Andrey Repin
2015-Mar-29 22:16 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny! Got some logs. But... they do not make much sense. It seems to fail to chdir to /tmp. But I can do it with sudo just fine under the same credentials. What's going on? [2015/03/30 01:05:38.027147, 3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/03/30 01:05:38.027425, 3, effective(0, 0), real(0, 0)] ../source3/smbd/oplock.c:870(init_oplocks) init_oplocks: initializing messages. [2015/03/30 01:05:38.027695, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 0 of length 194 (0 toread) [2015/03/30 01:05:38.027728, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBnegprot (pid 882) conn 0x0 [2015/03/30 01:05:38.033749, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [PC NETWORK PROGRAM 1.0] [2015/03/30 01:05:38.033869, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [MICROSOFT NETWORKS 1.03] [2015/03/30 01:05:38.033930, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [MICROSOFT NETWORKS 3.0] [2015/03/30 01:05:38.033989, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LANMAN1.0] [2015/03/30 01:05:38.034055, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LM1.2X002] [2015/03/30 01:05:38.034116, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [DOS LANMAN2.1] [2015/03/30 01:05:38.034177, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [LANMAN2.1] [2015/03/30 01:05:38.034234, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [Samba] [2015/03/30 01:05:38.034323, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [NT LANMAN 1.0] [2015/03/30 01:05:38.034376, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot) Requested protocol [NT LM 0.12] [2015/03/30 01:05:38.066076, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'samba4' loaded [2015/03/30 01:05:38.067018, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_spnego' registered [2015/03/30 01:05:38.067085, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5' registered [2015/03/30 01:05:38.067129, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'gssapi_krb5_sasl' registered [2015/03/30 01:05:38.067173, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'schannel' registered [2015/03/30 01:05:38.067215, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'spnego' registered [2015/03/30 01:05:38.067280, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'ntlmssp' registered [2015/03/30 01:05:38.067330, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'krb5' registered [2015/03/30 01:05:38.067371, 3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register) GENSEC backend 'fake_gssapi_krb5' registered [2015/03/30 01:05:38.068387, 3, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect) ldb_wrap open of secrets.ldb [2015/03/30 01:05:38.069598, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'sam' registered [2015/03/30 01:05:38.069684, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'sam_ignoredomain' registered [2015/03/30 01:05:38.069729, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'anonymous' registered [2015/03/30 01:05:38.069802, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'winbind' registered [2015/03/30 01:05:38.069848, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'winbind_wbclient' registered [2015/03/30 01:05:38.069910, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'name_to_ntstatus' registered [2015/03/30 01:05:38.069958, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register) AUTH backend 'unix' registered [2015/03/30 01:05:38.088423, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:384(reply_nt1) using SPNEGO [2015/03/30 01:05:38.088497, 3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:671(reply_negprot) Selected protocol NT LANMAN 1.0 [2015/03/30 01:05:38.088901, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 1 of length 92 (0 toread) [2015/03/30 01:05:38.088973, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBsesssetupX (pid 882) conn 0x0 [2015/03/30 01:05:38.094128, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:604(reply_sesssetup_and_X) wct=13 flg2=0xc843 [2015/03/30 01:05:38.094250, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:818(reply_sesssetup_and_X) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null] [2015/03/30 01:05:38.094299, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:834(reply_sesssetup_and_X) sesssetupX:name=[]\[]@[127.0.0.1] [2015/03/30 01:05:38.094367, 3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:89(check_guest_password) Got anonymous request [2015/03/30 01:05:38.096168, 3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:270(auth_check_password_send) auth_check_password_send: Checking password for unmapped user []\[]@[] auth_check_password_send: mapped user is: [CCENTER]\[]@[] [2015/03/30 01:05:38.098786, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 2 of length 88 (0 toread) [2015/03/30 01:05:38.098854, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtconX (pid 882) conn 0x0 [2015/03/30 01:05:38.099031, 3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access) Allowed connection from 127.0.0.1 (127.0.0.1) [2015/03/30 01:05:38.099142, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:612(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2015/03/30 01:05:38.099903, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:113(vfs_init_default) Initialising default vfs hooks [2015/03/30 01:05:38.099972, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2015/03/30 