[Samba] Unable to browse system shares of a newly migrated AD DC

Andrey Repin anrdaemon at yandex.ru
Sun Mar 29 16:16:56 MDT 2015 

Greetings, Rowland Penny!

Got some logs. But... they do not make much sense.
It seems to fail to chdir to /tmp. But I can do it with sudo just fine under
the same credentials.
What's going on?

[2015/03/30 01:05:38.027147,  3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 127.0.0.1 (127.0.0.1)
[2015/03/30 01:05:38.027425,  3, effective(0, 0), real(0, 0)] ../source3/smbd/oplock.c:870(init_oplocks)
  init_oplocks: initializing messages.
[2015/03/30 01:05:38.027695,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 0 of length 194 (0 toread)
[2015/03/30 01:05:38.027728,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBnegprot (pid 882) conn 0x0
[2015/03/30 01:05:38.033749,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2015/03/30 01:05:38.033869,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2015/03/30 01:05:38.033930,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [MICROSOFT NETWORKS 3.0]
[2015/03/30 01:05:38.033989,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN1.0]
[2015/03/30 01:05:38.034055,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LM1.2X002]
[2015/03/30 01:05:38.034116,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [DOS LANMAN2.1]
[2015/03/30 01:05:38.034177,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [LANMAN2.1]
[2015/03/30 01:05:38.034234,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [Samba]
[2015/03/30 01:05:38.034323,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LANMAN 1.0]
[2015/03/30 01:05:38.034376,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:563(reply_negprot)
  Requested protocol [NT LM 0.12]
[2015/03/30 01:05:38.066076,  2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module)
  Module 'samba4' loaded
[2015/03/30 01:05:38.067018,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_spnego' registered
[2015/03/30 01:05:38.067085,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5' registered
[2015/03/30 01:05:38.067129,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'gssapi_krb5_sasl' registered
[2015/03/30 01:05:38.067173,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'schannel' registered
[2015/03/30 01:05:38.067215,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'spnego' registered
[2015/03/30 01:05:38.067280,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'ntlmssp' registered
[2015/03/30 01:05:38.067330,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'krb5' registered
[2015/03/30 01:05:38.067371,  3, effective(0, 0), real(0, 0)] ../auth/gensec/gensec_start.c:870(gensec_register)
  GENSEC backend 'fake_gssapi_krb5' registered
[2015/03/30 01:05:38.068387,  3, effective(0, 0), real(0, 0)] ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2015/03/30 01:05:38.069598,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam' registered
[2015/03/30 01:05:38.069684,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'sam_ignoredomain' registered
[2015/03/30 01:05:38.069729,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'anonymous' registered
[2015/03/30 01:05:38.069802,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind' registered
[2015/03/30 01:05:38.069848,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'winbind_wbclient' registered
[2015/03/30 01:05:38.069910,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'name_to_ntstatus' registered
[2015/03/30 01:05:38.069958,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:673(auth_register)
  AUTH backend 'unix' registered
[2015/03/30 01:05:38.088423,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:384(reply_nt1)
  using SPNEGO
[2015/03/30 01:05:38.088497,  3, effective(0, 0), real(0, 0)] ../source3/smbd/negprot.c:671(reply_negprot)
  Selected protocol NT LANMAN 1.0
[2015/03/30 01:05:38.088901,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 1 of length 92 (0 toread)
[2015/03/30 01:05:38.088973,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBsesssetupX (pid 882) conn 0x0
[2015/03/30 01:05:38.094128,  3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:604(reply_sesssetup_and_X)
  wct=13 flg2=0xc843
[2015/03/30 01:05:38.094250,  3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:818(reply_sesssetup_and_X)
  Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[null]
[2015/03/30 01:05:38.094299,  3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:834(reply_sesssetup_and_X)
  sesssetupX:name=[]\[]@[127.0.0.1]
[2015/03/30 01:05:38.094367,  3, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:89(check_guest_password)
  Got anonymous request
[2015/03/30 01:05:38.096168,  3, effective(0, 0), real(0, 0)] ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
  auth_check_password_send: Checking password for unmapped user []\[]@[]
  auth_check_password_send: mapped user is: [CCENTER]\[]@[]
[2015/03/30 01:05:38.098786,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 2 of length 88 (0 toread)
[2015/03/30 01:05:38.098854,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBtconX (pid 882) conn 0x0
[2015/03/30 01:05:38.099031,  3, effective(0, 0), real(0, 0)] ../source3/lib/access.c:338(allow_access)
  Allowed connection from 127.0.0.1 (127.0.0.1)
[2015/03/30 01:05:38.099142,  3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:612(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2015/03/30 01:05:38.099903,  3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2015/03/30 01:05:38.099972,  3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2015/03/30 01:05:38.100022,  3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [acl_xattr]
[2015/03/30 01:05:38.118613,  2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module)
  Module 'acl_xattr' loaded
[2015/03/30 01:05:38.118757,  3, effective(0, 0), real(0, 0)] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2015/03/30 01:05:38.125409,  2, effective(0, 0), real(0, 0)] ../lib/util/modules.c:191(do_smb_load_module)
  Module 'dfs_samba4' loaded
[2015/03/30 01:05:38.125440,  2, effective(0, 0), real(0, 0)] ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
  connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$
[2015/03/30 01:05:38.127532,  3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:856(make_connection_snum)
  127.0.0.1 (ipv4:127.0.0.1:45066) connect to service IPC$ initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534, gid=3000009) (pid 882)
[2015/03/30 01:05:38.127627,  3, effective(0, 0), real(0, 0)] ../source3/smbd/reply.c:1024(reply_tcon_and_X)
  tconX service=IPC$ 
[2015/03/30 01:05:38.128477,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 3 of length 106 (0 toread)
[2015/03/30 01:05:38.128537,  3, effective(0, 0), real(0, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBntcreateX (pid 882) conn 0xb893b588
[2015/03/29 22:05:38.128622,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service)
  chdir (/tmp) failed, reason: Permission denied
[2015/03/29 22:05:38.128674,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/process.c(1524) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2015/03/29 22:05:38.138398,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 4 of length 118 (0 toread)
[2015/03/29 22:05:38.138453,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBtrans (pid 882) conn 0xb893b588
[2015/03/29 22:05:38.138494,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/service.c:197(set_current_service)
  chdir (/tmp) failed, reason: Permission denied
[2015/03/29 22:05:38.138529,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/process.c(1524) cmd=37 (SMBtrans) NT_STATUS_ACCESS_DENIED
[2015/03/29 22:05:38.139702,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1802(process_smb)
  Transaction 5 of length 39 (0 toread)
[2015/03/29 22:05:38.139771,  3, effective(65534, 3000009), real(65534, 0)] ../source3/smbd/process.c:1405(switch_message)
  switch message SMBtdis (pid 882) conn 0xb893b588
[2015/03/30 01:05:38.139897,  3, effective(0, 0), real(0, 0)] ../source3/smbd/service.c:1130(close_cnum)
  127.0.0.1 (ipv4:127.0.0.1:45066) closed connection to service IPC$
[2015/03/30 01:05:38.141264,  3, effective(0, 0), real(0, 0)] ../source3/smbd/server_exit.c:221(exit_server_common)
  Server exit (failed to receive smb request)


--
WBR,
Andrey Repin (anrdaemon at yandex.ru) 30.03.2015, <01:15>

Sorry for my terrible english...

More information about the samba mailing list