Web lists-archives.com

Re: [Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC




Hi,

I provided the dump of all the conf files to Rowland by email but in case anyone else is curious they are also here:

http://www.irconan.co.uk/dc.tar http://www.irconan.co.uk/member.tar

I tried providing -S to the join command which didn't change the behaviour. It doesn't seem to have trouble finding the DC, only when connecting to the RPC server.

Cheers,

Richard


On 16/10/2017 18:13, L.P.H. van Belle via samba wrote:
yes, this should work fine but this is something in your setup.
can you try this


kinit Administrator
net
  ads join -k -s fqdn-dc1.dom.tld


if kinit fails, then Rowland wil find your error..
ive seen this few times.. -S  solves it most of the times.




Greetz,


Louis
(mobile)





Op 16 okt. 2017 om 18:27 heeft Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> het volgende geschreven:


On Mon, 16 Oct 2017 17:01:29 +0100
Richard Connon via samba <samba@xxxxxxxxxxxxxxx> wrote:

To try and narrow down this issue I tried to setup a test environment
using two fresh install Debian 9.2 VMs, now running samba 4.5.12
since it was updated in Debian.

I provisioned a new domain using `samba-tool domain provision` on the
first VM, let it generate the smb.conf itself, and configured it
using the BIND9_DLZ DNS backend.

I tried to join the domain using a second Debian 9.2 VM using `net
ads join -UAdministrator` after setting the DNS resolver to be the
test DC and synchronising with NTP on the DC. This failed with the
error:

"Failed to join domain: failed to lookup DC info for domain
'ADS.TEST.LOCAL' over rpc: An internal error occurred."

Finally, I tried to connect to RPC on the DC using `rpcclient` which
failed, as before, with NT_STATUS_INTERNAL_ERROR.

Is there some inherent problem with the Debian packages and the RPC
server component of the DC? Alternatively, is there somewhere else I
should be looking for the root cause of this?


This isn't a known problem with the debian packages, it should work.

Can you post the provision command you used on the DC.

I know you posted the smb.conf from a DC before, but can you post it
again.

Can you post the following files:
/etc/resolv.conf
/etc/hostname
/etc/hosts
/etc/krb5.conf

 From both the DC and the domain member

The named.conf files from the DC

and finally the smb.conf from the domain member.

Rowland






--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba