samba - Mar 2015 - Unable to browse system shares of a newly migrated AD DC

Greetings, Rowland Penny!

Got some logs. But... they do not make much sense.
It seems to fail to chdir to /tmp. But I can do it with sudo just fine under
the same credentials.
What's going on?

[2015/03/30 01:05:38.027147,  3, effective(0, 0), real(0, 0)]
../source3/lib/access.c:338(allow_access)
  Allowed connection from 127.0.0.1 (127.0.0.1)
[2015/03/30 01:05:38.027425,  3, effective(0, 0), real(0, 0)]
../source3/smbd/oplock.c:870(init_oplocks)
  init_oplocks: initializing messages.
[2015/03/30 01:05:38.027695,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 0 of length 194 (0 toread)
[2015/03/30 01:05:38.027728,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBnegprot (pid 882) conn 0x0
[2015/03/30 01:05:38.033749,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2015/03/30 01:05:38.033869,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2015/03/30 01:05:38.033930,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[2015/03/30 01:05:38.033989,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN1.0]
[2015/03/30 01:05:38.034055,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LM1.2X002]
[2015/03/30 01:05:38.034116,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [DOS LANMAN2.1]
[2015/03/30 01:05:38.034177,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN2.1]
[2015/03/30 01:05:38.034234,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [Samba]
[2015/03/30 01:05:38.034323,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LANMAN 1.0]
[2015/03/30 01:05:38.034376,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LM 0.12]
[2015/03/30 01:05:38.066076,  2, effective(0, 0), real(0, 0)]
../lib/util/modules.c:191(do_smb_load_module)
  Module 'samba4' loaded
[2015/03/30 01:05:38.067018,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2015/03/30 01:05:38.067085,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2015/03/30 01:05:38.067129,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2015/03/30 01:05:38.067173,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'schannel' registered
[2015/03/30 01:05:38.067215,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'spnego' registered
[2015/03/30 01:05:38.067280,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2015/03/30 01:05:38.067330,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'krb5' registered
[2015/03/30 01:05:38.067371,  3, effective(0, 0), real(0, 0)]
../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2015/03/30 01:05:38.068387,  3, effective(0, 0), real(0, 0)]
../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2015/03/30 01:05:38.069598,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam' registered
[2015/03/30 01:05:38.069684,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2015/03/30 01:05:38.069729,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'anonymous' registered
[2015/03/30 01:05:38.069802,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind' registered
[2015/03/30 01:05:38.069848,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2015/03/30 01:05:38.069910,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2015/03/30 01:05:38.069958,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'unix' registered
[2015/03/30 01:05:38.088423,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:384(reply_nt1)
  using SPNEGO
[2015/03/30 01:05:38.088497,  3, effective(0, 0), real(0, 0)]
../source3/smbd/negprot.c:671(reply_negprot)
  Selected protocol NT LANMAN 1.0
[2015/03/30 01:05:38.088901,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 1 of length 92 (0 toread)
[2015/03/30 01:05:38.088973,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBsesssetupX (pid 882) conn 0x0
[2015/03/30 01:05:38.094128,  3, effective(0, 0), real(0, 0)]
../source3/smbd/sesssetup.c:604(reply_sesssetup_and_X)
  wct=13 flg2=0xc843
[2015/03/30 01:05:38.094250,  3, effective(0, 0), real(0, 0)]
../source3/smbd/sesssetup.c:818(reply_sesssetup_and_X)
  Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null]
[2015/03/30 01:05:38.094299,  3, effective(0, 0), real(0, 0)]
../source3/smbd/sesssetup.c:834(reply_sesssetup_and_X)
  sesssetupX:name=[]\[]@[127.0.0.1]
[2015/03/30 01:05:38.094367,  3, effective(0, 0), real(0, 0)]
../source3/smbd/sesssetup.c:89(check_guest_password)
  Got anonymous request
[2015/03/30 01:05:38.096168,  3, effective(0, 0), real(0, 0)]
../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user []\[]@[]
  auth_check_password_send: mapped user is: [CCENTER]\[]@[]
[2015/03/30 01:05:38.098786,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 2 of length 88 (0 toread)
[2015/03/30 01:05:38.098854,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBtconX (pid 882) conn 0x0
[2015/03/30 01:05:38.099031,  3, effective(0, 0), real(0, 0)]
../source3/lib/access.c:338(allow_access)
  Allowed connection from 127.0.0.1 (127.0.0.1)
[2015/03/30 01:05:38.099142,  3, effective(0, 0), real(0, 0)]
../source3/smbd/service.c:612(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2015/03/30 01:05:38.099903,  3, effective(0, 0), real(0, 0)]
../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2015/03/30 01:05:38.099972,  3, effective(0, 0), real(0, 0)]
../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2015/03/30 01:05:38.100022,  3, effective(0, 0), real(0, 0)]
../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [acl_xattr]
[2015/03/30 01:05:38.118613,  2, effective(0, 0), real(0, 0)]
../lib/util/modules.c:191(do_smb_load_module)
  Module 'acl_xattr' loaded
[2015/03/30 01:05:38.118757,  3, effective(0, 0), real(0, 0)]
../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2015/03/30 01:05:38.125409,  2, effective(0, 0), real(0, 0)]
../lib/util/modules.c:191(do_smb_load_module)
  Module 'dfs_samba4' loaded
[2015/03/30 01:05:38.125440,  2, effective(0, 0), real(0, 0)]
../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2015/03/30 01:05:38.127532,  3, effective(0, 0), real(0, 0)]
../source3/smbd/service.c:856(make_connection_snum)
  127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as user NT
AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882)
[2015/03/30 01:05:38.127627,  3, effective(0, 0), real(0, 0)]
../source3/smbd/reply.c:1024(reply_tcon_and_X)
  tconX service=IPC$ 
[2015/03/30 01:05:38.128477,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 3 of length 106 (0 toread)
[2015/03/30 01:05:38.128537,  3, effective(0, 0), real(0, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBntcreateX (pid 882) conn 0xb893b588
[2015/03/29 22:05:38.128622,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/service.c:197(set_current_service)
  chdir (/tmp) failed, reason: Permission denied
[2015/03/29 22:05:38.128674,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
[2015/03/29 22:05:38.138398,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 4 of length 118 (0 toread)
[2015/03/29 22:05:38.138453,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBtrans (pid 882) conn 0xb893b588
[2015/03/29 22:05:38.138494,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/service.c:197(set_current_service)
  chdir (/tmp) failed, reason: Permission denied
[2015/03/29 22:05:38.138529,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans)
NT_STATUS_ACCESS_DENIED
[2015/03/29 22:05:38.139702,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/process.c:1802(process_smb)
  Transaction 5 of length 39 (0 toread)
[2015/03/29 22:05:38.139771,  3, effective(65534, 3000009), real(65534, 0)]
../source3/smbd/process.c:1405(switch_message)
  switch message SMBtdis (pid 882) conn 0xb893b588
[2015/03/30 01:05:38.139897,  3, effective(0, 0), real(0, 0)]
../source3/smbd/service.c:1130(close_cnum)
  127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$
[2015/03/30 01:05:38.141264,  3, effective(0, 0), real(0, 0)]
../source3/smbd/server_exit.c:221(exit_server_common)
  Server exit (failed to receive smb request)


--
WBR,
Andrey Repin (anrdaemon at yandex.ru) 30.03.2015, <01:15>

Sorry for my terrible english...

Greetings, Rowland Penny!
> [2015/03/30 01:05:38.096168,  3, effective(0, 0), real(0, 0)]
> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>   auth_check_password_send: Checking password for unmapped user []\[]@[]
>   auth_check_password_send: mapped user is: [CCENTER]\[]@[]
> [2015/03/30 01:05:38.125440,  2, effective(0, 0), real(0, 0)]
> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>   connect_acl_xattr: setting 'inherit acls = true' 'dos
filemode = true'
> and 'force unknown acl user = true' for service IPC$
> [2015/03/30 01:05:38.127532,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/service.c:856(make_connection_snum)
>   127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as
> user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882)
> [2015/03/30 01:05:38.127627,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/reply.c:1024(reply_tcon_and_X)
>   tconX service=IPC$ 
> [2015/03/30 01:05:38.128477,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/process.c:1802(process_smb)
>   Transaction 3 of length 106 (0 toread)
> [2015/03/30 01:05:38.128537,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/process.c:1405(switch_message)
>   switch message SMBntcreateX (pid 882) conn 0xb893b588
> [2015/03/29 22:05:38.128622,  3, effective(65534, 3000009), real(65534, 0)]
By the way, what the group 3000009 is supposed to be? Domain Users? Domain
Admins?
> ../source3/smbd/service.c:197(set_current_service)
>   chdir (/tmp) failed, reason: Permission denied
> [2015/03/29 22:05:38.128674,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/error.c:82(error_packet_set)
>   NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX)
NT_STATUS_ACCESS_DENIED
> [2015/03/29 22:05:38.138398,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/process.c:1802(process_smb)
>   Transaction 4 of length 118 (0 toread)
> [2015/03/29 22:05:38.138453,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/process.c:1405(switch_message)
>   switch message SMBtrans (pid 882) conn 0xb893b588
> [2015/03/29 22:05:38.138494,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/service.c:197(set_current_service)
>   chdir (/tmp) failed, reason: Permission denied
> [2015/03/29 22:05:38.138529,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/error.c:82(error_packet_set)
>   NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans)
NT_STATUS_ACCESS_DENIED
> [2015/03/29 22:05:38.139702,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/process.c:1802(process_smb)
>   Transaction 5 of length 39 (0 toread)
> [2015/03/29 22:05:38.139771,  3, effective(65534, 3000009), real(65534, 0)]
> ../source3/smbd/process.c:1405(switch_message)
>   switch message SMBtdis (pid 882) conn 0xb893b588
> [2015/03/30 01:05:38.139897,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/service.c:1130(close_cnum)
>   127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$
> [2015/03/30 01:05:38.141264,  3, effective(0, 0), real(0, 0)]
> ../source3/smbd/server_exit.c:221(exit_server_common)
>   Server exit (failed to receive smb request)

--
WBR,
Andrey Repin, 30.03.2015, <01:54>

Sorry for my terrible english...

