NT4-style domain with ldapsam:editposix
Rowland Penny
repenny241155 at gmail.com
Fri Feb 26 17:03:20 UTC 2016
Hi, I am trying to set up an NT4-style PDC without using smbldap-tools,
I am basically following this webpage:
http://wiki.samba.gr.jp/mediawiki/index.php?title=How_to_build_Samba_PDC_%28squeeze%29.
I am using Devuan jessie and self compiled Samba 4.3.5, all the
recommended packages from the Samba wiki page are installed and only
option passed to './configure is '--without-systemd'
I have got smb.conf setup and running (copy attached) and the openldap
database has been populated, the only problem is that I cannot add any
users with smbpasswd. Running 'smbpasswd -a <username>' gets the user
added to ldap, but then smbpasswd segfaults. I have recompiled with
'--enable-debug' and run smbpasswd with gdb and got the output shown in
the attached file 'gdb_result'.
I have also attached an ldap dump and a level 10 log-wb-EXAMPLE from
when I try to add the user.
Is this due to something I have done (or not done) or is it a bug ?
If it is a bug, I will open a bug report.
Rowland
-------------- next part --------------
root at testpdc:/usr/src/samba/samba-4.3.5# gdb smbpasswd
GNU gdb (Debian 7.7.1+dfsg-5) 7.7.1
Copyright (C) 2014 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i586-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from smbpasswd...done.
(gdb) run -a ldap02
Starting program: /usr/local/samba/bin/smbpasswd -a ldap02
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter store dos attributes = yes
doing parameter map read only = no
doing parameter map archive = no
doing parameter dos filetime resolution = yes
doing parameter fake directory create times = yes
doing parameter csc policy = disable
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="TESTPDC"
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend wbc_sam
Successfully added passdb backend 'wbc_sam'
Attempting to register passdb backend samba_dsdb
Successfully added passdb backend 'samba_dsdb'
Attempting to register passdb backend samba4
Successfully added passdb backend 'samba4'
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend IPA_ldapsam
Successfully added passdb backend 'IPA_ldapsam'
Attempting to find a passdb backend to match ldapsam (ldapsam)
Found pdb backend ldapsam
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=EXAMPLE))]
smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=EXAMPLE))], scope => [2]
The connection to the LDAP server was closed
smb_ldap_setup_connection: ldap://localhost
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server ldap://localhost as "cn=admin,dc=example,dc=com"
ldap_connect_system: successful connection to the LDAP server
ldap_connect_system: LDAP server does support paged results
The LDAP server is successfully connected
pdb backend ldapsam has a valid init
New SMB password:
Retype new SMB password:
smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(uid=ldap02)(objectclass=sambaSamAccount))], scope => [2]
ldapsam_getsampwnam: Unable to locate user [ldap02] count=0
smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(uid=ldap02)(objectClass=posixAccount))], scope => [2]
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=EXAMPLE))]
smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(objectClass=sambaDomain)(sambaDomainName=EXAMPLE))], scope => [2]
attribute sambaNextGroupRid does not exist
smbldap_make_mod: deleting attribute |sambaNextRid| values |1007|
smbldap_make_mod: adding attribute |sambaNextRid| value |1008|
smbldap_modify: dn => [sambaDomainName=EXAMPLE,dc=example,dc=com]
pdb_set_username: setting username ldap02, was
pdb_set_domain: setting domain EXAMPLE, was
pdb_set_user_sid: setting user sid S-1-5-21-692785853-2787214467-4049319907-1008
smbldap_make_mod: adding attribute |uid| value |ldap02|
init_ldap_from_sam: Setting entry for user: ldap02
smbldap_make_mod: adding attribute |sambaSID| value |S-1-5-21-692785853-2787214467-4049319907-1008|
