samba-gpupdate fails to fetch certificate authorities: [root@ip-10-0-192-159 ~]# /usr/sbin/samba-gpupdate --rsop INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9 idmap: 9 quota: 9 acls: 9 locking: 9 msdfs: 9 dmapi: 9 registry: 9 scavenger: 9 dns: 9 ldb: 9 tevent: 9 auth_audit: 9 auth_json_audit: 9 kerberos: 9 drs_repl: 9 smb2: 9 smb2_credits: 9 dsdb_audit: 9 dsdb_json_audit: 9 dsdb_password_audit: 9 dsdb_password_json_audit: 9 dsdb_transaction_audit: 9 dsdb_transaction_json_audit: 9 dsdb_group_audit: 9 dsdb_group_json_audit: 9 doing parameter idmap config * : range = 10000-20000 doing parameter wins server = 10.0.192.119 doing parameter password server = * doing parameter create krb5 conf = no pm_process() returned Yes lp_servicenumber: couldn't find homes ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.ldb: No such file or directory ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file or directory lp_load_ex: refreshing parameters Freeing parametrics: Processing section "[global]" doing parameter netbios name = IP10159 doing parameter apply group policies = yes doing parameter workgroup = SMB doing parameter security = ads doing parameter realm = SMB.COM doing parameter kerberos method = secrets and keytab doing parameter client signing = yes doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter log level = 9 INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9 idmap: 9 quota: 9 acls: 9 locking: 9 msdfs: 9 dmapi: 9 registry: 9 scavenger: 9 dns: 9 ldb: 9 tevent: 9 auth_audit: 9 auth_json_audit: 9 kerberos: 9 drs_repl: 9 smb2: 9 smb2_credits: 9 dsdb_audit: 9 dsdb_json_audit: 9 dsdb_password_audit: 9 dsdb_password_json_audit: 9 dsdb_transaction_audit: 9 dsdb_transaction_json_audit: 9 dsdb_group_audit: 9 dsdb_group_json_audit: 9 doing parameter idmap config * : range = 10000-20000 doing parameter wins server = 10.0.192.119 doing parameter password server = * doing parameter create krb5 conf = no pm_process() returned Yes lp_servicenumber: couldn't find homes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'ncalrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain SMB.COM finddcs: looking for SRV records for _ldap._tcp.SMB.COM resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0> getlmhostsent: lmhost entry: 127.0.0.1 localhost finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe' finddcs: DNS SRV response 1 at '10.0.192.119' finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe finddcs: performing CLDAP query on 10.0.192.119 finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" INFO: Current debug levels: all: 9 tdb: 9 printdrivers: 9 lanman: 9 smb: 9 rpc_parse: 9 rpc_srv: 9 rpc_cli: 9 passdb: 9 sam: 9 auth: 9 winbind: 9 vfs: 9 idmap: 9 quota: 9 acls: 9 locking: 9 msdfs: 9 dmapi: 9 registry: 9 scavenger: 9 dns: 9 ldb: 9 tevent: 9 auth_audit: 9 auth_json_audit: 9 kerberos: 9 drs_repl: 9 smb2: 9 smb2_credits: 9 dsdb_audit: 9 dsdb_json_audit: 9 dsdb_password_audit: 9 dsdb_password_json_audit: 9 dsdb_transaction_audit: 9 dsdb_transaction_json_audit: 9 dsdb_group_audit: 9 dsdb_group_json_audit: 9 pm_process() returned Yes added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported. print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported. print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported. print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported. socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Advancing clock by 1 seconds to cope with clock skew gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically sealed gendb_search_v: NULL (&(objectSid=\01\04\00\00\00\00\00\05\15\00\00\00\AF\D5\C4\C1sN\F5RRfv\C7)(objectClass=domain)) -> 1 gendb_search_v: DC=smb,DC=com NULL -> 1 Using binding ncacn_np:ad.smb.com[,seal] Mapped to DCERPC endpoint \pipe\netlogon added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported. print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported. print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported. print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported. socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically signed signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 GSSAPI credentials for IP10159$@SMB.COM will expire in 35998 secs signed SMB2 message (sign_algo_id=1) gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically sealed signed SMB2 message (sign_algo_id=1) denis prints hostname: IP10159$ signed SMB2 message (sign_algo_id=1) added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain SMB.COM finddcs: looking for SRV records for _ldap._tcp.SMB.COM resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0> getlmhostsent: lmhost entry: 127.0.0.1 localhost finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe' finddcs: DNS SRV response 1 at '10.0.192.119' finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe finddcs: performing CLDAP query on 10.0.192.119 finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd signed SMB2 message (sign_algo_id=1) Opening cache file at /var/lib/samba/lock/gencache.tdb sitename_fetch: Returning sitename for realm 'SMB.COM': "Default-First-Site-Name" namecache_fetch: no entry for ad.smb.com#20 found. resolve_hosts: Attempting host lookup for name ad.smb.com<0x20> namecache_store: storing 1 address for ad.smb.com#20: 10.0.192.119 Connecting to 10.0.192.119 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 cli_session_creds_prepare_krb5: Doing kinit for IP10159$@SMB.COM to access ad.smb.com cli_session_setup_spnego_send: Connect to ad.smb.com as IP10159$@SMB.COM using SPNEGO Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) signed SMB2 message (sign_algo_id=1) Resultant Set of Policy Computer Policy GPO: Disable-RC4-etype =================================================================================================================================== CSE: gp_access_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_krb_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_scripts_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_centrify_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_centrify_crontab_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_smb_conf_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_msgs_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_symlink_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_files_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_openssh_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_motd_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_issue_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_startup_scripts_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_access_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_gnome_settings_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_cert_auto_enroll_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_firefox_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_chromium_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_chrome_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_firewalld_ext ----------------------------------------------------------------- ----------------------------------------------------------------- =================================================================================================================================== GPO: Default Domain Policy =================================================================================================================================== CSE: gp_access_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_krb_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_scripts_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_centrify_sudoers_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_centrify_crontab_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_smb_conf_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_msgs_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_symlink_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_files_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_openssh_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_motd_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_issue_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_startup_scripts_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: vgp_access_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_gnome_settings_ext ----------------------------------------------------------------- ----------------------------------------------------------------- CSE: gp_cert_auto_enroll_ext ----------------------------------------------------------------- added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain SMB.COM finddcs: looking for SRV records for _ldap._tcp.SMB.COM resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SMB.COM<0x0> getlmhostsent: lmhost entry: 127.0.0.1 localhost finddcs: DNS SRV response 0 at '2620:52:0:c0:8c4f:1851:35ed:c8fe' finddcs: DNS SRV response 1 at '10.0.192.119' finddcs: performing CLDAP query on 2620:52:0:c0:8c4f:1851:35ed:c8fe finddcs: performing CLDAP query on 10.0.192.119 finddcs: Found matching DC 10.0.192.119 with server_type=0x0003f1fd added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 added interface eth0 ip=2620:52:0:c0:f816:3eff:fed8:9ab6 bcast= netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=10.0.192.159 bcast=10.0.192.255 netmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name ad.smb.com<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost print_socket_options: Could not test socket option TCP_NODELAY: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPCNT: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPIDLE: Operation not supported. print_socket_options: Could not test socket option TCP_KEEPINTVL: Operation not supported. print_socket_options: Could not test socket option TCP_QUICKACK: Operation not supported. print_socket_options: Could not test socket option TCP_DEFER_ACCEPT: Operation not supported. print_socket_options: Could not test socket option TCP_USER_TIMEOUT: Operation not supported. socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=1, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=212992, SO_RCVBUF=212992, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Advancing clock by 2 seconds to cope with clock skew gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically sealed Traceback (most recent call last): File "/usr/sbin/samba-gpupdate", line 131, in <module> rsop(lp, creds, store, gp_extensions, username, opts.target) File "/usr/lib64/python3.9/site-packages/samba/gp/gpclass.py", line 1069, in rsop for section, settings in ext.rsop(gpo_obj).items(): File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 508, in rsop cas = fetch_certification_authorities(ldb) File "/usr/lib64/python3.9/site-packages/samba/gp/gp_cert_auto_enroll_ext.py", line 159, in fetch_certification_authorities 'cACertificate': get_string(es['cACertificate'][0]) File "/usr/lib64/python3.9/site-packages/samba/common.py", line 104, in get_string tmp = bytesorstring.decode('utf8') UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte This is fixed with 157335ee93eb866f9b6a47486a5668d6e76aced5 We should backport this.
Created attachment 18220 [details] patch for 4.19
Actually, we want all patches from Gabriel Nagy backported, will do
Created attachment 18221 [details] patch for 4.19
Comment on attachment 18221 [details] patch for 4.19 LGTM
David, you commented 'LGTM' but set review-.
(In reply to Andreas Schneider from comment #5) I was attempting to remove the review for myself. I most have done it wrong.
Jule, please add the patchset to 4.19. Thanks
Pushed to autobuild-v4-19-test.
Closing out bug report. Thanks!