thr3ads.net - samba - [Samba] RODC in remote Site [Feb 2021]

If this information is useful, please help other people find it:
Share via:

cn at brain-biotech.de

2021-Feb-16 06:35 UTC

[Samba] RODC in remote Site

Thanks Andrew for looking at this.

Am 15.02.21 um 21:42 schrieb Andrew Bartlett via samba:> 
> I would turn up the logs on the DC and see why it objects.
on the DC that is contacted I see this:

Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16 
06:45:45.904935,  1] 
../../source3/smbd/service.c:355(create_connection_session_info)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: 
create_connection_session_info: guest user (from session setup) not 
permitted to access this share (IPC$)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16 
06:45:45.904978,  1] ../../source3/smbd/service.c:544(make_connection_snum)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: 
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED


GUEST Access??


And here with loglevel 5:

Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Allowed connection from 
10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.143398,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144075,  3] ../../source3/smbd/oplock.c:1427(init_oplocks)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   init_oplocks: 
initializing messages.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144103,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 774 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144117,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 778 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144141,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 770 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144158,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 801 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144187,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 787 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144213,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 779 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144236,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144255,  5] ../../source3/lib/messages.c:740(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Overriding messaging 
pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144273,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging 
pointer for type 16 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144298,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 16 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144312,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging 
pointer for type 33 - private_data=0x55e1c3a5b150
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144326,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 33 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144339,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging 
pointer for type 790 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144355,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 790 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144369,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging 
pointer for type 791 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144382,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging 
pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.144395,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging 
pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164146,  3] ../../source3/smbd/process.c:1957(process_smb)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Transaction 0 of length 
242 (0 toread)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164212,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164253,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164266,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164294,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: 
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164321,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : 
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164336,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : 
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164347,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164357,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164367,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164409,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - 
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164431,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164684,  3] 
../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Selected protocol SMB3_11
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164723,  5] 
../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Making default auth 
method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164738,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend anonymous
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164753,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'anonymous'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164764,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend sam
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164777,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'sam'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164790,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend sam_ignoredomain
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164801,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'sam_ignoredomain'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164816,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend sam_netlogon3
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164826,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'sam_netlogon3'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164837,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend winbind
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164849,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'winbind'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164860,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend unix
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164870,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'unix'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164882,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register 
auth backend samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164893,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth 
method 'samba4'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.164903,  5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: 
Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166002,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'gssapi_spnego' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166023,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166037,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'gssapi_krb5_sasl' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166049,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'spnego'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166063,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'schannel' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166073,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'naclrpc_as_system' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166084,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'sasl-EXTERNAL' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166095,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'ntlmssp' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166105,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'ntlmssp_resume_ccache' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166116,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'http_basic' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166129,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'http_ntlm' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166140,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'http_negotiate' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166151,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'krb5' 
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166162,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 
'fake_gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166173,  5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: auth 
method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.166630,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   ldb_wrap open of 
secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167003,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'sam' 
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167030,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 
'sam_ignoredomain' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167044,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 
'anonymous' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167055,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'winbind' 
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167066,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 
'name_to_ntstatus' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.167076,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'unix' 
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.168554,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC 
mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.168714,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC 
submechanism gssapi_krb5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170373,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170406,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170418,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170440,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: 
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170463,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170537,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170567,  5] 
../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Making default auth 
method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170584,  5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: 
Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170600,  5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: auth 
method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.170997,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   ldb_wrap open of 
secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172360,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC 
mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172388,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172410,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172424,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : 
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172436,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : 
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172447,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172458,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172468,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172544,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC 
submechanism ntlmssp
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172574,  3] 
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP 
neg_flags=0x62088215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172690,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - 
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172732,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : 
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172747,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : 
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172758,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172768,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172781,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.172804,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - 
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173628,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173683,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173725,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173737,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173750,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173771,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: 
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173786,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173801,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173814,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : 
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173826,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : 
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173837,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173848,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173858,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173885,  3] 
../../auth/ntlmssp/ntlmssp_server.c:513(ntlmssp_server_preauth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got user=[] domain=[] 
workstation=[] len1=0 len2=0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173898,  3] 
../../source4/auth/ntlm/auth.c:243(auth_check_password_send)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
auth_check_password_send: Checking password for unmapped user []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
auth_check_password_send: user is: []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173923,  5] ../../source4/auth/ntlm/auth.c:70(auth_get_challenge)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   auth_get_challenge: 
returning previous challenge by module random (normal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173934,  5] ../../lib/util/util.c:722(dump_data)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   [0000] A0 84 59 89 C9 
C6 50 84                             ..Y...P.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173957,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - 
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.173978,  5] 
../../source4/auth/ntlm/auth.c:493(auth_check_password_recv)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
auth_check_password_recv: anonymous authentication for user [NT 
AUTHORITY\ANONYMOUS LOGON] succeeded
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174003,  5] 
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Auth: [SMB2,NTLMSSP] 
user []\[] at [Tue, 16 Feb 2021 06:48:32.173997 CET] with [No-Password] 
status [NT_STATUS_OK] workstation [] remote host [ipv4:10.1.0.77:52026] 
became [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7]. local host 
[ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   {"timestamp": 
"2021-02-16T06:48:32.174065+0100", "type":
"Authentication",
"Authentication": {"version": {"major": 1,
"minor": 2}, "eventId": 4624,
"logonId": "0", "logonType": 3,
"status": "NT_STATUS_OK",
"localAddress": "ipv4:192.168.0.106:445",
"remoteAddress":
"ipv4:10.1.0.77:52026", "serviceDescription":
"SMB2", "authDescription":
"NTLMSSP", "clientDomain": "",
"clientAccount": "", "workstation": "",
"becameAccount": "ANONYMOUS LOGON",
"becameDomain": "NT AUTHORITY",
"becameSid": "S-1-5-7", "mappedAccount":
"", "mappedDomain": "",
"netlogonComputer": null, "netlogonTrustAccount": null, 
"netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null, "passwordType":
"No-Password",
"duration": 2927}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174122,  3] 
../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - 
Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174136,  3] 
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP 
neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174181,  5] 
../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - 
using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174201,  3] 
../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - 
Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174213,  3] 
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP 
neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174254,  5] 
../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - 
using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174269,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : 
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174281,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : 
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174291,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174301,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174311,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174334,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - 
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16 
06:48:32.174475,  3] 
../../source3/winbindd/winbindd_misc.c:432(winbindd_interface_version)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: 
winbindd_interface_version: [nss_winbind (971786)]: request interface 
version (version = 31)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16 
06:48:32.174555,  3] 
../../source3/winbindd/winbindd_sids_to_xids.c:50(winbindd_sids_to_xids_send)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]:   sids_to_xids
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174608,  5] 
../../source4/auth/unix_token.c:131(security_token_to_unix_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully converted 
security token to a unix token:Security token SIDs (4):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  0]: S-1-5-7
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  1]: S-1-1-0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  2]: S-1-5-2
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  3]: S-1-5-64-10
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:    Privileges (0x 
        0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:    Rights (0x 
    0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174680,  5] 
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successful AuthZ: 
[SMB2,NTLMSSP] user [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7] at [Tue, 
16 Feb 2021 06:48:32.174662 CET] Remote host [ipv4:10.1.0.77:52026] 
local host [ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   {"timestamp": 
"2021-02-16T06:48:32.174712+0100", "type":
"Authorization",
"Authorization": {"version": {"major": 1,
"minor": 1}, "localAddress":
"ipv4:192.168.0.106:445", "remoteAddress":
"ipv4:10.1.0.77:52026",
"serviceDescription": "SMB2", "authType":
"NTLMSSP", "domain": "NT
AUTHORITY", "account": "ANONYMOUS LOGON",
"sid": "S-1-5-7", "sessionId":
"8ee53b36-dea5-4ac4-9b5c-15a6a3c58519", "logonServer":
"DC4",
"transportProtection": "SMB", "accountFlags":
"0x00000010"}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.174774,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.175034,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.175084,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.177955,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178000,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178016,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178030,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178041,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and 
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178061,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: 
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178089,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178128,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178150,  3] ../../lib/util/access.c:371(allow_access)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Allowed connection from 
10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178164,  1] 
../../source3/smbd/service.c:355(create_connection_session_info)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
create_connection_session_info: guest user (from session setup) not 
permitted to access this share (IPC$)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178175,  1] ../../source3/smbd/service.c:544(make_connection_snum)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178192,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: 
check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178208,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
dbwrap_lock_order_unlock: release lock order 1 for 
/var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.178221,  3] 
../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_tcon.c:151
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.179379,  3] 
../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: 
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_NETWORK_NAME_DELETED] || at 
../../source3/smbd/smb2_server.c:3147
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.180041,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) 
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.180067,  5] 
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 
06:48:32.180079,  5] 
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0


