[Samba-it] Samba-LDAP, account Administrator e join al dominio
Luigi Iotti
luigi at iotti.biz
Mon Dec 27 08:46:01 MST 2004
Salve a tutti, sto facendo un PDC con backend LDAP. Seguo la traccia citata
nel Samba-3 by example, cap. 6., su Fedora Core 3 con Samba 3.0.10.
Dopo avere usato smbldap-populate, il documento citato mi consiglia di
verificare che Administrator abbia uid=0. In effetti è smbldap-populate l'ha
creato già così, con gid=512 che è poi quello dei Domain Admins. A me non
piace molto avere degli alias di root, specie in LDAP. Preferivo "root =
administrator" nella username map. Ma è un'opinione personale che posso
superare. La domanda è questa: è necessario e sufficiente che l'utente
administrator abbia uid=0? Sicuramente la cosa è già stata discussa in
passato, ma cercando sulla rete trovo chi sugerisce che non importa l'uid,
basta che appartenza al gruppo dei Domain Admins; altri che dicono che deve
avere il sambaSid con RID pari a 1000.. Insomma c'è confusione. Ovviamente
rimandi a documentazione già testata quindi affidabile sono benvenuti.
Il secondo problema, probabilmente legato al primo, è che l'howto mi
suggerisce poi di fare sul PDC stesso il join al dominio gestito da lui
medesimo, il che si risolve nell'errore:
# net rpc join -UAdministrator%asdf
Create of workstation account failed
Unable to join domain DOMINIO.
Inutile dire che la password è corretta.
Cose notate:
Il workstation account viene creato, suppongo correttamente, nella OU
Computers.
Nel debug, si vede invece che l'autenticazione fallisce.
Qualche idea su cosa può causare il problema?
Qui sotto includo un po' di debug e la cfg corrente:
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[print$]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = DOMINIO
server string = Samba Server
passdb backend = ldapsam:ldap://localhost
log level = 3
log file = /var/log/samba/%m.log
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
show add printer wizard = No
add user script = /usr/local/sbin/smbldap-useradd -a -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel '%u'
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%g'
'%u'
add machine script = /usr/local/sbin/smbldap-useradd -w '%u'
logon script = scripts\logon.bat
logon path = \\%L\Profiles\%U
logon drive = X:
domain logons = Yes
preferred master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=ldapmin,dc=dominio,dc=it
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=dominio,dc=it
ldap user suffix = ou=Users
idmap backend = ldap:ldap://localhost
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
printer admin = Administrator, chrisr
map acl inherit = Yes
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
share modes = No
[Profiles]
path = /home/profiles
guest ok = Yes
profile acls = Yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = Administrator, chrisr
# net -d 3 rpc join -UAdministrator%asdf
[2004/12/26 22:54:45, 3] param/loadparm.c:lp_load(3911)
lp_load: refreshing parameters
[2004/12/26 22:54:45, 3] param/loadparm.c:init_globals(1312)
Initialising global parameters
[2004/12/26 22:54:45, 3] param/params.c:pm_process(566)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2004/12/26 22:54:45, 3] param/loadparm.c:do_section(3404)
Processing section "[global]"
[2004/12/26 22:54:45, 2] lib/interface.c:add_interface(79)
added interface ip=192.168.1.100 bcast=192.168.1.255 nmask=255.255.255.0
[2004/12/26 22:54:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
Connecting to host=LINUX
[2004/12/26 22:54:45, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.1.100 at port 445
[2004/12/26 22:54:45, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2004/12/26 22:54:45, 3] libsmb/trusts_util.c:just_change_the_password(43)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2004/12/26 22:54:45, 1] utils/net_rpc.c:run_rpc_command(142)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2004/12/26 22:54:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
Connecting to host=LINUX
[2004/12/26 22:54:45, 3] lib/util_sock.c:open_socket_out(752)
Connecting to 192.168.1.100 at port 445
[2004/12/26 22:54:45, 3] libsmb/cliconnect.c:cli_session_setup_spnego(713)
Doing spnego session setup (blob length=58)
[2004/12/26 22:54:45, 3] libsmb/cliconnect.c:cli_session_setup_spnego(738)
got OID=1 3 6 1 4 1 311 2 2 10
[2004/12/26 22:54:45, 3] libsmb/cliconnect.c:cli_session_setup_spnego(745)
got principal=NONE
[2004/12/26 22:54:45, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(878)
Got challenge flags:
[2004/12/26 22:54:45, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60890215
[2004/12/26 22:54:45, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(900)
NTLMSSP: Set final flags:
[2004/12/26 22:54:45, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2004/12/26 22:54:45, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
NTLMSSP Sign/Seal - Initialising with flags:
[2004/12/26 22:54:45, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60080215
[2004/12/26 22:54:45, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
lsa_io_sec_qos: length c does not match size 8
Create of workstation account failed
Unable to join domain DOMINIO.