smbldap_make_mod: adding attribute |sambaAcctFlags| value |[DU ]|
ldapsam_create_user: Creating new posix user
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
Parsing value for key [IDMAP/SID2XID/S-1-5-21-692785853-2787214467-4049319907-513]: value=[2000:G]
Parsing value for key [IDMAP/SID2XID/S-1-5-21-692785853-2787214467-4049319907-513]: id=[2000], endptr=[:G]
sid S-1-5-21-692785853-2787214467-4049319907-513 -> gid 2000
smbldap_add: dn => [uid=ldap02,ou=users,dc=example,dc=com]
ldapsam_create_user: added account [ldap02] in the LDAP database
smbldap_search_ext: base => [dc=example,dc=com], filter => [(&(uid=ldap02)(objectclass=sambaSamAccount))], scope => [2]
init_sam_from_ldap: Entry found for user: ldap02
pdb_set_username: setting username ldap02, was
pdb_set_domain: setting domain EXAMPLE, was
pdb_set_nt_username: setting nt username ldap02, was
pdb_set_user_sid_from_string: setting user sid S-1-5-21-692785853-2787214467-4049319907-1008
pdb_set_user_sid: setting user sid S-1-5-21-692785853-2787214467-4049319907-1008
attribute sambaPwdLastSet does not exist
attribute sambaLogonTime does not exist
attribute sambaLogoffTime does not exist
attribute sambaKickoffTime does not exist
attribute sambaPwdCanChange does not exist
attribute displayName does not exist
pdb_set_full_name: setting full name ldap02, was
attribute sambaHomeDrive does not exist
pdb_set_dir_drive: setting dir drive , was NULL
attribute sambaHomePath does not exist
pdb_set_homedir: setting home dir , was
attribute sambaLogonScript does not exist
pdb_set_logon_script: setting logon script , was
attribute sambaProfilePath does not exist
pdb_set_profile_path: setting profile path , was
attribute description does not exist
attribute sambaUserWorkstations does not exist
attribute sambaMungedDial does not exist
attribute sambaLMPassword does not exist
attribute sambaNTPassword does not exist
Adding cache entry with key=[ACCT_POL/password history] and timeout=[Thu Jan 1 01:00:00 1970 BST] (-1456493860 seconds in the past)
ldapsam_get_account_policy_from_ldap
smbldap_search_ext: base => [sambaDomainName=EXAMPLE,dc=example,dc=com], filter => [(objectClass=sambaDomain)], scope => [0]
cache_account_policy_set: updating account pol cache
Adding cache entry with key=[ACCT_POL/password history] and timeout=[Fri Feb 26 13:38:40 2016 GMT] (60 seconds ahead)
attribute sambaBadPasswordCount does not exist
attribute sambaBadPasswordTime does not exist
attribute sambaLogonHours does not exist
attribute gecos does not exist
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:50
50 ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S: No such file or directory.
(gdb) bt
#0 __strlen_sse2_bsf () at ../sysdeps/i386/i686/multiarch/strlen-sse2-bsf.S:50
#1 0xb7e0d2ed in tcopy_passwd (mem_ctx=0x8003baf8, from=0xbffff7dc)
at ../lib/util/util_pw.c:39
#2 0xb7d500a4 in init_sam_from_ldap (ldap_state=0x80027a00,
sampass=0x8003baf8, entry=0x800311d0) at ../source3/passdb/pdb_ldap.c:1029
#3 0xb7d51c51 in ldapsam_getsampwnam (my_methods=0x800278b8, user=0x8003baf8,
sname=0x800081c0 <user_name> "ldap02") at ../source3/passdb/pdb_ldap.c:1507
#4 0xb7d77901 in pdb_getsampwnam (sam_acct=0x8003baf8,
username=0x800081c0 <user_name> "ldap02")
at ../source3/passdb/pdb_interface.c:334
#5 0xb7d69bac in local_password_change (
user_name=0x800081c0 <user_name> "ldap02", local_flags=577,
new_passwd=0x800173e8 "p4ssword", pp_err_str=0xbffffb98,
pp_msg_str=0xbffffb9c) at ../source3/passdb/passdb.c:782
#6 0x800032ac in password_change (remote_mach=0x0,
username=0x800081c0 <user_name> "ldap02", old_passwd=0x0,
new_pw=0x800173e8 "p4ssword", local_flags=577)
at ../source3/utils/smbpasswd.c:264
#7 0x80003a88 in process_root (local_flags=577)
at ../source3/utils/smbpasswd.c:466
#8 0x80003fad in main (argc=3, argv=0xbffffcf4)
at ../source3/utils/smbpasswd.c:627
(gdb)
(gdb) quit
A debugging session is active.
Inferior 1 [process 28921] will be killed.
Quit anyway? (y or n) y
root at testpdc:/usr/src/samba/samba-4.3.5#
-------------- next part --------------
root at testpdc:/usr/src/samba/samba-4.3.5# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: example
dc: example
# admin, example.com
dn: cn=admin,dc=example,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
# users, example.com
dn: ou=users,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users
# groups, example.com
dn: ou=groups,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups
# idmap, example.com
dn: ou=idmap,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: idmap
# computers, example.com
dn: ou=computers,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: computers
# EXAMPLE, example.com
dn: sambaDomainName=EXAMPLE,dc=example,dc=com
sambaDomainName: EXAMPLE
sambaSID: S-1-5-21-692785853-2787214467-4049319907
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaMinPwdLength: 5
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 0
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaForceLogoff: -1
sambaRefuseMachinePwdChange: 0
sambaNextRid: 1008
# domusers, groups, example.com
dn: cn=domusers,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: domusers
displayName: Domain Users
gidNumber: 2000
sambaSID: S-1-5-21-692785853-2787214467-4049319907-513
sambaGroupType: 2
# domadmins, groups, example.com
dn: cn=domadmins,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: domadmins
displayName: Domain Admins
gidNumber: 2001
sambaSID: S-1-5-21-692785853-2787214467-4049319907-512
sambaGroupType: 2
# Administrator, users, example.com
dn: uid=Administrator,ou=users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
uid: Administrator
cn: Administrator
displayName: Administrator
uidNumber: 2000
gidNumber: 2001
homeDirectory: /home/Administrator
loginShell: /bin/bash
sambaSID: S-1-5-21-692785853-2787214467-4049319907-500
sambaAcctFlags: [DU ]
# nobody, users, example.com
dn: uid=nobody,ou=users,dc=example,dc=com
objectClass: account
objectClass: posixAccount
objectClass: sambaSamAccount
uid: nobody
cn: nobody
displayName: nobody
uidNumber: 65534
gidNumber: 65534
homeDirectory: /nonexistent
loginShell: /usr/sbin/nologin
sambaSID: S-1-5-21-692785853-2787214467-4049319907-501
sambaAcctFlags: [DU ]
# domguests, groups, example.com
dn: cn=domguests,ou=groups,dc=example,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: domguests
displayName: Domain Guests
gidNumber: 65534
sambaSID: S-1-5-21-692785853-2787214467-4049319907-514
sambaGroupType: 2
# S-1-5-21-692785853-2787214467-4049319907-1001, groups, example.com
dn: sambaSID=S-1-5-21-692785853-2787214467-4049319907-1001,ou=groups,dc=exampl
e,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1001
sambaGroupType: 4
displayName: aclshare1ro
gidNumber: 2002
# S-1-5-21-692785853-2787214467-4049319907-1002, groups, example.com
dn: sambaSID=S-1-5-21-692785853-2787214467-4049319907-1002,ou=groups,dc=exampl
e,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1002
sambaGroupType: 4
displayName: aclshare1rw
gidNumber: 2003
# S-1-5-21-692785853-2787214467-4049319907-1003, groups, example.com
dn: sambaSID=S-1-5-21-692785853-2787214467-4049319907-1003,ou=groups,dc=exampl
e,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1003
sambaGroupType: 4
displayName: aclshare2ro
gidNumber: 2004
# S-1-5-21-692785853-2787214467-4049319907-1004, groups, example.com
dn: sambaSID=S-1-5-21-692785853-2787214467-4049319907-1004,ou=groups,dc=exampl
e,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1004
sambaGroupType: 4
displayName: aclshare2rw
gidNumber: 2005
# S-1-5-32-544, groups, example.com
dn: sambaSID=S-1-5-32-544,ou=groups,dc=example,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-32-544
sambaGroupType: 4
displayName: Administrators
gidNumber: 2006
sambaSIDList: S-1-5-21-692785853-2787214467-4049319907-512
# S-1-5-32-545, groups, example.com
dn: sambaSID=S-1-5-32-545,ou=groups,dc=example,dc=com
objectClass: sambaSidEntry
objectClass: sambaGroupMapping
sambaSID: S-1-5-32-545
sambaGroupType: 4
displayName: Users
gidNumber: 2007
sambaSIDList: S-1-5-21-692785853-2787214467-4049319907-513
# ldap01, users, example.com
dn: uid=ldap01,ou=users,dc=example,dc=com
uid: ldap01
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1007
sambaAcctFlags: [DU ]
objectClass: sambaSamAccount
objectClass: account
objectClass: posixAccount
cn: ldap01
uidNumber: 10000
gidNumber: 2000
homeDirectory: /home/ldap01
loginShell: /bin/bash
# ldap02, users, example.com
dn: uid=ldap02,ou=users,dc=example,dc=com
uid: ldap02
sambaSID: S-1-5-21-692785853-2787214467-4049319907-1008
sambaAcctFlags: [DU ]
objectClass: sambaSamAccount
objectClass: account
objectClass: posixAccount
cn: ldap02
uidNumber: 10001
gidNumber: 2000
homeDirectory: /home/ldap02
loginShell: /bin/bash
# search result
search: 2
result: 0 Success
# numResponses: 21
# numEntries: 20
root at testpdc:/usr/src/samba/samba-4.3.5#
-------------- next part --------------
[2016/02/26 13:34:30.294553, 4, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1389(child_handler)
child daemon request 20
[2016/02/26 13:34:30.294719, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:512(child_process_request)
child_process_request: request fn LIST_TRUSTDOM
[2016/02/26 13:34:30.294739, 3, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[28843]: list trusted domains
[2016/02/26 13:34:30.294797, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2910(trusted_domains)
trusted_domains: [Cached] - doing backend query for info for domain EXAMPLE
[2016/02/26 13:34:30.294816, 3, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:293(sam_trusted_domains)
samr: trusted domains
[2016/02/26 13:34:30.294975, 4, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
Create pipe requested lsarpc
[2016/02/26 13:34:30.295000, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles)
init_pipe_handle_list: created handle list for pipe lsarpc
[2016/02/26 13:34:30.295016, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles)
init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
[2016/02/26 13:34:30.295091, 4, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
Created internal pipe lsarpc
[2016/02/26 13:34:30.295162, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
[2016/02/26 13:34:30.295358, 10, pid=28847, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
se_map_generic(): mapped mask 0xb0000000 to 0x000f1fff
[2016/02/26 13:34:30.295415, 4, pid=28847, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
_lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f1fff)
but overritten by euid == initial uid
[2016/02/26 13:34:30.295469, 4, pid=28847, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:117(access_check_object)
_lsa_OpenPolicy2: access GRANTED (requested: 0x000f1fff, granted: 0x000f1fff)
[2016/02/26 13:34:30.295536, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal)
Opened policy hnd[1] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D0 56 66 54 ........ .....VfT
[0010] AF 70 00 00 .p..
[2016/02/26 13:34:30.295610, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000008-0000-0000-d056-6654af700000
result : NT_STATUS_OK
[2016/02/26 13:34:30.295781, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustedDomainsEx: struct lsa_EnumTrustedDomainsEx
in: struct lsa_EnumTrustedDomainsEx
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000008-0000-0000-d056-6654af700000
resume_handle : *
resume_handle : 0x00000000 (0)
max_size : 0xffffffff (4294967295)
[2016/02/26 13:34:30.295956, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustDom: struct lsa_EnumTrustDom
in: struct lsa_EnumTrustDom
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000008-0000-0000-d056-6654af700000
resume_handle : *
resume_handle : 0x00000000 (0)
max_size : 0xffffffff (4294967295)
[2016/02/26 13:34:30.296153, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D0 56 66 54 ........ .....VfT
[0010] AF 70 00 00 .p..
[2016/02/26 13:34:30.296242, 5, pid=28847, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
smbldap_search_ext: base => [sambaDomainName=EXAMPLE,dc=example,dc=com], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2]
[2016/02/26 13:34:30.297353, 5, pid=28847, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:6351(ldapsam_enum_trusteddoms)
ldapsam_enum_trusteddoms: got 0 domains
[2016/02/26 13:34:30.297407, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustDom: struct lsa_EnumTrustDom
out: struct lsa_EnumTrustDom
resume_handle : *
resume_handle : 0xffffffff (4294967295)
domains : *
domains: struct lsa_DomainList
count : 0x00000000 (0)
domains : NULL
result : NT_STATUS_NO_MORE_ENTRIES
[2016/02/26 13:34:30.297609, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000008-0000-0000-d056-6654af700000
[2016/02/26 13:34:30.297709, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv]
../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D0 56 66 54 ........ .....VfT
[0010] AF 70 00 00 .p..
[2016/02/26 13:34:30.297807, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv]
../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 08 00 00 00 00 00 00 00 D0 56 66 54 ........ .....VfT
[0010] AF 70 00 00 .p..
[2016/02/26 13:34:30.297914, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd)
Closed policy
[2016/02/26 13:34:30.297944, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2016/02/26 13:34:30.298066, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe)
Deleted handle list for RPC connection lsarpc
[2016/02/26 13:34:30.298109, 4, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler)
Finished processing child request 20
[2016/02/26 13:34:30.298138, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
Writing 3496 bytes to parent
[2016/02/26 13:39:30.295263, 4, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1389(child_handler)
child daemon request 20
[2016/02/26 13:39:30.295455, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:512(child_process_request)
child_process_request: request fn LIST_TRUSTDOM
[2016/02/26 13:39:30.295493, 3, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
[28843]: list trusted domains
[2016/02/26 13:39:30.295573, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_cache.c:2910(trusted_domains)
trusted_domains: [Cached] - doing backend query for info for domain EXAMPLE
[2016/02/26 13:39:30.295612, 3, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_samr.c:293(sam_trusted_domains)
samr: trusted domains
[2016/02/26 13:39:30.295757, 4, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:203(make_internal_rpc_pipe_p)
Create pipe requested lsarpc
[2016/02/26 13:39:30.295796, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:222(init_pipe_handles)
init_pipe_handle_list: created handle list for pipe lsarpc
[2016/02/26 13:39:30.295829, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:239(init_pipe_handles)
init_pipe_handle_list: pipe_handles ref count = 1 for pipe lsarpc
[2016/02/26 13:39:30.295981, 4, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_ncacn_np.c:243(make_internal_rpc_pipe_p)
Created internal pipe lsarpc
[2016/02/26 13:39:30.296070, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
[2016/02/26 13:39:30.296424, 10, pid=28847, effective(0, 0), real(0, 0)] ../libcli/security/access_check.c:58(se_map_generic)
se_map_generic(): mapped mask 0xb0000000 to 0x000f1fff
[2016/02/26 13:39:30.296452, 4, pid=28847, effective(0, 0), real(0, 0)] ../source3/rpc_server/srv_access_check.c:95(access_check_object)
_lsa_OpenPolicy2: ACCESS should be DENIED (requested: 0x000f1fff)
but overritten by euid == initial uid
[2016/02/26 13:39:30.296472, 4, pid=28847, effective(0, 0), real(0, 0)]
../source3/rpc_server/srv_access_check.c:117(access_check_object)
_lsa_OpenPolicy2: access GRANTED (requested: 0x000f1fff, granted: 0x000f1fff)
[2016/02/26 13:39:30.296489, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:303(create_rpc_handle_internal)
Opened policy hnd[1] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D0 56 92 55 ........ .....V.U
[0010] AF 70 00 00 .p..
[2016/02/26 13:39:30.296538, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000009-0000-0000-d056-9255af700000
result : NT_STATUS_OK
[2016/02/26 13:39:30.296643, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustedDomainsEx: struct lsa_EnumTrustedDomainsEx
in: struct lsa_EnumTrustedDomainsEx
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000009-0000-0000-d056-9255af700000
resume_handle : *
resume_handle : 0x00000000 (0)
max_size : 0xffffffff (4294967295)
[2016/02/26 13:39:30.296735, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustDom: struct lsa_EnumTrustDom
in: struct lsa_EnumTrustDom
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000009-0000-0000-d056-9255af700000
resume_handle : *
resume_handle : 0x00000000 (0)
max_size : 0xffffffff (4294967295)
[2016/02/26 13:39:30.296791, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D0 56 92 55 ........ .....V.U
[0010] AF 70 00 00 .p..
