Hi,
I think the error is in converting the POSIx ACl, but I don't know how to
fix this.
I checked the following entry in the Log:
[2020/03/14 00:37:37.015551, 2]
../../source3/smbd/posix_acls.c:3045(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file .
(Opera??o sem suporte).
[2020/03/14 00:37:37.015616, 3]
../../source3/smbd/posix_acls.c:3130(convert_canon_ace_to_posix_perms)
convert_canon_ace_to_posix_perms: Too many ACE entries for file . to
convert to posix perms.
[2020/03/14 00:37:37.015647, 3]
../../source3/smbd/posix_acls.c:3942(set_nt_acl)
set_nt_acl: failed to convert file acl to posix permissions for file ..
Do you have an idea to solve this problem?
Regards,
M?rcio Bacci
Em s?b., 14 de mar. de 2020 ?s 00:55, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> Follow my smb.conf:
>
> [global]
> netbios name = SRV-FILESERVER
> workgroup = EMPRESA
> security = ADS
> realm = EMPRESA.COM.BR
> # encrypt passwords = yes
> username map = /etc/samba/user.map
>
> log file = /var/log/samba/%m.log
> #log level = 1
> log level = 3 passdb:5 auth:5
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> idmap config EMPRESA:backend = ad
> idmap config EMPRESA:schema_mode = rfc2307
> idmap config EMPRESA:range = 10000-999999
> idmap config EMPRESA:unix_nss_info = yes
> idmap config EMPRESA:unix_primary_group = yes
>
> winbind refresh tickets = Yes
> # winbind separator = +
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> template shell = /bin/bash
> template homedir = /home/%U
>
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
>
>
> #DESABILITAR IMPRESSORA
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> #COMPARTILHAMENTOS
>
> [Assessoria-1]
> path = /ARQUIVOS/Empresa/Asse1
> read only = no
>
> [Assessoria-2]
> path = /ARQUIVOS/Empresa/Asse2
> read only = no
>
>
>
> Follow my log:
>
> tail -f 192.168.1.134.log
> [2020/03/13 13:34:57.472784, 3]
> ../../source3/smbd/posix_acls.c:3942(set_nt_acl)
> set_nt_acl: failed to convert file acl to posix permissions for file ..
> [2020/03/13 13:34:57.472811, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_setinfo.c:136
> [2020/03/13 13:34:58.022504, 3]
> ../../source3/smbd/service.c:1131(close_cnum)
> 192.168.1.134 (ipv4:192.168.1.134:55547) closed connection to service
> IPC$
> [2020/03/13 13:35:12.343934, 2]
> ../../source3/smbd/service.c:1131(close_cnum)
> 192.168.1.134 (ipv4:192.168.1.134:55547) closed connection to service
> Assessoria-2
> [2020/03/13 13:35:12.345599, 3]
> ../../source3/smbd/server_exit.c:244(exit_server_common)
> Server exit (NT_STATUS_END_OF_FILE)
> [2020/03/14 00:37:17.026958, 3]
> ../../source3/smbd/oplock.c:1414(init_oplocks)
> init_oplocks: initializing messages.