On 30/03/15 00:01, Andrey Repin wrote:
> Greetings, Rowland Penny!
>
>> [2015/03/30 01:05:38.096168,  3, effective(0, 0), real(0, 0)]
>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>>    auth_check_password_send: Checking password for unmapped user
[]\[]@[]
>>    auth_check_password_send: mapped user is: [CCENTER]\[]@[]
>> [2015/03/30 01:05:38.125440,  2, effective(0, 0), real(0, 0)]
>> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>>    connect_acl_xattr: setting 'inherit acls = true' 'dos
filemode = true'
>> and 'force unknown acl user = true' for service IPC$
>> [2015/03/30 01:05:38.127532,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/service.c:856(make_connection_snum)
>>    127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially
as
>> user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882)
>> [2015/03/30 01:05:38.127627,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/reply.c:1024(reply_tcon_and_X)
>>    tconX service=IPC$
>> [2015/03/30 01:05:38.128477,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/process.c:1802(process_smb)
>>    Transaction 3 of length 106 (0 toread)
>> [2015/03/30 01:05:38.128537,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/process.c:1405(switch_message)
>>    switch message SMBntcreateX (pid 882) conn 0xb893b588
>> [2015/03/29 22:05:38.128622,  3, effective(65534, 3000009), real(65534,
0)]
> By the way, what the group 3000009 is supposed to be? Domain Users? Domain
> Admins?
>
>> ../source3/smbd/service.c:197(set_current_service)
>>    chdir (/tmp) failed, reason: Permission denied
>> [2015/03/29 22:05:38.128674,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/error.c:82(error_packet_set)
>>    NT error packet at ../source3/smbd/process.c(1524) cmd=162
(SMBntcreateX) NT_STATUS_ACCESS_DENIED
>> [2015/03/29 22:05:38.138398,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/process.c:1802(process_smb)
>>    Transaction 4 of length 118 (0 toread)
>> [2015/03/29 22:05:38.138453,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/process.c:1405(switch_message)
>>    switch message SMBtrans (pid 882) conn 0xb893b588
>> [2015/03/29 22:05:38.138494,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/service.c:197(set_current_service)
>>    chdir (/tmp) failed, reason: Permission denied
>> [2015/03/29 22:05:38.138529,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/error.c:82(error_packet_set)
>>    NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans)
NT_STATUS_ACCESS_DENIED
>> [2015/03/29 22:05:38.139702,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/process.c:1802(process_smb)
>>    Transaction 5 of length 39 (0 toread)
>> [2015/03/29 22:05:38.139771,  3, effective(65534, 3000009), real(65534,
0)]
>> ../source3/smbd/process.c:1405(switch_message)
>>    switch message SMBtdis (pid 882) conn 0xb893b588
>> [2015/03/30 01:05:38.139897,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/service.c:1130(close_cnum)
>>    127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$
>> [2015/03/30 01:05:38.141264,  3, effective(0, 0), real(0, 0)]
>> ../source3/smbd/server_exit.c:221(exit_server_common)
>>    Server exit (failed to receive smb request)
>
> --
> WBR,
> Andrey Repin, 30.03.2015, <01:54>
>
> Sorry for my terrible english...
>
OK, It would seem that you possibly have a problem with your /tmp 
directory, it should be readable and writeable by anybody i.e. on my DC
ls -la / shows:

drwxrwxrwt  14 root     root      4096 Mar 30 09:17 tmp

As for who '3000009' is, you can find out this by running (on the DC) 
'ldbedit -e nano -H /var/lib/samba/private/idmap.ldb' and searching for 
'3000009', on my DC this results in this:

dn: CN=S-1-5-32-545
cn: S-1-5-32-545
objectClass: sidMap
objectSid: S-1-5-32-545
type: ID_TYPE_BOTH
xidNumber: 3000009
distinguishedName: CN=S-1-5-32-545

So '3000009' has the SID 'S-1-5-32-545'
To find out who this is go here: 
http://support.microsoft.com/en-us/kb/243330

This reveals that this is the SID of the 'Users' group

This is probably true for your DC, but I would check your DC, as you can 
have differences between DCs.

Rowland

I think this wont work since the user connectig isnt known in the AD,
since the user connecting is mapped to user nobody. 


auth_check_password_send: Checking password for unmapped user []\[]@[]
auth_check_password_send: mapped user is: [CCENTER]\[]@[]
connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true'
connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON
(uid=65534, gid=3000009)
and 'force unknown acl user = true' for service IPC$

cat /etc/passwd | grep nobody
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh

and by default "Guest" (nobody) is disabled in the AD. 



Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com 
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: maandag 30 maart 2015 10:49
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Unable to browse system shares of a 
>newly migrated AD DC
>
>On 30/03/15 00:01, Andrey Repin wrote:
>> Greetings, Rowland Penny!
>>
>>> [2015/03/30 01:05:38.096168,  3, effective(0, 0), real(0, 0)]
>>> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
>>>    auth_check_password_send: Checking password for unmapped 
>user []\[]@[]
>>>    auth_check_password_send: mapped user is: [CCENTER]\[]@[]
>>> [2015/03/30 01:05:38.125440,  2, effective(0, 0), real(0, 0)]
>>> ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
>>>    connect_acl_xattr: setting 'inherit acls = true'
'dos
>filemode = true'
>>> and 'force unknown acl user = true' for service IPC$
>>> [2015/03/30 01:05:38.127532,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/service.c:856(make_connection_snum)
>>>    127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ 
>initially as
>>> user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid
882)
>>> [2015/03/30 01:05:38.127627,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/reply.c:1024(reply_tcon_and_X)
>>>    tconX service=IPC$
>>> [2015/03/30 01:05:38.128477,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/process.c:1802(process_smb)
>>>    Transaction 3 of length 106 (0 toread)
>>> [2015/03/30 01:05:38.128537,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/process.c:1405(switch_message)
>>>    switch message SMBntcreateX (pid 882) conn 0xb893b588
>>> [2015/03/29 22:05:38.128622,  3, effective(65534, 3000009), 
>real(65534, 0)]
>> By the way, what the group 3000009 is supposed to be? Domain 
>Users? Domain
>> Admins?
>>
>>> ../source3/smbd/service.c:197(set_current_service)
>>>    chdir (/tmp) failed, reason: Permission denied
>>> [2015/03/29 22:05:38.128674,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/error.c:82(error_packet_set)
>>>    NT error packet at ../source3/smbd/process.c(1524) 
>cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
>>> [2015/03/29 22:05:38.138398,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/process.c:1802(process_smb)
>>>    Transaction 4 of length 118 (0 toread)
>>> [2015/03/29 22:05:38.138453,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/process.c:1405(switch_message)
>>>    switch message SMBtrans (pid 882) conn 0xb893b588
>>> [2015/03/29 22:05:38.138494,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/service.c:197(set_current_service)
>>>    chdir (/tmp) failed, reason: Permission denied
>>> [2015/03/29 22:05:38.138529,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/error.c:82(error_packet_set)
>>>    NT error packet at ../source3/smbd/process.c(1524) 
>cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED
>>> [2015/03/29 22:05:38.139702,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/process.c:1802(process_smb)
>>>    Transaction 5 of length 39 (0 toread)
>>> [2015/03/29 22:05:38.139771,  3, effective(65534, 3000009), 
>real(65534, 0)]
>>> ../source3/smbd/process.c:1405(switch_message)
>>>    switch message SMBtdis (pid 882) conn 0xb893b588
>>> [2015/03/30 01:05:38.139897,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/service.c:1130(close_cnum)
>>>    127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to 
>service IPC$
>>> [2015/03/30 01:05:38.141264,  3, effective(0, 0), real(0, 0)]
>>> ../source3/smbd/server_exit.c:221(exit_server_common)
>>>    Server exit (failed to receive smb request)
>>
>> --
>> WBR,
>> Andrey Repin, 30.03.2015, <01:54>
>>
>> Sorry for my terrible english...
>>
>
>OK, It would seem that you possibly have a problem with your /tmp 
>directory, it should be readable and writeable by anybody i.e. on my DC
>ls -la / shows:
>
>drwxrwxrwt  14 root     root      4096 Mar 30 09:17 tmp
>
>As for who '3000009' is, you can find out this by running (on the
DC)
>'ldbedit -e nano -H /var/lib/samba/private/idmap.ldb' and 
>searching for 
>'3000009', on my DC this results in this:
>
>dn: CN=S-1-5-32-545
>cn: S-1-5-32-545
>objectClass: sidMap
>objectSid: S-1-5-32-545
>type: ID_TYPE_BOTH
>xidNumber: 3000009
>distinguishedName: CN=S-1-5-32-545
>
>So '3000009' has the SID 'S-1-5-32-545'
>To find out who this is go here: 
>http://support.microsoft.com/en-us/kb/243330
>
>This reveals that this is the SID of the 'Users' group
>
>This is probably true for your DC, but I would check your DC, 
>as you can 
>have differences between DCs.
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>