01:05:38.100022, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [acl_xattr] [2015/03/30 01:05:38.118613, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'acl_xattr' loaded [2015/03/30 01:05:38.118757, 3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom) Initialising custom vfs hooks from [dfs_samba4] [2015/03/30 01:05:38.125409, 2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module) Module 'dfs_samba4' loaded [2015/03/30 01:05:38.125440, 2, effective(0, 0), real(0, 0)] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2015/03/30 01:05:38.127532, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:856(make_connection_snum) 127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882) [2015/03/30 01:05:38.127627, 3, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1024(reply_tcon_and_X) tconX service=IPC$ [2015/03/30 01:05:38.128477, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 3 of length 106 (0 toread) [2015/03/30 01:05:38.128537, 3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBntcreateX (pid 882) conn 0xb893b588 [2015/03/29 22:05:38.128622, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service) chdir (/tmp) failed, reason: Permission denied [2015/03/29 22:05:38.128674, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED [2015/03/29 22:05:38.138398, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 4 of length 118 (0 toread) [2015/03/29 22:05:38.138453, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtrans (pid 882) conn 0xb893b588 [2015/03/29 22:05:38.138494, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service) chdir (/tmp) failed, reason: Permission denied [2015/03/29 22:05:38.138529, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set) NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED [2015/03/29 22:05:38.139702, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb) Transaction 5 of length 39 (0 toread) [2015/03/29 22:05:38.139771, 3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message) switch message SMBtdis (pid 882) conn 0xb893b588 [2015/03/30 01:05:38.139897, 3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1130(close_cnum) 127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$ [2015/03/30 01:05:38.141264, 3, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:221(exit_server_common) Server exit (failed to receive smb request) -- WBR, Andrey Repin (anrdaemon at yandex.ru) 30.03.2015, <01:15> Sorry for my terrible english...
Andrey Repin
2015-Mar-29 23:01 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
Greetings, Rowland Penny!> [2015/03/30 01:05:38.096168, 3, effective(0, 0), real(0, 0)] > ../source4/auth/ntlm/auth.c:270(auth_check_password_send) > auth_check_password_send: Checking password for unmapped user []\[]@[] > auth_check_password_send: mapped user is: [CCENTER]\[]@[]> [2015/03/30 01:05:38.125440, 2, effective(0, 0), real(0, 0)] > ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' > and 'force unknown acl user = true' for service IPC$ > [2015/03/30 01:05:38.127532, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/service.c:856(make_connection_snum) > 127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as > user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882) > [2015/03/30 01:05:38.127627, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/reply.c:1024(reply_tcon_and_X) > tconX service=IPC$ > [2015/03/30 01:05:38.128477, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/process.c:1802(process_smb) > Transaction 3 of length 106 (0 toread) > [2015/03/30 01:05:38.128537, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/process.c:1405(switch_message) > switch message SMBntcreateX (pid 882) conn 0xb893b588 > [2015/03/29 22:05:38.128622, 3, effective(65534, 3000009), real(65534, 0)]By the way, what the group 3000009 is supposed to be? Domain Users? Domain Admins?> ../source3/smbd/service.c:197(set_current_service) > chdir (/tmp) failed, reason: Permission denied > [2015/03/29 22:05:38.128674, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/error.c:82(error_packet_set) > NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED > [2015/03/29 22:05:38.138398, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/process.c:1802(process_smb) > Transaction 4 of length 118 (0 toread) > [2015/03/29 22:05:38.138453, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/process.c:1405(switch_message) > switch message SMBtrans (pid 882) conn 0xb893b588 > [2015/03/29 22:05:38.138494, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/service.c:197(set_current_service) > chdir (/tmp) failed, reason: Permission denied > [2015/03/29 22:05:38.138529, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/error.c:82(error_packet_set) > NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED > [2015/03/29 22:05:38.139702, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/process.c:1802(process_smb) > Transaction 5 of length 39 (0 toread) > [2015/03/29 22:05:38.139771, 3, effective(65534, 3000009), real(65534, 0)] > ../source3/smbd/process.c:1405(switch_message) > switch message SMBtdis (pid 882) conn 0xb893b588 > [2015/03/30 01:05:38.139897, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/service.c:1130(close_cnum) > 127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$ > [2015/03/30 01:05:38.141264, 3, effective(0, 0), real(0, 0)] > ../source3/smbd/server_exit.c:221(exit_server_common) > Server exit (failed to receive smb request)-- WBR, Andrey Repin, 30.03.2015, <01:54> Sorry for my terrible english...
Rowland Penny
2015-Mar-30 08:49 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
On 30/03/15 00:01, Andrey Repin wrote:> Greetings, Rowland Penny! > >> [2015/03/30 01:05:38.096168, 3, effective(0, 0), real(0, 0)] >> ../source4/auth/ntlm/auth.c:270(auth_check_password_send) >> auth_check_password_send: Checking password for unmapped user []\[]@[] >> auth_check_password_send: mapped user is: [CCENTER]\[]@[] >> [2015/03/30 01:05:38.125440, 2, effective(0, 0), real(0, 0)] >> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) >> connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' >> and 'force unknown acl user = true' for service IPC$ >> [2015/03/30 01:05:38.127532, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/service.c:856(make_connection_snum) >> 127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as >> user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882) >> [2015/03/30 01:05:38.127627, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/reply.c:1024(reply_tcon_and_X) >> tconX service=IPC$ >> [2015/03/30 01:05:38.128477, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/process.c:1802(process_smb) >> Transaction 3 of length 106 (0 toread) >> [2015/03/30 01:05:38.128537, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/process.c:1405(switch_message) >> switch message SMBntcreateX (pid 882) conn 0xb893b588 >> [2015/03/29 22:05:38.128622, 3, effective(65534, 3000009), real(65534, 0)] > By the way, what the group 3000009 is supposed to be? Domain Users? Domain > Admins? > >> ../source3/smbd/service.c:197(set_current_service) >> chdir (/tmp) failed, reason: Permission denied >> [2015/03/29 22:05:38.128674, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/error.c:82(error_packet_set) >> NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED >> [2015/03/29 22:05:38.138398, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/process.c:1802(process_smb) >> Transaction 4 of length 118 (0 toread) >> [2015/03/29 22:05:38.138453, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/process.c:1405(switch_message) >> switch message SMBtrans (pid 882) conn 0xb893b588 >> [2015/03/29 22:05:38.138494, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/service.c:197(set_current_service) >> chdir (/tmp) failed, reason: Permission denied >> [2015/03/29 22:05:38.138529, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/error.c:82(error_packet_set) >> NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED >> [2015/03/29 22:05:38.139702, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/process.c:1802(process_smb) >> Transaction 5 of length 39 (0 toread) >> [2015/03/29 22:05:38.139771, 3, effective(65534, 3000009), real(65534, 0)] >> ../source3/smbd/process.c:1405(switch_message) >> switch message SMBtdis (pid 882) conn 0xb893b588 >> [2015/03/30 01:05:38.139897, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/service.c:1130(close_cnum) >> 127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$ >> [2015/03/30 01:05:38.141264, 3, effective(0, 0), real(0, 0)] >> ../source3/smbd/server_exit.c:221(exit_server_common) >> Server exit (failed to receive smb request) > > -- > WBR, > Andrey Repin, 30.03.2015, <01:54> > > Sorry for my terrible english... >OK, It would seem that you possibly have a problem with your /tmp directory, it should be readable and writeable by anybody i.e. on my DC ls -la / shows: drwxrwxrwt 14 root root 4096 Mar 30 09:17 tmp As for who '3000009' is, you can find out this by running (on the DC) 'ldbedit -e nano -H /var/lib/samba/private/idmap.ldb' and searching for '3000009', on my DC this results in this: dn: CN=S-1-5-32-545 cn: S-1-5-32-545 objectClass: sidMap objectSid: S-1-5-32-545 type: ID_TYPE_BOTH xidNumber: 3000009 distinguishedName: CN=S-1-5-32-545 So '3000009' has the SID 'S-1-5-32-545' To find out who this is go here: http://support.microsoft.com/en-us/kb/243330 This reveals that this is the SID of the 'Users' group This is probably true for your DC, but I would check your DC, as you can have differences between DCs. Rowland
L.P.H. van Belle
2015-Mar-30 09:06 UTC
[Samba] Unable to browse system shares of a newly migrated AD DC