> [2020/03/14 00:37:17.071239, 3]
> ../../source3/smbd/process.c:1956(process_smb)
> Transaction 0 of length 106 (0 toread)
> [2020/03/14 00:37:17.071750, 3]
> ../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
> Selected protocol SMB2_02
> [2020/03/14 00:37:17.071927, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:17.072022, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend anonymous
> [2020/03/14 00:37:17.072111, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'anonymous'
> [2020/03/14 00:37:17.072182, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam
> [2020/03/14 00:37:17.072247, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam'
> [2020/03/14 00:37:17.072311, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam_ignoredomain
> [2020/03/14 00:37:17.072376, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam_ignoredomain'
> [2020/03/14 00:37:17.072440, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam_netlogon3
> [2020/03/14 00:37:17.072518, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam_netlogon3'
> [2020/03/14 00:37:17.072589, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend winbind
> [2020/03/14 00:37:17.072660, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'winbind'
> [2020/03/14 00:37:17.072731, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend unix
> [2020/03/14 00:37:17.072801, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'unix'
> [2020/03/14 00:37:17.072880, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:17.072948, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:17.073013, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:17.073079, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:17.073145, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:17.073209, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:17.073305, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:17.073390, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:17.083334, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2020/03/14 00:37:17.083497, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2020/03/14 00:37:17.083597, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2020/03/14 00:37:17.083682, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'spnego' registered
> [2020/03/14 00:37:17.083763, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'schannel' registered
> [2020/03/14 00:37:17.083855, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'naclrpc_as_system' registered
> [2020/03/14 00:37:17.083932, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'sasl-EXTERNAL' registered
> [2020/03/14 00:37:17.084008, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2020/03/14 00:37:17.084081, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp_resume_ccache' registered
> [2020/03/14 00:37:17.084152, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_basic' registered
> [2020/03/14 00:37:17.084222, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_ntlm' registered
> [2020/03/14 00:37:17.084293, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_negotiate' registered
> [2020/03/14 00:37:17.084381, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'krb5' registered
> [2020/03/14 00:37:17.084456, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'fake_gssapi_krb5' registered
> [2020/03/14 00:37:17.084676, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2020/03/14 00:37:17.084812, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC submechanism gse_krb5
> [2020/03/14 00:37:17.104025, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:17.104112, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:17.104164, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:17.104206, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:17.104253, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:17.104299, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:17.104346, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:17.104392, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:17.104438, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:17.104537, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2020/03/14 00:37:17.104689, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC submechanism gse_krb5
> [2020/03/14 00:37:17.108505, 3]
> ../../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
> Found account name from PAC: Administrator [Rede]
> [2020/03/14 00:37:17.108565, 3]
> ../../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> Kerberos ticket principal name is [Administrator at EMPRESA.EB.MIL.BR]
> [2020/03/14 00:37:17.108627, 3]
> ../../source3/auth/user_util.c:417(map_username)
> Mapped user EMPRESA\Administrator to root
> [2020/03/14 00:37:17.108694, 3]
> ../../source3/param/loadparm.c:3869(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2020/03/14 00:37:17.108761, 3]
> ../../source3/param/loadparm.c:549(init_globals)
> Initialising global parameters
> [2020/03/14 00:37:17.108840, 3]
> ../../source3/param/loadparm.c:2783(lp_do_section)
> Processing section "[global]"
> [2020/03/14 00:37:17.109304, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Teste]"
> [2020/03/14 00:37:17.109401, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[SCH]"
> [2020/03/14 00:37:17.109486, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Assessoria-1]"
> [2020/03/14 00:37:17.109570, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Assessoria-2]"
> [2020/03/14 00:37:17.109671, 3]
> ../../source3/param/loadparm.c:1618(lp_add_ipc)
> adding IPC service
> [2020/03/14 00:37:17.109762, 3]
> ../../source3/auth/user_util.c:306(map_username)
> Mapped user EMPRESA\administrator to root
> [2020/03/14 00:37:17.112545, 5]
> ../../source3/passdb/pdb_tdb.c:600(tdbsam_getsampwnam)
> pdb_getsampwnam (TDB): error fetching database.
> Key: USER_root
> [2020/03/14 00:37:17.115437, 3]
> ../../source3/smbd/password.c:140(register_homes_share)
> Adding homes service for user 'root' using home directory:
'/root'
> [2020/03/14 00:37:17.116990, 3] ../../lib/util/access.c:371(allow_access)
> Allowed connection from 192.168.1.134 (192.168.1.134)
> [2020/03/14 00:37:17.117160, 3]
> ../../source3/smbd/service.c:605(make_connection_snum)
> make_connection_snum: Connect path is '/tmp' for service [IPC$]
> [2020/03/14 00:37:17.117323, 3]
> ../../source3/smbd/vfs.c:114(vfs_init_default)
> Initialising default vfs hooks
> [2020/03/14 00:37:17.117433, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2020/03/14 00:37:17.117502, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [acl_xattr]
> [2020/03/14 00:37:17.128694, 3]
> ../../lib/util/modules.c:167(load_module_absolute_path)
> load_module_absolute_path: Module
> '/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
> [2020/03/14 00:37:17.128772, 2]
> ../../source3/modules/vfs_acl_xattr.c:233(connect_acl_xattr)
> connect_acl_xattr: setting 'inherit acls = true' 'dos
filemode = true'
> and 'force unknown acl user = true' for service IPC$
> [2020/03/14 00:37:17.128883, 3]
> ../../source3/smbd/service.c:851(make_connection_snum)
> 192.168.1.134 (ipv4:192.168.1.134:62573) connect to service IPC$
> initially as user root (uid=0, gid=0) (pid 3065)
> [2020/03/14 00:37:17.130122, 3]
> ../../source3/smbd/msdfs.c:1060(get_referred_path)
> get_referred_path: |Assessoria-2| in dfs path
> \SRV-FILESERVER\Assessoria-2 is not a dfs root.