[2016/02/26 13:39:30.296868, 5, pid=28847, effective(0, 0), real(0, 0)] ../source3/lib/smbldap.c:1249(smbldap_search_ext)
smbldap_search_ext: base => [sambaDomainName=EXAMPLE,dc=example,dc=com], filter => [(objectClass=sambaTrustedDomainPassword)], scope => [2]
[2016/02/26 13:39:30.298040, 5, pid=28847, effective(0, 0), real(0, 0), class=passdb] ../source3/passdb/pdb_ldap.c:6351(ldapsam_enum_trusteddoms)
ldapsam_enum_trusteddoms: got 0 domains
[2016/02/26 13:39:30.298078, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_EnumTrustDom: struct lsa_EnumTrustDom
out: struct lsa_EnumTrustDom
resume_handle : *
resume_handle : 0xffffffff (4294967295)
domains : *
domains: struct lsa_DomainList
count : 0x00000000 (0)
domains : NULL
result : NT_STATUS_NO_MORE_ENTRIES
[2016/02/26 13:39:30.298199, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000009-0000-0000-d056-9255af700000
[2016/02/26 13:39:30.298244, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D0 56 92 55 ........ .....V.U
[0010] AF 70 00 00 .p..
[2016/02/26 13:39:30.298287, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:338(find_policy_by_hnd_internal)
Found policy hnd[0] [0000] 00 00 00 00 09 00 00 00 00 00 00 00 D0 56 92 55 ........ .....V.U
[0010] AF 70 00 00 .p..
[2016/02/26 13:39:30.298327, 6, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:387(close_policy_hnd)
Closed policy
[2016/02/26 13:39:30.298340, 1, pid=28847, effective(0, 0), real(0, 0)] ../librpc/ndr/ndr.c:439(ndr_print_function_debug)
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid : 00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
[2016/02/26 13:39:30.298396, 10, pid=28847, effective(0, 0), real(0, 0), class=rpc_srv] ../source3/rpc_server/rpc_handles.c:417(close_policy_by_pipe)
Deleted handle list for RPC connection lsarpc
[2016/02/26 13:39:30.298422, 4, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:1397(child_handler)
Finished processing child request 20
[2016/02/26 13:39:30.298435, 10, pid=28847, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/winbindd_dual.c:104(child_write_response)
Writing 3496 bytes to parent
-------------- next part --------------
[global]
workgroup = EXAMPLE
domain logons = yes
os level = 32
time server = yes
logon home =
logon path =
passdb backend = ldapsam
ldapsam:trusted = yes
ldapsam:editposix = yes
ldap admin dn = cn=admin,dc=example,dc=com
ldap password sync = yes
ldap delete dn = yes
ldap group suffix = ou=groups
ldap machine suffix = ou=computers
ldap user suffix = ou=users
ldap idmap suffix = ou=idmap
ldap suffix = dc=example,dc=com
obey pam restrictions = yes
; idmap config *:backend = tdb
; idmap config *:range = 10000-99999
idmap uid = 10000-19999
idmap gid = 10000-19999
winbind nss info = rfc2307
template shell = /bin/bash
template homedir = /home/%U
winbind normalize names = yes
winbind use default domain = yes
wins support = yes
dns proxy = no
log level = 5
printing = bsd
printcap name = /dev/null
store dos attributes = yes
map read only = no
map archive = no
dos filetime resolution = yes
fake directory create times = yes
csc policy = disable
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/shares/netlogon
writeable = no
write list = Administrator @domadmins
force group = domadmins
force create mode = 0664
force directory mode = 0775
[print$]
comment = Share for Printer Drivers
path = /var/lib/samba/shares/printers
read only = Yes
write list = Administrator @domadmins
force group = domadmins
force create mode = 0664
force directory mode = 0775
[profiles]
comment = Profile Directory
path = /var/lib/samba/shares/profiles
profile acls = yes
read only = No
directory mask = 0700
create mask = 0600
browseable = no
[homes]
browseable = no
read only = No
valid users = %S
[shared]
path = /var/lib/samba/shares/shared
comment = Shared folder
read only = yes
write list = @domusers
force group = domusers
force create mode = 0664
force directory mode = 0775
## recycle module
vfs objects = recycle
recycle:repository = .recycle
recycle:keeptree = yes
recycle:versions = yes
recycle:touch = yes
recycle:exclude = *.tmp ~$*
recycle:maxsize = 20000000
recycle:directory_mode = 770
[aclshare1]
path = /var/lib/samba/shares/aclshare1
comment = Shared folder (ACL enabled)
read only = No
inherit owner = yes
inherit permissions = yes
force group = root
[aclshare2]
path = /var/lib/samba/shares/aclshare2
comment = Shared folder (ACL enabled)
read only = No
inherit owner = yes
inherit permissions = yes
force group = root
dos filemode = yes
More information about the samba-technical
mailing list