INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 auth_audit: 10 auth_json_audit: 10 kerberos: 10 drs_repl: 10 smb2: 10 smb2_credits: 10 dsdb_audit: 10 dsdb_json_audit: 10 dsdb_password_audit: 10 dsdb_password_json_audit: 10 dsdb_transaction_audit: 10 dsdb_transaction_json_audit: 10 dsdb_group_audit: 10 dsdb_group_json_audit: 10 lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" Processing section "[sysvol]" Processing section "[netlogon]" Processing section "[dfs]" Processing section "[dfsroot]" pm_process() returned Yes ldb_wrap open of secrets.ldb lpcfg_load: refreshing parameters from /etc/samba/smb.conf Processing section "[global]" Processing section "[sysvol]" Processing section "[netlogon]" Processing section "[dfs]" Processing section "[dfsroot]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered finddcs: searching for a DC by DNS domain AD2.DOMAIN.EU finddcs: looking for SRV records for _ldap._tcp.AD2.DOMAIN.EU dns_lookup_send_next: Sending DNS request #0 to 127.0.0.53 dns_cli_request_send: Asking 127.0.0.53 for _ldap._tcp.AD2.DOMAIN.EU./1/33 via UDP [0000] 73 04 01 00 00 01 00 00 00 00 00 00 05 5F 6C 64 s....... ....._ld [0010] 61 70 04 5F 74 63 70 03 41 44 32 0A 45 52 49 43 ap._tcp. AD2.ERIC [0020] 4E 47 55 59 45 4E 02 45 55 00 00 21 00 01 NGUYEN.E U..!.. dns_lookup_send_next: cancelling wait_subreq [0000] 73 04 81 80 00 01 00 01 00 00 00 00 05 5F 6C 64 s....... ....._ld [0010] 61 70 04 5F 74 63 70 03 41 44 32 0A 45 52 49 43 ap._tcp. AD2.ERIC [0020] 4E 47 55 59 45 4E 02 45 55 00 00 21 00 01 C0 0C NGUYEN.E U..!.... [0030] 00 21 00 01 00 00 03 84 00 25 00 00 00 64 01 85 .!...... .%...d.. [0040] 0B 74 72 69 73 74 73 6E 70 61 34 33 03 61 64 32 .tristsn pa43.ad2 [0050] 0A 65 72 69 63 6E 67 75 79 65 6E 02 65 75 00 .ericngu yen.eu. dns_cli_request_udp_done: Got op=8180 1/1/0/0 recs finddcs: DNS SRV response 0 at '10.10.20.43' finddcs: performing CLDAP query on 10.10.20.43 &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fd (5117) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : f85b1039-80a5-483a-93eb-5f0f382066ab forest : 'ad2.DOMAIN.eu' dns_domain : 'ad2.DOMAIN.eu' pdc_dns_name : 'tristsnpa43.ad2.DOMAIN.eu' domain_name : 'AD2DOMAIN' pdc_name : 'TRISTSNPA43' user_name : '' server_site : 'TRISTSNP' client_site : 'TRISTSNP' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) finddcs: Found matching DC 10.10.20.43 with server_type=0x000013fd lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[global]" doing parameter apply group policies = Yes doing parameter bind interfaces only = Yes doing parameter disable netbios = Yes doing parameter disable spoolss = Yes doing parameter dns zone transfer clients allow = 127.0.0.1 10.10.20.9 doing parameter domain master = Yes doing parameter gpo update command = /usr/sbin/samba-gpupdate -d10 doing parameter interfaces = lo vlan20 doing parameter kerberos encryption types = strong doing parameter ldap server require strong auth = Yes doing parameter lock directory = /var/cache/samba doing parameter logging = syslog@3 file@3 doing parameter name resolve order = host lmhosts wins bcast doing parameter netbios name = TRISTSNPA43 doing parameter ntlm auth = mschapv2-and-ntlmv2-only doing parameter password hash userPassword schemes = CryptSHA256 CryptSHA512 doing parameter printcap name = /dev/null doing parameter realm = AD2.DOMAIN.EU doing parameter restrict anonymous = 2 doing parameter server role = active directory domain controller doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate doing parameter smb ports = 445 doing parameter template homedir = /home/%D/%U doing parameter