> [2020/03/14 00:37:17.130250, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:312
> [2020/03/14 00:37:17.131154, 3] ../../lib/util/access.c:371(allow_access)
> Allowed connection from 192.168.1.134 (192.168.1.134)
> [2020/03/14 00:37:17.131334, 3]
> ../../source3/smbd/service.c:605(make_connection_snum)
> make_connection_snum: Connect path is '/ARQUIVOS/Empresa/Asse2'
for
> service [Assessoria-2]
> [2020/03/14 00:37:17.131428, 3]
> ../../source3/smbd/vfs.c:114(vfs_init_default)
> Initialising default vfs hooks
> [2020/03/14 00:37:17.131459, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2020/03/14 00:37:17.131485, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [acl_xattr]
> [2020/03/14 00:37:17.131516, 2]
> ../../source3/modules/vfs_acl_xattr.c:233(connect_acl_xattr)
> connect_acl_xattr: setting 'inherit acls = true' 'dos
filemode = true'
> and 'force unknown acl user = true' for service Assessoria-2
> [2020/03/14 00:37:17.131659, 2]
> ../../source3/smbd/service.c:851(make_connection_snum)
> 192.168.1.134 (ipv4:192.168.1.134:62573) connect to service
> Assessoria-2 initially as user root (uid=0, gid=0) (pid 3065)
> [2020/03/14 00:37:17.133433, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:17.133488, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../../source3/smbd/smb2_getinfo.c:176
> [2020/03/14 00:37:17.134198, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:17.141789, 3]
> ../../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
> api_pipe_bind_req: lsarpc -> lsarpc rpc service
> [2020/03/14 00:37:17.141843, 3]
> ../../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for lsarpc context_id=0
> [2020/03/14 00:37:17.141886, 3]
> ../../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: lsarpc -> lsarpc rpc service
> [2020/03/14 00:37:17.141925, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:17.141958, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:17.141984, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:17.142011, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:17.142038, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:17.142065, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:17.142089, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:17.142115, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:17.142142, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:17.142677, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_OPENPOLICY2
> [2020/03/14 00:37:17.143625, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_LOOKUPSIDS2
> [2020/03/14 00:37:17.504175, 3]
> ../../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for dssetup context_id=1
> [2020/03/14 00:37:17.504330, 3]
> ../../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: dssetup -> dssetup rpc service
> [2020/03/14 00:37:17.505352, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION
> [2020/03/14 00:37:17.754448, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_CLOSE
> [2020/03/14 00:37:17.757415, 3]
> ../../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
> api_pipe_bind_req: lsarpc -> lsarpc rpc service
> [2020/03/14 00:37:17.757489, 3]
> ../../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for lsarpc context_id=0
> [2020/03/14 00:37:17.757530, 3]
> ../../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: lsarpc -> lsarpc rpc service
> [2020/03/14 00:37:17.757585, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:17.757628, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:17.757661, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:17.757707, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:17.757745, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:17.757781, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:17.757811, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:17.757840, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:17.757875, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:17.758615, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_OPENPOLICY2
> [2020/03/14 00:37:17.759385, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_LOOKUPSIDS2
> [2020/03/14 00:37:17.760287, 3]
> ../../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for dssetup context_id=1
> [2020/03/14 00:37:17.760436, 3]
> ../../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: dssetup -> dssetup rpc service
> [2020/03/14 00:37:17.761286, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION
> [2020/03/14 00:37:17.766554, 3]
> ../../source3/rpc_server/srv_pipe.c:751(api_pipe_bind_req)
> api_pipe_bind_req: samr -> samr rpc service
> [2020/03/14 00:37:17.766607, 3]
> ../../source3/rpc_server/srv_pipe.c:356(check_bind_req)
> check_bind_req for samr context_id=0
> [2020/03/14 00:37:17.766645, 3]
> ../../source3/rpc_server/srv_pipe.c:399(check_bind_req)
> check_bind_req: samr -> samr rpc service
> [2020/03/14 00:37:17.766686, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:17.766718, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:17.766759, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:17.766790, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:17.766816, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:17.766841, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:17.766866, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:17.766921, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:17.766972, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:17.767792, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_CONNECT5
> [2020/03/14 00:37:17.768491, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_ENUMDOMAINS
> [2020/03/14 00:37:17.769130, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_LOOKUPDOMAIN
> [2020/03/14 00:37:17.769206, 2]
> ../../source3/rpc_server/samr/srv_samr_nt.c:4028(_samr_LookupDomain)
> Returning domain sid for domain SRV-FILESERVER ->
> S-1-5-21-732447858-3504177023-4119997009
> [2020/03/14 00:37:17.769805, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_OPENDOMAIN
> [2020/03/14 00:37:17.770576, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_OPENDOMAIN
> [2020/03/14 00:37:17.771346, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_LOOKUPNAMES
> [2020/03/14 00:37:17.771520, 5]
> ../../source3/passdb/pdb_tdb.c:600(tdbsam_getsampwnam)
> pdb_getsampwnam (TDB): error fetching database.