[2004/12/26 22:54:45, 2] utils/net.c:main(859)
return code = 1
# cat 192.168.1.100.log
[2004/12/26 22:55:03, 3] smbd/oplock.c:init_oplocks(1302)
open_oplock_ipc: opening loopback UDP socket.
[2004/12/26 22:55:03, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303)
Linux kernel oplocks enabled
[2004/12/26 22:55:03, 3] smbd/oplock.c:init_oplocks(1333)
open_oplock ipc: pid = 4480, global_oplock_port = 32779
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 0 of length 183
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBnegprot (pid 4480) conn 0x0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [MICROSOFT NETWORKS 1.03]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [MICROSOFT NETWORKS 3.0]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LANMAN1.0]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [LM1.2X002]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [DOS LANMAN2.1]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(461)
Requested protocol [Samba]
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(549)
Selected protocol NT LANMAN 1.0
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 1 of length 92
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBsesssetupX (pid 4480) conn 0x0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
wct=13 flg2=0xc801
[2004/12/26 22:55:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789)
Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2004/12/26 22:55:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804)
sesssetupX:name=[]\[]@[192.168.1.100]
[2004/12/26 22:55:03, 3] smbd/sesssetup.c:check_guest_password(116)
Got anonymous request
[2004/12/26 22:55:03, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user []\[]@[] with
the new password interface
[2004/12/26 22:55:03, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: []\[]@[]
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/uid.c:push_conn_ctx(365)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: guest authentication for user [] succeeded
[2004/12/26 22:55:03, 3] smbd/password.c:register_vuid(222)
User name: nobody Real name: nobody
[2004/12/26 22:55:03, 3] smbd/password.c:register_vuid(241)
UNIX uid 99 is UNIX user nobody, and will be vuid 100
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 2 of length 78
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 4480) conn 0x0
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/service.c:make_connection_snum(472)
Connect path is '/tmp' for service [IPC$]
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-501
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-514
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-1199
[2004/12/26 22:55:03, 3] smbd/vfs.c:vfs_init_default(203)
Initialising default vfs hooks
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-501
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-514
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-1199
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/service.c:make_connection_snum(648)
192.168.1.100 (192.168.1.100) connect to service IPC$ initially as user
nobody (uid=99, gid=99) (pid 4480)
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/reply.c:reply_tcon_and_X(456)
tconX service=IPC$
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 104
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBntcreateX (pid 4480) conn 0x80c0190
[2004/12/26 22:55:03, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (99, 99) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:03, 3] smbd/nttrans.c:nt_open_pipe(514)
nt_open_pipe: Known pipe lsarpc opening.
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 4 of length 158
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 4480) conn 0x80c0190
[2004/12/26 22:55:03, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=72 params=0 setup=2
[2004/12/26 22:55:03, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2004/12/26 22:55:03, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 72b7)
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\lsarpc -> \PIPE\lsass
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\lsarpc
[2004/12/26 22:55:03, 3] smbd/process.c:process_smb(1091)
Transaction 5 of length 146
[2004/12/26 22:55:03, 3] smbd/process.c:switch_message(886)
switch message SMBtrans (pid 4480) conn 0x80c0190
[2004/12/26 22:55:03, 3] smbd/ipc.c:reply_trans(538)
trans <\PIPE\> data=60 params=0 setup=2
[2004/12/26 22:55:03, 3] smbd/ipc.c:named_pipe(334)
named pipe command on <> name
[2004/12/26 22:55:03, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "lsarpc" (pnum 72b7)
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: LSA_OPENPOLICY
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:03, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-501
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-514
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-32-546
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-1199
...
