[Samba] Issues with RPC, SID resolving; cannot use RSAT
Andreas Gaiser
ags-list at wegewerk.com
Tue Apr 3 09:55:13 UTC 2018
Hello,
I'm running a setup with 3 DCs, all Samba 4.5.12, Debian Stretch (is
patched for CVE-2018-1057, "samba_CVE-2018-1057_helper" been used).
Probably unrelated to the upgrade and patch for CVE-2018-1057, there's
a new problem coming up.
RSAT fails to start/connect, complaining about RPC-Server
unavailablility. On the DCs I've tried with smbclient and get the
following:
root at vts5:/etc/samba# smbclient -L localhost -U Administrator
Enter Administrator's password:
session setup failed: NT_STATUS_INVALID_SID
This is also consistent with log entries like this:
[2018/04/03 11:37:48.411748, 0]
../source4/auth/unix_token.c:79(security_token_to_unix_token)
Unable to convert first SID
(S-1-5-21-1449862128-1716478392-3139764938-1176) in user token to a UID.
Conversion was returned as type 0, full token:
[2018/04/03 11:37:48.411820, 0]
../libcli/security/security_token.c:63(security_token_debug)
Security token SIDs (7):
SID[ 0]: S-1-5-21-1449862128-1716478392-3139764938-1176
SID[ 1]: S-1-5-21-1449862128-1716478392-3139764938-515
SID[ 2]: S-1-1-0
SID[ 3]: S-1-5-2
SID[ 4]: S-1-5-11
SID[ 5]: S-1-5-32-554
SID[ 6]: S-1-5-32-545
It is not like only one specific SID is affected. I find this for many
different ones, including S-1-1-0.
net cache list is showing me funny stuff like this:
Key: IDMAP/GID2SID/3000017 Timeout: 11:23:09 Value: - (expired)
Key: IDMAP/SID2XID/S-1-5-32-545 Timeout: 11:40:46 Value: -1:N
...
Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3708
Timeout: 11:41:17 Value: -1:N
...
Key: IDMAP/SID2XID/S-1-5-21-1449862128-1716478392-3139764938-3680
Timeout: 11:38:37 Value: -1:N (expired)
At the moment I'm blocked making any changes to the Domain, so I
appreciate any help solving this issue.
Thank you,
Andreas Gaiser
--
Andreas Gaiser
wegewerk GmbH
Saarbrücker Str. 24A
10405 Berlin
More information about the samba
mailing list