> Key: USER_root
> [2020/03/14 00:37:17.772368, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_CLOSE
> [2020/03/14 00:37:17.773202, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_CLOSE
> [2020/03/14 00:37:17.774013, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: SAMR_CLOSE
> [2020/03/14 00:37:17.775831, 3]
> ../../source3/rpc_server/srv_pipe.c:1531(api_rpcTNP)
> api_rpcTNP: rpc command: LSA_CLOSE
> [2020/03/14 00:37:20.528331, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:20.528488, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../../source3/smbd/smb2_getinfo.c:176
> [2020/03/14 00:37:20.529392, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:28.132142, 3]
> ../../source3/smbd/service.c:1131(close_cnum)
> 192.168.1.134 (ipv4:192.168.1.134:62573) closed connection to service
> IPC$
> [2020/03/14 00:37:33.701358, 2]
> ../../source3/smbd/service.c:1131(close_cnum)
> 192.168.1.134 (ipv4:192.168.1.134:62573) closed connection to service
> Assessoria-2
> [2020/03/14 00:37:33.702861, 3]
> ../../source3/smbd/server_exit.c:244(exit_server_common)
> Server exit (NT_STATUS_END_OF_FILE)
> [2020/03/14 00:37:36.928852, 3]
> ../../source3/smbd/oplock.c:1414(init_oplocks)
> init_oplocks: initializing messages.
> [2020/03/14 00:37:36.977287, 3]
> ../../source3/smbd/process.c:1956(process_smb)
> Transaction 0 of length 106 (0 toread)
> [2020/03/14 00:37:36.977458, 3]
> ../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
> Selected protocol SMB2_02
> [2020/03/14 00:37:36.977519, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:36.977552, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend anonymous
> [2020/03/14 00:37:36.977584, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'anonymous'
> [2020/03/14 00:37:36.977627, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam
> [2020/03/14 00:37:36.977686, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam'
> [2020/03/14 00:37:36.977744, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam_ignoredomain
> [2020/03/14 00:37:36.977802, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam_ignoredomain'
> [2020/03/14 00:37:36.977860, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend sam_netlogon3
> [2020/03/14 00:37:36.977918, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'sam_netlogon3'
> [2020/03/14 00:37:36.977976, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend winbind
> [2020/03/14 00:37:36.978034, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'winbind'
> [2020/03/14 00:37:36.978092, 5]
> ../../source3/auth/auth.c:51(smb_register_auth)
> Attempting to register auth backend unix
> [2020/03/14 00:37:36.978150, 5]
> ../../source3/auth/auth.c:63(smb_register_auth)
> Successfully added auth method 'unix'
> [2020/03/14 00:37:36.978207, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:36.978267, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:36.978337, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:36.978397, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:36.978457, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:36.978515, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:36.978573, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:36.978631, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:36.987161, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_spnego' registered
> [2020/03/14 00:37:36.987293, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5' registered
> [2020/03/14 00:37:36.987383, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'gssapi_krb5_sasl' registered
> [2020/03/14 00:37:36.987450, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'spnego' registered
> [2020/03/14 00:37:36.987515, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'schannel' registered
> [2020/03/14 00:37:36.987585, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'naclrpc_as_system' registered