Anyone can make some sence out of this?

Regards

-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

Andrew Bartlett

2021-Feb-16 07:11 UTC

head link

[Samba] RODC in remote Site

On Tue, 2021-02-16 at 07:35 +0100, cn--- via samba
wrote:> Thanks Andrew for looking at this.
> 
> Am 15.02.21 um 21:42 schrieb Andrew Bartlett via samba:
> > I would turn up the logs on the DC and see why it objects.
> 
> on the DC that is contacted I see this:
> 
> Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16 
> 06:45:45.904935,  1] 
> ../../source3/smbd/service.c:355(create_connection_session_info)
> Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: 
> create_connection_session_info: guest user (from session setup) not 
> permitted to access this share (IPC$)
> Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16 
> 06:45:45.904978,  1]
> ../../source3/smbd/service.c:544(make_connection_snum)
> Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: 
> create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
> 
> 
> GUEST Access??
It will be the 'restrict anonymous = 2' on the DC I suppose.  I
don't
know why winbindd on the RODC isn't authenticating the SMB layer of the
connection, and I suppose that makes it a bug (we are almost certainly
authenticating the next layer in, the NETLOGON pipe with schannel), but
if that fixes it at least we know what is going on.

My guess is that we are not NTLMSSP/kerberos authenticating the SMB the
netlogon pipe is on because we used to use this to bootstrap
authentication of the other pipes (also with schannel) before MS broke
that (fixed a security bug actually...).

Anyway, try that and use the information to file a bug.

Another of the many features I would love to see implemented in samba
is an audit of things like IPC$ access and matching it with current
Windows, and then work out what we can secure further anyway.  It is
silly that in 2020 guest access is both needed and default.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions

samba - Feb 2021 - RODC in remote Site

[Samba] RODC in remote Site

[Samba] RODC in remote Site