template shell = /bin/bash doing parameter tls cafile = tls/ca.pem doing parameter tls certfile = tls/cert.pem doing parameter tls enabled = Yes doing parameter tls keyfile = tls/key.pem doing parameter tls priority = NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 doing parameter winbind enum groups = Yes doing parameter winbind enum users = Yes doing parameter winbind offline logon = Yes doing parameter winbind refresh tickets = Yes doing parameter winbind rpc only = Yes doing parameter workgroup = AD2DOMAIN doing parameter idmap_ldb:use rfc2307 = no doing parameter acl:search = true doing parameter map acl inherit = Yes pm_process() returned Yes lp_servicenumber: couldn't find homes Opening cache file at /var/cache/samba/gencache.tdb sitename_fetch: Returning sitename for realm 'AD2.DOMAIN.EU': "TRISTSNP" internal_resolve_name: looking up tristsnpa43.ad2.DOMAIN.eu#20 (sitename TRISTSNP) namecache_fetch: name tristsnpa43.ad2.DOMAIN.eu#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 10.10.20.43 (realm: AD2.DOMAIN.EU) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fd (5117) 1: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : f85b1039-80a5-483a-93eb-5f0f382066ab forest : 'ad2.DOMAIN.eu' dns_domain : 'ad2.DOMAIN.eu' pdc_dns_name : 'tristsnpa43.ad2.DOMAIN.eu' domain_name : 'AD2DOMAIN' pdc_name : 'TRISTSNPA43' user_name : '' server_site : 'TRISTSNP' client_site : 'TRISTSNP' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [AD2DOMAIN], sitename = [TRISTSNP], expire = [2085923199] gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/AD2DOMAIN] and timeout=[Wed Dec 31 23:59:59 -2147481749 UTC] (67768034535610639 seconds ahead) sitename_store: realm = [ad2.DOMAIN.eu], sitename = [TRISTSNP], expire = [2085923199] gencache_set_data_blob: Adding cache entry with key=[AD_SITENAME/DOMAIN/AD2.DOMAIN.EU] and timeout=[Wed Dec 31 23:59:59 -2147481749 UTC] (67768034535610639 seconds ahead) Successfully contacted LDAP server 10.10.20.43 Opening connection to LDAP server 'tristsnpa43.ad2.DOMAIN.eu:389', timeout 15 seconds Connecting to 10.10.20.43 at port 389 Initialized connection for LDAP server 'ldap://tristsnpa43.ad2.DOMAIN.eu:389' Connected to LDAP server tristsnpa43.ad2.DOMAIN.eu ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [AD2DOMAIN], server = [tristsnpa43.ad2.DOMAIN.eu], expire = [1656067060] gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/AD2DOMAIN] and timeout=[Fri Jun 24 10:37:40 2022 UTC] (900 seconds ahead) saf_store: domain = [AD2.DOMAIN.EU], server = [tristsnpa43.ad2.DOMAIN.eu], expire = [1656067060] gencache_set_data_blob: Adding cache entry with key=[SAF/DOMAIN/AD2.DOMAIN.EU] and timeout=[Fri Jun 24 10:37:40 2022 UTC] (900 seconds ahead) KDC time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 kerberos_kinit_password_ext: as TRISTSNPA43$@AD2.DOMAIN.EU using [FILE:/tmp/krb5cc_0] as ccache and config [(null)] kerberos_kinit_password_ext: TRISTSNPA43$@AD2.DOMAIN.EU mapped to TRISTSNPA43$@AD2.DOMAIN.EU Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gensec_update_send: gse_krb5[0x55d6bc9df6d0]: subreq: 0x55d6bc9db3a0 gensec_update_send: spnego[0x55d6bc9c3500]: subreq: 0x55d6bc9df2c0 gensec_update_done: gse_krb5[0x55d6bc9df6d0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55d6bc9db3a0/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x55d6bc9db560)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:859] gensec_update_done: spnego[0x55d6bc9c3500]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55d6bc9df2c0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55d6bc9df480)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] gensec_update_send: gse_krb5[0x55d6bc9df6d0]: subreq: 0x55d6bc9db3a0 gensec_update_send: spnego[0x55d6bc9c3500]: subreq: 0x55d6bc9df2c0 gensec_update_done: gse_krb5[0x55d6bc9df6d0]: NT_STATUS_OK tevent_req[0x55d6bc9db3a0/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x55d6bc9db560)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:866] gensec_update_done: spnego[0x55d6bc9c3500]: NT_STATUS_OK tevent_req[0x55d6bc9df2c0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55d6bc9df480)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] Search for (objectclass=*) in gave 1 replies ads_pull_sids: pulling SID: S-1-5-21-4081981426-3436066561-3860847288-516 ads_pull_sids: pulling SID: S-1-5-21-4081981426-3436066561-3860847288-572 ads_get_tokensids: returned 4 sids Create local NT token for S-1-5-21-4081981426-3436066561-3860847288-1000 Parsing value for key [IDMAP/SID2XID/S-1-5-21-4081981426-3436066561-3860847288-1000]: value=[3000016:B] Parsing value for key [IDMAP/SID2XID/S-1-5-21-4081981426-3436066561-3860847288-1000]: id=[3000016], endptr=[:B] sid S-1-5-21-4081981426-3436066561-3860847288-1000 -> uid 3000016 sys_getgrouplist: user [AD2DOMAIN\tristsnpa43$] xid_to_sid: GID 100 -> S-1-5-21-4081981426-3436066561-3860847288-513 from cache Attempting to register passdb backend smbpasswd Successfully added passdb backend 'smbpasswd' Attempting to register passdb backend tdbsam Successfully added passdb backend 'tdbsam' Attempting to register passdb backend samba_dsdb Successfully added passdb backend 'samba_dsdb' Attempting to register passdb backend samba4 Successfully added passdb backend 'samba4' Attempting to register passdb backend ldapsam Successfully added passdb backend 'ldapsam' Attempting to register passdb backend NDS_ldapsam Successfully added passdb backend 'NDS_ldapsam' Attempting to find a passdb backend to match samba_dsdb (samba_dsdb) Found pdb backend samba_dsdb Security token SIDs (1): SID[ 0]: S-1-5-18 Privileges (0xFFFFFFFFFFFFFFFF): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): Initial schema load needed, as we have no existing schema, seq_num: 6 schema_fsmo_init: we are master[yes] updates allowed[no] ldb_wrap open of idmap.ldb pdb backend samba_dsdb has a valid init get_privileges: No privileges assigned to SID [S-1-5-21-4081981426-3436066561-3860847288-1000] get_privileges: No privileges assigned to SID [S-1-5-21-4081981426-3436066561-3860847288-516] get_privileges: No privileges assigned to SID [S-1-5-21-4081981426-3436066561-3860847288-572] get_privileges: No privileges assigned to SID [S-1-5-21-4081981426-3436066561-3860847288-513] get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 get_privileges: No privileges assigned to SID [S-1-5-2] get_privileges: No privileges assigned to SID [S-1-5-11] get_privileges: No privileges assigned to SID [S-1-5-32-545] get_privileges: No privileges assigned to SID [S-1-5-32-554] Security token SIDs (9): SID[ 0]: S-1-5-21-4081981426-3436066561-3860847288-1000 SID[ 1]: S-1-5-21-4081981426-3436066561-3860847288-516 SID[ 2]: S-1-5-21-4081981426-3436066561-3860847288-572 SID[ 3]: S-1-5-21-4081981426-3436066561-3860847288-513 SID[ 4]: S-1-1-0 SID[ 5]: S-1-5-2 SID[ 6]: S-1-5-11 SID[ 7]: S-1-5-32-545 SID[ 8]: S-1-5-32-554 Privileges (0x 0): Rights (0x 0): ads_get_gpo_list: getting GPO list for [CN=TRISTSNPA43,OU=Linux,OU=AOA,OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu] ads_get_gpo_list: query OU: [OU=Linux,OU=AOA,OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu] for GPOs gpo_parse_gplink: gPLink: [LDAP://CN={1445968E-23F9-4D5B-8B7C-4D42B68D26BC},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu;0] gpo_parse_gplink: processing link #0 gpo_parse_gplink: link: LDAP://CN={1445968E-23F9-4D5B-8B7C-4D42B68D26BC},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu gpo_parse_gplink: opt: 0 Search for (objectclass=*) in gave 1 replies gpo_sd_check_ace_allowed_object: Access granted as of ace for S-1-5-11 add_gplink_to_gplist: added GPLINK #0 LDAP://CN={1445968E-23F9-4D5B-8B7C-4D42B68D26BC},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu to GPO list ads_get_gpo_list: query OU: [OU=AOA,OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu] for GPOs ads_get_gpo_link: no 'gPLink' attribute found ads_get_gpo_list: query OU: [OU=Domain Controllers,DC=ad2,DC=DOMAIN,DC=eu] for GPOs ads_get_gpo_link: no 'gPLink' attribute found ads_get_gpo_list: query DC: [DC=ad2,DC=DOMAIN,DC=eu] for GPOs ads_get_gpo_link: no 'gPOptions' attribute found gpo_parse_gplink: gPLink: [LDAP://CN={72498053-0691-419F-B60A-BD15DCE34E45},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu;0] gpo_parse_gplink: processing link #0 gpo_parse_gplink: link: LDAP://CN={72498053-0691-419F-B60A-BD15DCE34E45},CN=Policies,CN=System,DC=ad2,DC=DOMAIN,DC=eu gpo_parse_gplink: opt: 0 skipping nonenforced GPO link because GPOPTIONS_BLOCK_INHERITANCE has been set ads_get_gpo_list: query SITE: [CN=TRISTSNP,CN=Sites,CN=Configuration,DC=ad2,DC=DOMAIN,DC=eu] for GPOs ads_get_gpo_link: no 'gPLink' attribute found lp_load_ex: refreshing parameters Freeing parametrics: Processing section "[global]" doing parameter apply group policies = Yes doing parameter bind interfaces only = Yes doing parameter disable netbios = Yes doing parameter disable spoolss = Yes doing parameter dns zone transfer clients allow = 127.0.0.1 10.10.20.9 doing parameter domain master = Yes doing parameter gpo update command = /usr/sbin/samba-gpupdate -d10 doing parameter interfaces = lo vlan20 doing parameter kerberos encryption types = strong doing parameter ldap server require strong auth = Yes doing parameter lock directory = /var/cache/samba doing parameter logging = syslog@3 file@3 doing parameter name resolve order = host lmhosts wins bcast doing parameter netbios name = TRISTSNPA43 doing parameter ntlm auth = mschapv2-and-ntlmv2-only doing parameter password hash userPassword schemes = CryptSHA256 CryptSHA512 doing parameter printcap name = /dev/null doing parameter realm = AD2.DOMAIN.EU doing parameter restrict anonymous = 2 doing parameter server role = active directory domain controller doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate doing parameter smb ports = 445 doing parameter template homedir = /home/%D/%U doing parameter template shell = /bin/bash doing parameter tls cafile = tls/ca.pem doing parameter tls certfile = tls/cert.pem doing parameter tls enabled = Yes doing parameter tls keyfile = tls/key.pem doing parameter tls priority = NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1 doing parameter winbind enum groups = Yes doing parameter winbind enum users = Yes doing parameter winbind offline logon = Yes doing parameter winbind refresh tickets = Yes doing parameter winbind rpc only = Yes doing parameter workgroup = AD2DOMAIN doing parameter idmap_ldb:use rfc2307 = no doing parameter acl:search = true doing parameter map acl inherit = Yes Processing section "[sysvol]" add_a_service: Creating snum = 0 for sysvol hash_a_service: creating servicehash hash_a_service: hashing index 0 for service name sysvol doing parameter path = /var/lib/samba/sysvol doing parameter read only = No Processing section "[netlogon]" add_a_service: Creating snum = 