> [2020/03/14 00:37:36.987651, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'sasl-EXTERNAL' registered
> [2020/03/14 00:37:36.987715, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp' registered
> [2020/03/14 00:37:36.987778, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'ntlmssp_resume_ccache' registered
> [2020/03/14 00:37:36.987842, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_basic' registered
> [2020/03/14 00:37:36.987910, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_ntlm' registered
> [2020/03/14 00:37:36.987974, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'http_negotiate' registered
> [2020/03/14 00:37:36.988046, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'krb5' registered
> [2020/03/14 00:37:36.988111, 3]
> ../../auth/gensec/gensec_start.c:977(gensec_register)
> GENSEC backend 'fake_gssapi_krb5' registered
> [2020/03/14 00:37:36.988252, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2020/03/14 00:37:36.988380, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC submechanism gse_krb5
> [2020/03/14 00:37:36.991304, 5]
> ../../source3/auth/auth.c:538(make_auth3_context_for_ntlm)
> Making default auth method list for server role = 'domain member'
> [2020/03/14 00:37:36.991448, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match anonymous
> [2020/03/14 00:37:36.991520, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method anonymous has a valid init
> [2020/03/14 00:37:36.991586, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match sam
> [2020/03/14 00:37:36.991670, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam has a valid init
> [2020/03/14 00:37:36.991737, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match winbind
> [2020/03/14 00:37:36.991801, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method winbind has a valid init
> [2020/03/14 00:37:36.991865, 5]
> ../../source3/auth/auth.c:423(load_auth_module)
> load_auth_module: Attempting to find an auth method to match
> sam_ignoredomain
> [2020/03/14 00:37:36.991943, 5]
> ../../source3/auth/auth.c:448(load_auth_module)
> load_auth_module: auth method sam_ignoredomain has a valid init
> [2020/03/14 00:37:36.992076, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC mechanism spnego
> [2020/03/14 00:37:36.992276, 5]
> ../../auth/gensec/gensec_start.c:739(gensec_start_mech)
> Starting GENSEC submechanism gse_krb5
> [2020/03/14 00:37:36.994396, 3]
> ../../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
> Found account name from PAC: Administrator [Rede]
> [2020/03/14 00:37:36.994460, 3]
> ../../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
> Kerberos ticket principal name is [Administrator at EMPRESA.EB.MIL.BR]
> [2020/03/14 00:37:36.994506, 3]
> ../../source3/auth/user_util.c:417(map_username)
> Mapped user EMPRESA\Administrator to root
> [2020/03/14 00:37:36.994563, 3]
> ../../source3/param/loadparm.c:3869(lp_load_ex)
> lp_load_ex: refreshing parameters
> [2020/03/14 00:37:36.994625, 3]
> ../../source3/param/loadparm.c:549(init_globals)
> Initialising global parameters
> [2020/03/14 00:37:36.994704, 3]
> ../../source3/param/loadparm.c:2783(lp_do_section)
> Processing section "[global]"
> [2020/03/14 00:37:36.994915, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Teste]"
> [2020/03/14 00:37:36.994972, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[SCH]"
> [2020/03/14 00:37:36.995012, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Assessoria-1]"
> [2020/03/14 00:37:36.995051, 2]
> ../../source3/param/loadparm.c:2800(lp_do_section)
> Processing section "[Assessoria-2]"
> [2020/03/14 00:37:36.995099, 3]
> ../../source3/param/loadparm.c:1618(lp_add_ipc)
> adding IPC service
> [2020/03/14 00:37:36.995138, 3]
> ../../source3/auth/user_util.c:306(map_username)
> Mapped user EMPRESA\administrator to root
> [2020/03/14 00:37:36.997327, 5]
> ../../source3/passdb/pdb_tdb.c:600(tdbsam_getsampwnam)
> pdb_getsampwnam (TDB): error fetching database.
