[Samba] net rpc rights list 'accounts' works, kinda, sorta?
pisymbol .
pisymbol at gmail.com
Thu Oct 17 12:41:40 MDT 2013
On Wed, Oct 16, 2013 at 3:01 PM, pisymbol . <pisymbol at gmail.com> wrote:
> Hello all:
>
> On Fedora 13 but tried this with binaries built off of trunk as well:
>
> $ sudo bin/net -U Administrator%<somepass> -S <server DNS address> rpc
> rights list accounts
>
> NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
> SeNetworkLogonRight
>
> NT AUTHORITY\SERVICE
> SeImpersonatePrivilege
> SeCreateGlobalPrivilege
> ...
> S-1-5-21-4110185449-3833660826-895226858-1184
> tdb(__NULL__): tdb_open_ex: called with name == NULL
> $ echo $?
> 255
>
> Note, the 3.5.8-75 binary does the same thing sans "tdb" noise.
>
> But if I do it a second time, it just works and returns 0.
>
> Looking at the TCP dump I see that in the failure case I get a
>
> "Trans Response, FID: 0x8003, Error: STATUS_PIPE_BROKEN"
>
> (Wireshark output from the PCAP dump)
>
> Anyone have a clue on why this kinda, sorta works?
>
> The PDC is running 2003 SP2.
>
> Searching the list yielded very little fruit.
I see this zonking on net debugging -d10 etc.
Running timed event "tevent_req_timedout" 0x7f5b0e5d7270
cli_api_pipe failed: NT_STATUS_IO_TIMEOUT
LSA_LOOKUPSIDS returned 'NT_STATUS_IO_TIMEOUT', mapped count = 0'
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
eae71130-0fad-4f4e-8b25-0d1316f5398f
000000 smb_io_rpc_hdr hdr
0000 major : 05
0001 minor : 00
0002 pkt_type : 00
0003 flags : 03
0004 pack_type0: 10
0005 pack_type1: 00
0006 pack_type2: 00
0007 pack_type3: 00
0008 frag_len : 002c
000a auth_len : 0000
000c call_id : 0000007e
000010 smb_io_rpc_hdr_req hdr_req
0010 alloc_hint: 00000014
0014 context_id: 0000
0016 opnum : 0000
rpc_api_pipe: host <server>
cli_api_pipe failed: NT_STATUS_CONNECTION_INVALID
S-1-5-21-4110185449-3833660826-895226858-1184
lsa_EnumAccountRights: struct lsa_EnumAccount
Looks like adding this ' --request-timeout 30' fixed my issue. Just in
case anyone else runs into this, be aware of the tevent's timeout in
the RPC.
-aps
More information about the samba
mailing list