1 for netlogon hash_a_service: hashing index 1 for service name netlogon doing parameter path = /var/lib/samba/sysvol/ad2.DOMAIN.eu/scripts doing parameter read only = No Processing section "[dfs]" add_a_service: Creating snum = 2 for dfs hash_a_service: hashing index 2 for service name dfs doing parameter comment = DFS Proxy Share doing parameter msdfs proxy = \tristsnpa43.ad2.DOMAIN.eu\dfsroot doing parameter read only = No doing parameter msdfs root = Yes doing parameter vfs objects = dfs_samba4 acl_xattr recycle doing parameter browsable = Yes Processing section "[dfsroot]" add_a_service: Creating snum = 3 for dfsroot hash_a_service: hashing index 3 for service name dfsroot doing parameter comment = DFS Root Share doing parameter path = /var/lib/samba/dfsroot doing parameter read only = No doing parameter msdfs root = Yes doing parameter vfs objects = dfs_samba4 acl_xattr recycle doing parameter browsable = No pm_process() returned Yes lp_servicenumber: couldn't find homes sitename_fetch: Returning sitename for realm 'AD2.DOMAIN.EU': "TRISTSNP" internal_resolve_name: looking up tristsnpa43.ad2.DOMAIN.eu#20 (sitename TRISTSNP) namecache_fetch: name tristsnpa43.ad2.DOMAIN.eu#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 10.10.20.43 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=2626560, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 cli_session_creds_prepare_krb5: Doing kinit for TRISTSNPA43$@AD2.DOMAIN.EU to access tristsnpa43.ad2.DOMAIN.eu kerberos_kinit_password_ext: as TRISTSNPA43$@AD2.DOMAIN.EU using [MEMORY:cliconnect] as ccache and config [(null)] kerberos_kinit_password_ext: TRISTSNPA43$@AD2.DOMAIN.EU mapped to TRISTSNPA43$@AD2.DOMAIN.EU cli_session_creds_prepare_krb5: Successfully authenticated as TRISTSNPA43$@AD2.DOMAIN.EU (TRISTSNPA43$@AD2.DOMAIN.EU) to access tristsnpa43.ad2.DOMAIN.eu using Kerberos cli_session_setup_spnego_send: Connect to tristsnpa43.ad2.DOMAIN.eu as TRISTSNPA43$@AD2.DOMAIN.EU using SPNEGO Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 gensec_update_send: gse_krb5[0x55d6bdc542b0]: subreq: 0x55d6bd0146f0 gensec_update_send: spnego[0x55d6bd741490]: subreq: 0x55d6bc9e87f0 gensec_update_done: gse_krb5[0x55d6bdc542b0]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55d6bd0146f0/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x55d6bd0148b0)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:859] gensec_update_done: spnego[0x55d6bd741490]: NT_STATUS_MORE_PROCESSING_REQUIRED tevent_req[0x55d6bc9e87f0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55d6bc9e89b0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] gensec_update_send: gse_krb5[0x55d6bdc542b0]: subreq: 0x55d6bcb52440 gensec_update_send: spnego[0x55d6bd741490]: subreq: 0x55d6bc9e87f0 gensec_update_done: gse_krb5[0x55d6bdc542b0]: NT_STATUS_OK tevent_req[0x55d6bcb52440/../../source3/librpc/crypto/gse.c:848]: state[2] error[0 (0x0)] state[struct gensec_gse_update_state (0x55d6bcb52600)] timer[(nil)] finish[../../source3/librpc/crypto/gse.c:866] gensec_update_done: spnego[0x55d6bd741490]: NT_STATUS_OK tevent_req[0x55d6bc9e87f0/../../auth/gensec/spnego.c:1631]: state[2] error[0 (0x0)] state[struct gensec_spnego_update_state (0x55d6bc9e89b0)] timer[(nil)] finish[../../auth/gensec/spnego.c:2116] signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) signed SMB2 message (sign_algo_id=2) Initial schema load needed, as we have no existing schema, seq_num: 6 schema_fsmo_init: we are master[yes] updates allowed[no] parse_gpt_ini: no name in /var/cache/samba/gpo_cache/AD2.DOMAIN.EU/POLICIES/{1445968E-23F9-4D5B-8B7C-4D42B68D26BC}/GPT.INI