[Samba-it] problemi di replica WERR_DS_DRA_ACCESS_DENIED
Giuseppe Arvati
giuseppe.arvati at gmail.com
Fri Nov 23 09:25:25 UTC 2018
Il 22/11/2018 16:01, Marco Gaiarin ha scritto:
> Mandi! Giuseppe Arvati
> In chel di` si favelave...
>
>> piĆ¹ o meno gli stessi di ora: Gaiarin, Ravinetto e
>> pochi altri
>
> ...si resiste... ;-)
>
>
>> Ho googlato un po' senza successo sul WERR_DS_DRA_ACCESS_DENIED
>> Qualche suggerimento ?
>
> No. A parte i ''soliti'': verificare eventuali firewall in mezzo...
>
>
> Ad gni modo il mio google-fu mi manda qui:
>
> https://lists.samba.org/archive/samba/2017-December/212963.html
>
Ciao e grazie del supporto
avevo visto quel posto che citi ma non mi ha aiutato molto
allego l'output del comando di replica che genera l'errore
sperando che qualcuno noti qualcosa di utili per la risuluzione
[root at dc1ucp ~]# samba-tool drs replicate dc1ucp apamfs2
DC=apam-ad,DC=apam,DC=it -d 10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[utenti]"
Processing section "[passa]"
pm_process() returned Yes
ldb: ldb_trace_request: SEARCH
dn: @MODULES
scope: base
expr: (@LIST=*)
attr: @LIST
control: <NONE>
ldb: ldb_trace_request: (tdb)->read_lock
ldb: ldb_trace_next_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0xfe2d50
ldb: Added timed event "ltdb_timeout": 0xfe2e10
ldb: Running timer event 0xfe2d50 "ltdb_callback"
ldb: ldb_trace_response: ENTRY
dn: @MODULES
@LIST: samba_secrets
ldb: ldb_trace_response: DONE
error: 0
ldb: ldb_trace_request: (tdb)->read_unlock
ldb: Destroying timer event 0xfe2e10 "ltdb_timeout"
ldb: Ending timer event 0xfe2d50 "ltdb_callback"
ldb: ldb_trace_request: REGISTER_CONTROL
1.2.840.113556.1.4.1413
control: <NONE>
ldb: ldb_asprintf/set_errstring: unable to find module or backend to
handle operation: request
ldb: ldb_trace_request: SEARCH
dn: <rootDSE>
scope: base
expr: (objectClass=*)
attr: rootDomainNamingContext
attr: configurationNamingContext
attr: schemaNamingContext
attr: defaultNamingContext
control: <NONE>
ldb: ldb_trace_request: (tdb)->read_lock
ldb: ldb_trace_next_request: (rdn_name)->search
ldb: ldb_trace_next_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0xfe1d40
ldb: Added timed event "ltdb_timeout": 0xfe3c60
ldb: Running timer event 0xfe1d40 "ltdb_callback"
ldb: ldb_asprintf/set_errstring: NULL Base DN invalid for a base search
ldb: ldb_trace_response: DONE
error: 34
msg: NULL Base DN invalid for a base search
ldb: ldb_trace_request: (tdb)->read_unlock
ldb: Destroying timer event 0xfe3c60 "ltdb_timeout"
ldb: Ending timer event 0xfe1d40 "ltdb_callback"
ldb_wrap open of secrets.ldb
ldb: ldb_trace_request: SEARCH
dn: cn=Primary Domains
scope: sub
expr: (&(flatname=APAM-AD)(objectclass=primaryDomain))
attr: <ALL>
control: <NONE>
ldb: ldb_trace_request: (tdb)->read_lock
ldb: ldb_trace_next_request: (rdn_name)->search
ldb: ldb_trace_next_request: (tdb)->search
ldb: Added timed event "ltdb_callback": 0xfe4670
ldb: Added timed event "ltdb_timeout": 0xfe4730
ldb: Running timer event 0xfe4670 "ltdb_callback"
ldb: ldb_trace_response: ENTRY
dn: flatname=APAM-AD,cn=Primary Domains
msDS-KeyVersionNumber: 2
objectClass: top
objectClass: primaryDomain
objectClass: kerberosSecret
objectSid: S-1-5-21-1853045328-2428526881-2616184179
privateKeytab: secrets.keytab
realm: apam-ad.apam.it
saltPrincipal: host/dc1ucp.apam-ad.apam.it at APAM-AD.APAM.IT
samAccountName: DC1UCP$
# secret::: REDACTED SECRET ATTRIBUTE
secureChannelType: 6
servicePrincipalName: HOST/dc1ucp
servicePrincipalName: HOST/dc1ucp.apam-ad.apam.it
objectGUID: 9bcf69ce-d005-469a-8a9b-c0fc9c1e09ff
whenCreated: 20181106092052.0Z
whenChanged: 20181106092052.0Z
uSNCreated: 7
uSNChanged: 7
name: APAM-AD
flatname: APAM-AD
distinguishedName: flatname=APAM-AD,cn=Primary Domains
ldb: ldb_trace_response: DONE
error: 0
ldb: ldb_trace_request: (tdb)->read_unlock
ldb: Destroying timer event 0xfe4730 "ltdb_timeout"
ldb: Ending timer event 0xfe4670 "ltdb_callback"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:dc1ucp[,seal,print]
Mapped to DCERPC endpoint 135
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
resolve_lmhosts: Attempting lmhosts lookup for name dc1ucp<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
rpc request data:
[0000] 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 02 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0020] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K.....