> Key: USER_root
> [2020/03/14 00:37:36.997881, 3]
> ../../source3/smbd/password.c:140(register_homes_share)
> Adding homes service for user 'root' using home directory:
'/root'
> [2020/03/14 00:37:36.998868, 3] ../../lib/util/access.c:371(allow_access)
> Allowed connection from 192.168.1.134 (192.168.1.134)
> [2020/03/14 00:37:36.998956, 3]
> ../../source3/smbd/service.c:605(make_connection_snum)
> make_connection_snum: Connect path is '/ARQUIVOS/Empresa/Asse2'
for
> service [Assessoria-2]
> [2020/03/14 00:37:36.999009, 3]
> ../../source3/smbd/vfs.c:114(vfs_init_default)
> Initialising default vfs hooks
> [2020/03/14 00:37:36.999047, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [/[Default VFS]/]
> [2020/03/14 00:37:36.999075, 3]
> ../../source3/smbd/vfs.c:140(vfs_init_custom)
> Initialising custom vfs hooks from [acl_xattr]
> [2020/03/14 00:37:37.008396, 3]
> ../../lib/util/modules.c:167(load_module_absolute_path)
> load_module_absolute_path: Module
> '/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
> [2020/03/14 00:37:37.008466, 2]
> ../../source3/modules/vfs_acl_xattr.c:233(connect_acl_xattr)
> connect_acl_xattr: setting 'inherit acls = true' 'dos
filemode = true'
> and 'force unknown acl user = true' for service Assessoria-2
> [2020/03/14 00:37:37.008590, 2]
> ../../source3/smbd/service.c:851(make_connection_snum)
> 192.168.1.134 (ipv4:192.168.1.134:62582) connect to service
> Assessoria-2 initially as user root (uid=0, gid=0) (pid 3066)
> [2020/03/14 00:37:37.010312, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:37.010374, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../../source3/smbd/smb2_getinfo.c:176
> [2020/03/14 00:37:37.010926, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 148.
> [2020/03/14 00:37:37.011812, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 64.
> [2020/03/14 00:37:37.011899, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_BUFFER_TOO_SMALL] | +info| at
> ../../source3/smbd/smb2_getinfo.c:176
> [2020/03/14 00:37:37.012599, 3]
> ../../source3/smbd/nttrans.c:2047(smbd_do_query_security_desc)
> smbd_do_query_security_desc: sd_size = 64.
> [2020/03/14 00:37:37.013502, 3] ../../source3/smbd/dir.c:662(dptr_create)
> creating new dirptr 0 for path ., expect_close = 0
> [2020/03/14 00:37:37.013639, 3]
> ../../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
> smbd_dirptr_get_entry mask=[*] found . fname=. (.)
> [2020/03/14 00:37:37.013772, 3]
> ../../source3/smbd/dir.c:1227(smbd_dirptr_get_entry)
> smbd_dirptr_get_entry mask=[*] found .. fname=.. (..)
> [2020/03/14 00:37:37.013907, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9]
> status[STATUS_NO_MORE_FILES] || at
> ../../source3/smbd/smb2_query_directory.c:159
> [2020/03/14 00:37:37.015551, 2]
> ../../source3/smbd/posix_acls.c:3045(set_canon_ace_list)
> set_canon_ace_list: sys_acl_set_file type file failed for file .
> (Opera??o sem suporte).
> [2020/03/14 00:37:37.015616, 3]
> ../../source3/smbd/posix_acls.c:3130(convert_canon_ace_to_posix_perms)
> convert_canon_ace_to_posix_perms: Too many ACE entries for file . to
> convert to posix perms.
> [2020/03/14 00:37:37.015647, 3]
> ../../source3/smbd/posix_acls.c:3942(set_nt_acl)
> set_nt_acl: failed to convert file acl to posix permissions for file ..
> [2020/03/14 00:37:37.015678, 3]
> ../../source3/smbd/smb2_server.c:3256(smbd_smb2_request_error_ex)
> smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_setinfo.c:136
> [2020/03/14 00:37:57.039693, 2]
> ../../source3/smbd/service.c:1131(close_cnum)
> 192.168.1.134 (ipv4:192.168.1.134:62582) closed connection to service
> Assessoria-2
> [2020/03/14 00:37:57.041289, 3]
> ../../source3/smbd/server_exit.c:244(exit_server_common)
> Server exit (NT_STATUS_END_OF_FILE)
>
>
> Regards,
>
> M?rcio Bacci
>
>
> Em sex., 13 de mar. de 2020 ?s 12:07, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 13/03/2020 14:47, Marcio Demetrio Bacci via samba wrote:
>> > Hi,
>> >
>> > I have a Samba4 File Server on Debian 10
>> >
>> > I am not being able to assign permissions on shares to groups that
>> already
>> > have the Unix attribute set. Groups without the Unix attribute are
>> working
>> > OK.
>> >
>> > My two DC are Samba4 (migrated of the Windows 2008 Server) and my
>> current
>> > File Servers are Windows 2008 Server.
>> >
>> > I followed "Setting up a Share Using Windows ACLs"
tutorial (
>> > https://wiki.samba.org/index.php/Samba_File_Serving) to configure
my
>> new
>> > Server (Samba 4).
>>
>> Lets start by you posting your smb.conf and any error messages.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>