I think this wont work since the user connectig isnt known in the AD, since the user connecting is mapped to user nobody. auth_check_password_send: Checking password for unmapped user []\[]@[] auth_check_password_send: mapped user is: [CCENTER]\[]@[] connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) and 'force unknown acl user = true' for service IPC$ cat /etc/passwd | grep nobody nobody:x:65534:65534:nobody:/nonexistent:/bin/sh and by default "Guest" (nobody) is disabled in the AD. Greetz, Louis>-----Oorspronkelijk bericht----- >Van: rowlandpenny at googlemail.com >[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny >Verzonden: maandag 30 maart 2015 10:49 >Aan: samba at lists.samba.org >Onderwerp: Re: [Samba] Unable to browse system shares of a >newly migrated AD DC > >On 30/03/15 00:01, Andrey Repin wrote: >> Greetings, Rowland Penny! >> >>> [2015/03/30 01:05:38.096168, 3, effective(0, 0), real(0, 0)] >>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send) >>> auth_check_password_send: Checking password for unmapped >user []\[]@[] >>> auth_check_password_send: mapped user is: [CCENTER]\[]@[] >>> [2015/03/30 01:05:38.125440, 2, effective(0, 0), real(0, 0)] >>> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr) >>> connect_acl_xattr: setting 'inherit acls = true' 'dos >filemode = true' >>> and 'force unknown acl user = true' for service IPC$ >>> [2015/03/30 01:05:38.127532, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/service.c:856(make_connection_snum) >>> 127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ >initially as >>> user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882) >>> [2015/03/30 01:05:38.127627, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/reply.c:1024(reply_tcon_and_X) >>> tconX service=IPC$ >>> [2015/03/30 01:05:38.128477, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/process.c:1802(process_smb) >>> Transaction 3 of length 106 (0 toread) >>> [2015/03/30 01:05:38.128537, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/process.c:1405(switch_message) >>> switch message SMBntcreateX (pid 882) conn 0xb893b588 >>> [2015/03/29 22:05:38.128622, 3, effective(65534, 3000009), >real(65534, 0)] >> By the way, what the group 3000009 is supposed to be? Domain >Users? Domain >> Admins? >> >>> ../source3/smbd/service.c:197(set_current_service) >>> chdir (/tmp) failed, reason: Permission denied >>> [2015/03/29 22:05:38.128674, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/error.c:82(error_packet_set) >>> NT error packet at ../source3/smbd/process.c(1524) >cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED >>> [2015/03/29 22:05:38.138398, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/process.c:1802(process_smb) >>> Transaction 4 of length 118 (0 toread) >>> [2015/03/29 22:05:38.138453, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/process.c:1405(switch_message) >>> switch message SMBtrans (pid 882) conn 0xb893b588 >>> [2015/03/29 22:05:38.138494, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/service.c:197(set_current_service) >>> chdir (/tmp) failed, reason: Permission denied >>> [2015/03/29 22:05:38.138529, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/error.c:82(error_packet_set) >>> NT error packet at ../source3/smbd/process.c(1524) >cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED >>> [2015/03/29 22:05:38.139702, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/process.c:1802(process_smb) >>> Transaction 5 of length 39 (0 toread) >>> [2015/03/29 22:05:38.139771, 3, effective(65534, 3000009), >real(65534, 0)] >>> ../source3/smbd/process.c:1405(switch_message) >>> switch message SMBtdis (pid 882) conn 0xb893b588 >>> [2015/03/30 01:05:38.139897, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/service.c:1130(close_cnum) >>> 127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to >service IPC$ >>> [2015/03/30 01:05:38.141264, 3, effective(0, 0), real(0, 0)] >>> ../source3/smbd/server_exit.c:221(exit_server_common) >>> Server exit (failed to receive smb request) >> >> -- >> WBR, >> Andrey Repin, 30.03.2015, <01:54> >> >> Sorry for my terrible english... >> > >OK, It would seem that you possibly have a problem with your /tmp >directory, it should be readable and writeable by anybody i.e. on my DC >ls -la / shows: > >drwxrwxrwt 14 root root 4096 Mar 30 09:17 tmp > >As for who '3000009' is, you can find out this by running (on the DC) >'ldbedit -e nano -H /var/lib/samba/private/idmap.ldb' and >searching for >'3000009', on my DC this results in this: > >dn: CN=S-1-5-32-545 >cn: S-1-5-32-545 >objectClass: sidMap >objectSid: S-1-5-32-545 >type: ID_TYPE_BOTH >xidNumber: 3000009 >distinguishedName: CN=S-1-5-32-545 > >So '3000009' has the SID 'S-1-5-32-545' >To find out who this is go here: >http://support.microsoft.com/en-us/kb/243330 > >This reveals that this is the SID of the 'Users' group > >This is probably true for your DC, but I would check your DC, >as you can >have differences between DCs. > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Reasonably Related Threads
- Unable to browse system shares of a newly migrated AD DC
- Unable to browse system shares of a newly migrated AD DC
- Unable to browse system shares of a newly migrated AD DC
- Unable to browse system shares of a newly migrated AD DC
- Unable to browse system shares of a newly migrated AD DC