[0030] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......]
[0040] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0050] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0060] 00 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
[0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0080] 01 00 00 00 ....
rpc reply data:
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 ........ ........
[0020] 01 00 00 00 03 00 00 00 4B 00 00 00 4B 00 00 00 ........ K...K...
[0030] 05 00 13 00 0D 35 42 51 E3 06 4B D1 11 AB 04 00 .....5BQ ..K.....
[0040] C0 4F C2 DC D2 04 00 02 00 00 00 13 00 0D 04 5D .O...... .......]
[0050] 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 02 00 ........ ..+.H`..
[0060] 02 00 00 00 01 00 0B 02 00 00 00 01 00 07 02 00 ........ ........
[0070] C0 00 01 00 09 04 00 00 00 00 00 00 00 00 00 00 ........ ........
Mapped to DCERPC endpoint 49152
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
resolve_lmhosts: Attempting lmhosts lookup for name dc1ucp<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 271
Received smb_krb5 packet of length 1373
kinit for DC1UCP$@APAM-AD.APAM.IT succeeded
dcerpc_pull_auth_trailer: auth_pad_length 0
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
dcerpc_pull_auth_trailer: auth_pad_length 0
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f (267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
rpc request data:
[0000] 00 00 02 00 1A 20 4D E2 D6 4F D1 11 A3 DA 00 00 ..... M. .O......
[0010] F8 75 AE 0D 04 00 02 00 1C 00 00 00 1C 00 00 00 .u...... ........
[0020] 7F FF EF 0F 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0030] 00 00 00 00 00 00 00 00 00 00 00 00 ........ ....
t: struct dcerpc_sec_verification_trailer
_pad : DATA_BLOB length=0
magic : 0000000000000000
count: struct dcerpc_sec_vt_count
count : 0x0002 (2)
commands: ARRAY(2)
commands: struct dcerpc_sec_vt
command : 0x0001 (1)
0x01: DCERPC_SEC_VT_COMMAND_ENUM (1)
0: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union
dcerpc_sec_vt_union(case 0x1)
bitmask1 : 0x00000001 (1)
1: DCERPC_SEC_VT_CLIENT_SUPPORTS_HEADER_SIGNING
commands: struct dcerpc_sec_vt
command : 0x4002 (16386)
0x02: DCERPC_SEC_VT_COMMAND_ENUM (2)
1: DCERPC_SEC_VT_COMMAND_END
0: DCERPC_SEC_VT_MUST_PROCESS
u : union
dcerpc_sec_vt_union(case 0x2)
pcontext: struct dcerpc_sec_vt_pcontext
abstract_syntax: struct ndr_syntax_id
uuid :
e3514235-4b06-11d1-ab04-00c04fc2dcd2
if_version : 0x00000004 (4)
transfer_syntax: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
Sealed 128 bytes, and got 76 bytes header/signature.
dcerpc_pull_auth_trailer: auth_pad_length 0
Unsealed 64 bytes, with 76 bytes header/signature.
drsuapi_DsBind: struct drsuapi_DsBind
out: struct drsuapi_DsBind
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
__ndr_length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x2fffff6f (805306223)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1: DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1: DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1: DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1: DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1: DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
1cfd3ded-1d59-4031-b2cd-535ecf593ff9
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
cd26bc77-240c-461f-a15b-3cf90b2702f9
result : WERR_OK
rpc reply data:
[0000] 08 00 02 00 1C 00 00 00 1C 00 00 00 6F FF FF 2F ........ ....o../
[0010] ED 3D FD 1C 59 1D 31 40 B2 CD 53 5E CF 59 3F F9 .=..Y.1@ ..S^.Y?.
[0020] 00 00 00 00 00 00 00 00 00 00 00 00 77 BC 26 CD ........ ....w.&.
[0030] 0C 24 1F 46 A1 5B 3C F9 0B 27 02 F9 00 00 00 00 .$.F.[<. .'......
Security token SIDs (1):
SID[ 0]: S-1-5-18
Privileges (0xFFFFFFFFFFFFFFFF):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
Rights (0x 0):
lpcfg_servicenumber: couldn't find ldb
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.2.2.12 bcast=10.2.255.255 netmask=255.255.0.0
resolve_lmhosts: Attempting lmhosts lookup for name dc1ucp<0x20>
startlmhosts: Can't open lmhosts file /usr/local/samba/etc/lmhosts.
