[Samba] Samba ADS-member-server: FQDNs in /etc/hosts

Stefan G. Weichinger lists at xunil.at
Tue Jul 11 08:36:08 UTC 2017 

[2017/07/11 10:28:51.553290,  3]
../source3/auth/auth.c:249(auth_check_ntlm_password)
  check_ntlm_password: winbind authentication for user [mueller] succeeded
[2017/07/11 10:28:51.553324,  2]
../source3/auth/auth.c:305(auth_check_ntlm_password)
  check_ntlm_password:  authentication for user [mueller] -> [mueller]
-> [mueller] succeeded
[2017/07/11 10:28:51.553493,  1]
../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-2940660672-4062535256-4144655499-1029 -> getpwuid(11029)
failed
[2017/07/11 10:28:51.553518,  3]
../source3/auth/token_util.c:316(create_local_nt_token_from_info3)
  Failed to finalize nt token
[2017/07/11 10:28:51.553552,  3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/07/11 10:28:51.553562,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/07/11 10:28:51.553601,  3]
../auth/ntlmssp/ntlmssp_sign.c:509(ntlmssp_sign_reset)
  NTLMSSP Sign/Seal - Initialising with flags:
[2017/07/11 10:28:51.553611,  3]
../auth/ntlmssp/ntlmssp_util.c:69(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
[2017/07/11 10:28:51.553782,  1]
../source3/auth/token_util.c:430(add_local_groups)
  SID S-1-5-21-2940660672-4062535256-4144655499-1029 -> getpwuid(11029)
failed
[2017/07/11 10:28:51.553808,  3]
../source3/auth/token_util.c:316(create_local_nt_token_from_info3)
  Failed to finalize nt token
[2017/07/11 10:28:51.553818,  1]
../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego)
  Failed to generate session_info (user and group token) for session
setup: NT_STATUS_UNSUCCESSFUL
[2017/07/11 10:28:51.553864,  3]
../source3/smbd/error.c:82(error_packet_set)
  NT error packet at ../source3/smbd/sesssetup.c(293) cmd=115
(SMBsesssetupX) NT_STATUS_UNSUCCESSFUL
[2017/07/11 10:28:51.554117,  3]
../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (failed to receive smb request)



---


getpwuid(11029)  fails, local group 11029 does not exist.

the SID looks like:# net ads sid
S-1-5-21-2940660672-4062535256-4144655499-1029
Got 1 replies

cn: mueller
instanceType: 4
whenCreated: 20170524093910.0Z
uSNCreated: 4231
name: mueller
objectGUID: ddbb9928-167d-4cfb-a667-ef4a24600fef
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
primaryGroupID: 513
objectSid: S-1-5-21-2940660672-4062535256-4144655499-1029
sAMAccountName: mueller
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=secret,DC=at
pwdLastSet: 130414131350000000
accountExpires: 137303967990000000
lastLogoff: 137303967990000000
userAccountControl: 512
uidNumber: 1070
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
unixHomeDirectory: /home/mueller
loginShell: /bin/bash
gidNumber: 1070
msSFU30NisDomain: buero
lastLogonTimestamp: 131439211510194450
whenChanged: 20170707171231.0Z
uSNChanged: 6300
memberOf: CN=Mitarbeiter,OU=secret-Benutzer,DC=secret,DC=at
lastLogon: 131442246304847030
logonCount: 14
distinguishedName: CN=mueller,OU=secret-Benutzer,DC=secret,DC=at


created a local group "rettung" with GID 11029 ... no change

I don't find that 11029 in the SID infos ...

More information about the samba mailing list