Web lists-archives.com

Re: [Samba] NT_STATUS_INTERNAL_ERROR from RPC server on samba 4.5.8 AD DC






On 17/10/2017 13:18, Richard Connon via samba wrote:


On 17/10/2017 09:54, Rowland Penny via samba wrote:
On Tue, 17 Oct 2017 09:29:00 +0100
Richard Connon via samba <samba@xxxxxxxxxxxxxxx> wrote:

On 16/10/2017 19:30, Rowland Penny wrote:
Is the member server using DHCP ?
Yes. Both test hosts are using DHCP with static leases for IP
addresses but not for DNS domains or nameservers.
I wouldn't do this, I would give the DC a fixed ipaddress.
In my production environment my DC(s) have fixed IP addresses, the use of DHCP is only in my lab environment. Do you see a problem with doing this as long as the IPs don't change during testing? (they are static leases)
Is '10.0.2.15' the ipaddress of the DC ?
Yes
You haven't got 'security = ADS' in your smb.conf.
Assuming you mean on the member, good point, but it doesn't change
this behaviour. My understanding was this only affected smbd anyway,
which I'm not running on the member.
You need it
OK. I've set it now and see no change in behaviour.
You have 'unix password sync = yes' in smb.conf,
Do you have Unix users that are also in AD ?
No, this is just a default smb.conf from debian. I assume this
wouldn't actually have any affect on a member server where there is
no local passdb anyway and again, removing it has no affect.
It wouldn't help.
I've removed this now and see no change in behaviour.
And finally the biggy, are you using sssd ?
No, these test hosts are very basic debian installs I've done to
attempt to isolate this problem, although my "production" installs
use SSSD.
Then it is never going to work, you have not set up winbind at all.

Can I suggest you go and read this:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

I suggest you follow it and use the 'rid' backend.
Again, this is a production/lab difference. I didn't setup SSSD in the lab to reduce the complexity. I'm simply trying to get the actual join process working. I will follow through that wiki anyway to check there's nothing I've missed though.
Rowland



Further to the above... I ran through the linked wiki. The only difference between the described process and my test environment at the moment is the smb.conf on the member. I've replaced the member's smb.conf with the following:

[global]
   security = ads
   workgroup = TEST
   realm = ADS.TEST.LOCAL

   log level = /var/log/samba/log.%m
   log level = 1

   idmap config * : backend = tdb
   idmap config * : range = 3000-7999

   idmap config TEST : backend = rid
   idmap config TEST : range = 10000-999999

Unfortunately the behaviour when I attempt the domain join (with and without -S) is still the same.
I see the error:

# net ads join -k -S dc.ads.test.local
Failed to join domain: failed to lookup DC info for domain 'ADS.TEST.LOCAL' over rpc: An internal error occured.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba