Trying to join a netapp filer (actually the simulator) to the domain, I get this error on the filer: Thu Sep 24 09:45:19 CEST [netappsim:smbrpc.getDomainSid.usingCachedCopy:info]: CIFSRPC: Getting domain SID from filer cache because the filer was not able to get the domain SID from a domain controller. Then a "cifs resetdc" gives me this error: netappsim> cifs resetdc Thu Sep 24 09:41:04 CEST [netappsim:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Starting DC address discovery for WETRON. Thu Sep 24 09:41:04 CEST [netappsim:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using DNS site query (Default-First-Site-Name).. Thu Sep 24 09:41:04 CEST [netappsim:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 1 addresses using generic DNS query. Thu Sep 24 09:41:05 CEST [netappsim:auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- DC address discovery for WETRON complete. 1 unique addresses found. Thu Sep 24 09:41:05 CEST [netappsim:cifs.server.infoMsg:info]: CIFS: Warning for server \\DC1: Connection terminated. Thu Sep 24 09:41:05 CEST [netappsim:cifs.server.infoMsg:info]: CIFS: Warning for server \\DC1: Unable to create NETLOGON pipe No Trusted Logon Servers Available - STATUS_NO_LOGON_SERVERS. Thu Sep 24 09:41:05 CEST [netappsim:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for SAMBA.WETRON.ES. Thu Sep 24 09:41:05 CEST [netappsim:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name). Thu Sep 24 09:41:05 CEST [netappsim:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query. Thu Sep 24 09:41:06 CEST [netappsim:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for SAMBA.WETRON.ES complete. 1 unique addresses found. On the samba side I see this in the log [2015/09/24 09:41:05.113687, 0] ../libcli/smb/smb2_signing.c:170(smb2_signing_check_pdu) Bad SMB2 signature for message [2015/09/24 09:41:05.113938, 0] ../lib/util/util.c:559(dump_data) [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2015/09/24 09:41:05.114088, 0] ../lib/util/util.c:559(dump_data) [0000] 6C 02 BB 22 1A 3F FB 52 F4 79 99 D1 1F BE B3 49 l..".?.R .y.....I Setting "max protocol=SMB2" in smb.conf allows the filer to correctly join the comain.
Can you please upload a network capture with a level 10 log? For both cases SMB2 and SMB3.
A network capture with tcpdump or the level 10 log is enough?
And is it safe to upload it publicly?
While I was trying to capture logs for the two cases, a "funny" thing happened: it makes no difference the setting of "max protocols", sometimes a "cifs resetdc" works, sometimes it doesn't. The "funny" part of it is that even when it failed and the netapp showed me the dc as "PDCBROKEN" I could still successfully access the shares on the netapp ?!?!? (maybe it was just caching the credentials from the last successful attempt, I don't know) For the time being I'm closing this as invalid, but if you want the logs I can provide them.
One more thing: when "cifs resetdc" is successful, smbstatus shows the protocol as SMB2_02: a# smbstatus Samba version 4.3.0-Debian PID Username Group Machine Protocol Version ------------------------------------------------------------------------------ 21270 WETRON\netapp01$ WETRON\domain computers 192.168.169.23 (ipv4:192.168.169.23:17164) SMB2_02 Service pid machine Connected at ------------------------------------------------------- IPC$ 21270 192.168.169.23 Fri Sep 25 12:09:43 2015 No locked files