[Samba] NT_STATUS_INVALID_DOMAIN_STATE "The domain was in the wrong state to perform the security operation."
Philip Pavelin
phil at pavelin.com
Wed May 11 15:52:08 UTC 2022
I have managed to fix the issue - we were using samba 4.10.16-18 on CentOS 7
Using winbindd to authenticate against our AD server.
I installed the packages for Samba411 from the Storage SIG and that now
works fine with MacOS clients.
thanks
Phil
On 06/05/2022 14:06, L. van Belle via samba wrote:
> You have to add more info.
>
> Server os (Centos7) and samba version. (?????)
> Clients os (Windows XX) and samba version (???? ) work.
> Macos clients (samba ??? ) does not work.
> and which program/how are you authenticating
>
> but looks like someone is authenticating over SMB1/NTLM1
>
> In samba servers and clients, set in smb.conf
> min protocol = SMB2
>
> optional other things to look at are.
> # needed on the AD-DC that do the authorisation.
> ntlm auth = mschapv2-and-ntlmv2-only
> # but also needed on clients that are authentication.
> ntlm_auth = "/path/to/ntlm_auth --allow-mschapv2
>
> I hope I descripted that right.. :-/
>
> Greetz,
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba Namens Philip Pavelin via samba
>> Verzonden: vrijdag 6 mei 2022 13:16
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] NT_STATUS_INVALID_DOMAIN_STATE “The domain
>> was in the wrong state to perform the security operation.”
>>
>> Hi,
>>
>>
>> We have a CentOS7 samba server that stopped working recently for some
>> users, but only when connecting from MacOS clients (Windows seems fine).
>>
>>
>> Amongst the various logfies, this seems to be the common factor:
>>
>>
>> NT_STATUS_INVALID_DOMAIN_STATE “The domain was in the wrong
>> state to
>> perform the security operation.”
>>
>>
>> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
>> status[NT_STATUS_INVALID_DOMAIN_STATE] || at
>> ../../source3/smbd/smb2_sesssetup.c:146
>>
>>
>> NTLM CRAP authentication for user [xxxx]\[xxxxxxx] returned
>> NT_STATUS_INVALID_DOMAIN_STATE
>>
>>
>> Any pointers? Not an expert on samba!
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list