15.1+dfsg-0.1focal1 amd64 Python 3 bindings for Samba
ii samba 2:4.15.1+dfsg-0.1focal1 amd64 SMB/CIFS file, print, and login
server for Unix
ii samba-common 2:4.15.1+dfsg-0.1focal1 all common files used by both
the Samba server and client
ii samba-common-bin 2:4.15.1+dfsg-0.1focal1 amd64 Samba common files
used by both the server and the client
ii samba-dsdb-modules:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba
Directory Services Database
ii samba-libs:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba core libraries
ii samba-vfs-modules:amd64 2:4.15.1+dfsg-0.1focal1 amd64 Samba Virtual
FileSystem plugins
ii winbind 2:4.15.1+dfsg-0.1focal1 amd64 service to resolve user and
group information from Windows NT servers
-----------
More information about the samba
mailing list