Error was No such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSSAPI credentials for DC1UCP$@APAM-AD.APAM.IT will expire in 36000 secs
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
in: struct drsuapi_DsReplicaSync
bind_handle : *
bind_handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
cd26bc77-240c-461f-a15b-3cf90b2702f9
level : 0x00000001 (1)
req : *
req : union
drsuapi_DsReplicaSyncRequest(case 1)
req1: struct drsuapi_DsReplicaSyncRequest1
naming_context : *
naming_context: struct
drsuapi_DsReplicaObjectIdentifier
__ndr_size : 0x0000006a (106)
__ndr_size_sid : 0x00000000 (0)
guid :
00000000-0000-0000-0000-000000000000
sid : S-0-0
__ndr_size_dn : 0x00000018 (24)
dn :
'DC=apam-ad,DC=apam,DC=it'
source_dsa_guid :
fa93022c-b204-4f74-bc44-176ab767cf54
source_dsa_dns : NULL
options : 0x00000010 (16)
0: DRSUAPI_DRS_ASYNC_OP
0: DRSUAPI_DRS_GETCHG_CHECK
0: DRSUAPI_DRS_UPDATE_NOTIFICATION
0: DRSUAPI_DRS_ADD_REF
0: DRSUAPI_DRS_SYNC_ALL
0: DRSUAPI_DRS_DEL_REF
1: DRSUAPI_DRS_WRIT_REP
0: DRSUAPI_DRS_INIT_SYNC
0: DRSUAPI_DRS_PER_SYNC
0: DRSUAPI_DRS_MAIL_REP
0: DRSUAPI_DRS_ASYNC_REP
0: DRSUAPI_DRS_IGNORE_ERROR
0: DRSUAPI_DRS_TWOWAY_SYNC
0: DRSUAPI_DRS_CRITICAL_ONLY
0: DRSUAPI_DRS_GET_ANC
0: DRSUAPI_DRS_GET_NC_SIZE
0: DRSUAPI_DRS_LOCAL_ONLY
0: DRSUAPI_DRS_NONGC_RO_REP
0: DRSUAPI_DRS_SYNC_BYNAME
0: DRSUAPI_DRS_REF_OK
0: DRSUAPI_DRS_FULL_SYNC_NOW
0: DRSUAPI_DRS_NO_SOURCE
0: DRSUAPI_DRS_FULL_SYNC_IN_PROGRESS
0: DRSUAPI_DRS_FULL_SYNC_PACKET
0: DRSUAPI_DRS_SYNC_REQUEUE
0: DRSUAPI_DRS_SYNC_URGENT
0: DRSUAPI_DRS_REF_GCSPN
0: DRSUAPI_DRS_NO_DISCARD
0: DRSUAPI_DRS_NEVER_SYNCED
0: DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
0: DRSUAPI_DRS_INIT_SYNC_NOW
0: DRSUAPI_DRS_PREEMPTED
0: DRSUAPI_DRS_SYNC_FORCED
0: DRSUAPI_DRS_DISABLE_AUTO_SYNC
0: DRSUAPI_DRS_DISABLE_PERIODIC_SYNC
0: DRSUAPI_DRS_USE_COMPRESSION
0: DRSUAPI_DRS_NEVER_NOTIFY
0: DRSUAPI_DRS_SYNC_PAS
0: DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP
rpc request data:
[0000] 00 00 00 00 77 BC 26 CD 0C 24 1F 46 A1 5B 3C F9 ....w.&. .$.F.[<.
[0010] 0B 27 02 F9 01 00 00 00 01 00 00 00 F1 AE F1 AE .'...... ........
[0020] 2C 02 93 FA 04 B2 74 4F BC 44 17 6A B7 67 CF 54 ,.....tO .D.j.g.T
[0030] 00 00 00 00 10 00 00 00 19 00 00 00 6A 00 00 00 ........ ....j...
[0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0070] 18 00 00 00 44 00 43 00 3D 00 61 00 70 00 61 00 ....D.C. =.a.p.a.
[0080] 6D 00 2D 00 61 00 64 00 2C 00 44 00 43 00 3D 00 m.-.a.d. ,.D.C.=.
[0090] 61 00 70 00 61 00 6D 00 2C 00 44 00 43 00 3D 00 a.p.a.m. ,.D.C.=.
[00A0] 69 00 74 00 00 00 i.t...
Sealed 176 bytes, and got 76 bytes header/signature.
dcerpc_pull_auth_trailer: auth_pad_length 12
Unsealed 16 bytes, with 76 bytes header/signature.
drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
out: struct drsuapi_DsReplicaSync
result : WERR_DS_DRA_ACCESS_DENIED
rpc reply data:
[0000] 05 21 00 00 .!..
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (8453, 'WERR_DS_DRA_ACCESS_DENIED')
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/drs.py",
line 386, in run
drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/drs_utils.py",
line 85, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
Giuseppe
More information about the samba-it
mailing list