Hey, thanks for your bug report. Given that smbclient fails in a similar manner, this suggests that the issue is not limited to adsys but other programs interacting with AD too. Unfortunately NT_STATUS_INVALID_PARAMETER is a very common catch- all error and the root cause could be very environment-dependent.
Can you paste the output of `klist` after running the `export KRB5CCNAME...` command? Also, what Windows version are you running on the domain controller? Additionally, to confirm, did you join the domain using the `realm join` command? It may be worth it to leave and rejoin the domain. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to adsys in Ubuntu. https://bugs.launchpad.net/bugs/2043376 Title: adsys cant fetch gpos ubuntu 22.04.3 Status in adsys package in Ubuntu: New Bug description: VERSIONS: ubuntu 22.04.3 libsmbclient 2:4.15.13+dfsg-0ubuntu1.5 adsysctl 0.9.2~22.04.2 adsysd 0.9.2~22.04.2 Hi when i try the command adsysctl update -m or --all i receive this error: Error from server: error while updating policy: cant get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). Result of adsysctl service cat -vvv NFO github.com/ubuntu/adsys/internal/config/config.go:73 Init() No configuration file: Config File "adsys" Not Found in "[/home/ubuntuvm /etc /usr/sbin]". We will only use the defaults, env variables or flags. DEBUG Connecting as [[41753:876951]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() New request /service/Cat DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() Requesting with parameters: DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:191 Authorizer.isAllowed() Polkit call result, authorized: true DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41745:695267]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:33 StreamServerInterceptor.func1.1() Request /service/UpdatePolicy done INFO github.com/ubuntu/adsys/internal/grpc/interceptorschain/chainer.go:16 StreamServer.func1.1.1() New connection from client [[41768:773422]] DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:27 StreamServerInterceptor.func1() [[41768:773422]] New request /service/UpdatePolicy DEBUG github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:60 loggedServerStream.RecvMsg() [[41768:773422]] Requesting with parameters: IsComputer: false, All: true, Target: , Krb5Cc: DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:571 (*AD).NormalizeTargetName() [[41768:773422]] NormalizeTargetName for "", type "computer" DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:111 Authorizer.IsAllowedFromContext() [[41768:773422]] Check if grpc request peer is authorized DEBUG github.com/ubuntu/adsys/internal/authorizer/authorizer.go:150 Authorizer.isAllowed() [[41768:773422]] Authorized as being administrator DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:225 (*AD).GetPolicies() [[41768:773422]] GetPolicies for "ubuntuvm", type "computer" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:293 (*AD).GetPolicies() [[41768:773422]] Getting gpo list with arguments: "--objectclass computer ldap://addc01.domain.com ubuntuvm" DEBUG github.com/ubuntu/adsys/internal/ad/ad.go:397 (*AD).ListActiveUsers() [[41768:773422]] ListActiveUsers INFO github.com/ubuntu/adsys/internal/grpc/logconnections/logconnections.go:39 StreamServerInterceptor.func1() Error sent to client: error while updating policy: can't get policies for "ubuntuvm": failed to retrieve the list of GPO (exited with -1): signal: killed When I run the commands: export KRB5CCNAME=/var/run/adsys/krb5cc/$(hostname) adsysctl policy debug gpolist-script chmod +x adsys-gpolist ./adsys-gpolist --objectclass computer ldap://<ad-url> $(hostname) adsys-gpolist script get this error: Failed to bind - LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to connect to 'ldap://addc01.domain.com' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER Failed to open session: (1, 'LDAP client internal error: NT_STATUS_INVALID_PARAMETER'). and the command smbclient get this error smbclient --option='log level=10' //<ad-url>/SYSVOL/ -k -c 'get <ad-url>/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat I get this error: smbclient --option='log level=10' //<ad-url>/SYSVOL/ -k -c 'get <ad- url>/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/GPT.INI /dev/fd/1' | cat INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 WARNING: The option -k|--kerberos is deprecated! lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 Processing section "[global]" doing parameter workgroup = ironchip.com doing parameter server string = %h server (Samba, Ubuntu) doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter logging = file doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes added interface enp0s3 ip=10.0.2.15 bcast=10.0.2.255 netmask=255.255.255.0 Client started (version 4.15.13-Ubuntu). Opening cache file at /run/samba/gencache.tdb sitename_fetch: No stored sitename for realm '' internal_resolve_name: looking up addc01.domain.com#20 (sitename (null)) gencache_set_data_blob: Adding cache entry with key=[NBT/addc01.domain.com#20] and timeout=[jue ene 1 01:00:00 1970 CET] (-1699871025 seconds in the past) namecache_fetch: no entry for addc01.domain.com#20 found. resolve_hosts: Attempting host lookup for name addc01.domain.com<0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 1 address for addc01.domain.com#20: {IP OF DOMAIN} gencache_set_data_blob: Adding cache entry with key=[NBT/addc01.domain.com#20] and timeout=[lun nov 13 11:34:46 2023 CET] (660 seconds ahead) internal_resolve_name: returning 1 addresses: {IP OF DOMAIN} Connecting to {IP OF DOMAIN} at port 445 convert_string_handle: E2BIG: convert_string(UTF-8,CP850): srclen=29 destlen=16 error: No more room Connecting to {IP OF DOMAIN} at port 139 do_connect: Connection to addc01.domain.com failed (Error NT_STATUS_IO_TIMEOUT) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/adsys/+bug/2043376/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