[2004/12/26 22:55:03, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 72b8)
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:api_pipe_bind_req(887)
api_pipe_bind_req: \PIPE\NETLOGON -> \PIPE\lsass
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:check_bind_req(762)
check_bind_req for \PIPE\NETLOGON
...
[2004/12/26 22:55:03, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 72b8)
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_REQCHAL
...
[2004/12/26 22:55:03, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "NETLOGON" (pnum 72b8)
...
[2004/12/26 22:55:03, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: NET_AUTH2
...
[2004/12/26 22:55:03, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244)
get_md4pw: Workstation LINUX$: no account in domain
...
[2004/12/26 22:55:03, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not
exist.
[2004/12/26 22:55:03, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)
[2004/12/26 22:55:03, 3] smbd/oplock.c:init_oplocks(1302)
open_oplock_ipc: opening loopback UDP socket.
...
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_nt1(333)
using SPNEGO
[2004/12/26 22:55:03, 3] smbd/negprot.c:reply_negprot(549)
Selected protocol NT LANMAN 1.0
...
[2004/12/26 22:55:03, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
...
NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
[2004/12/26 22:55:03, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
Got user=[Administrator] domain=[DOMINIO] workstation=[LINUX] len1=24
len2=24
# cat linux.log
...
[2004/12/26 22:55:03, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[DOMINIO]\[Administrator]@[LINUX] with the new password interface
[2004/12/26 22:55:03, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [DOMINIO]\[Administrator]@[LINUX]
...
[2004/12/26 22:55:04, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: sam authentication for user [Administrator] succeeded
...
[2004/12/26 22:55:04, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [Administrator] ->
[Administrator] -> [Administrator] succeeded
[2004/12/26 22:55:04, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
...
Adding homes service for user 'Administrator' using home directory:
'/home/Administrator'
[2004/12/26 22:55:04, 3] param/loadparm.c:lp_add_home(2341)
adding home's share [Administrator] for user 'Administrator' at
'/home/Administrator'
[2004/12/26 22:55:04, 3] smbd/process.c:process_smb(1091)
Transaction 3 of length 78
[2004/12/26 22:55:04, 3] smbd/process.c:switch_message(886)
switch message SMBtconX (pid 4481) conn 0x0
[2004/12/26 22:55:04, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:04, 3] smbd/service.c:make_connection_snum(472)
Connect path is '/tmp' for service [IPC$]
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-2996
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2004/12/26 22:55:04, 3] smbd/vfs.c:vfs_init_default(203)
Initialising default vfs hooks
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-2996
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
[2004/12/26 22:55:04, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 512) - sec_ctx_stack_ndx = 0
[2004/12/26 22:55:04, 3] smbd/service.c:make_connection_snum(648)
linux (192.168.1.100) connect to service IPC$ initially as user
Administrator (uid=0, gid=512) (pid 4481)
[2004/12/26 22:55:04, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
...
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-2996
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
...
api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(251)
[2004/12/26 22:55:04, 3] lib/util_seaccess.c:se_access_check(252)
se_access_check: user sid is S-1-5-21-1633113708-3653575748-605977783-2996
se_access_check: also S-1-5-21-1633113708-3653575748-605977783-512
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
...
[2004/12/26 22:55:04, 3] smbd/ipc.c:api_fd_reply(296)
Got API command 0x26 on pipe "samr" (pnum 72ba)
[2004/12/26 22:55:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 0
[2004/12/26 22:55:04, 3] rpc_server/srv_pipe.c:api_rpcTNP(1538)
api_rpcTNP: rpc command: SAMR_CREATE_USER
...
[2004/12/26 22:55:04, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2250)
_samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w
'linux$'' gave 9
[2004/12/26 22:55:04, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
free_pipe_context: destroying talloc pool of size 12
...
[2004/12/26 22:55:04, 3] smbd/connection.c:yield_connection(69)
Yielding connection to
[2004/12/26 22:55:04, 3] smbd/connection.c:yield_connection(76)
yield_connection: tdb_delete for name failed with error Record does not
exist.
[2004/12/26 22:55:04, 3] smbd/server.c:exit_server(614)
Server exit (normal exit)
More information about the samba-it
mailing list