[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource

Ing. Claudio Nicora claudio.nicora at gmail.com
Thu Jul 5 12:03:43 UTC 2018 

I have a working Samba 4.7.6 DC with the default /sysvol and /netlogon 
shares.

These shares work perfectly and domain users can access them without any 
issue.

Now, to ease experimenting with config files and stuff (it's not a 
production server), I've added a /rootdisk share (path=/) limiting its 
access ro root and domain admins:

---------
# cat /etc/samba/smb.conf
[global]
         bind interfaces only = Yes
         interfaces = lo eth_lan
         netbios name = SRVADDC
         realm = SAMDOM.LOCAL
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = SAMDOM
         #username map = /etc/samba/username.map

[netlogon]
         path = /var/lib/samba/sysvol/samdom.it/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[RootDisk]
         path = /
         read only = No
         valid users = root SAMDOM\myuser @"SAMDOM\domain admins"
         force user = root
         force group = root
         create mode = 0640
         force create mode = 0640
-----

It worked at first but now, after about 2 days, it stopped working and I 
can't connect to it from Windows anymore.

Running this from a command prompt:
net use * \\srvaddc.samdom.local\RootDisk

returns this error message (translated from localized one, so it could 
not be exactly the same in English):
-----
System error 8.
Insufficient memory to execute the command
-----

This is the samba log (level 4) of the client trying to connect with the 
NT_STATUS_NO_MEMORY error:
-----
[2018/07/05 13:48:12.411901,  3] 
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
   ldb_wrap open of secrets.ldb
[2018/07/05 13:48:12.423964,  3] 
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
   ldb_wrap open of privilege.ldb
[2018/07/05 13:48:12.480798,  3] 
../source3/smbd/password.c:144(register_homes_share)
   Adding homes service for user 'SAMDOM\myuser' using home directory: 
'/home/SAMDOM/myuser'
[2018/07/05 13:48:12.482416,  3] ../lib/util/access.c:365(allow_access)
   Allowed connection from 10.0.0.10 (10.0.0.10)
[2018/07/05 13:48:12.482509,  3] 
../source3/smbd/service.c:595(make_connection_snum)
   Connect path is '/tmp' for service [IPC$]
[2018/07/05 13:48:12.482581,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
   Initialising default vfs hooks
[2018/07/05 13:48:12.482619,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
   Initialising custom vfs hooks from [/[Default VFS]/]
[2018/07/05 13:48:12.482657,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
   Initialising custom vfs hooks from [acl_xattr]
[2018/07/05 13:48:12.482696,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
   Initialising custom vfs hooks from [dfs_samba4]
[2018/07/05 13:48:12.482738,  2] 
../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)
   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = 
true' and 'force unknown acl user = true' for service IPC$
[2018/07/05 13:48:12.485807,  3] 
../source3/smbd/service.c:841(make_connection_snum)
   10.0.0.10 (ipv4:10.0.0.10:50263) connect to service IPC$ initially as 
user SAMDOM\myuser (uid=3000071, gid=100) (pid 11670)
[2018/07/05 13:48:12.486968,  3] 
../source3/smbd/msdfs.c:1008(get_referred_path)
   get_referred_path: |RootDisk| in dfs path \srvaddc.samdom.it\RootDisk 
is not a dfs root.
[2018/07/05 13:48:12.487048,  3] 
../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309
[2018/07/05 13:48:12.489682,  3] ../lib/util/access.c:365(allow_access)
   Allowed connection from 10.0.0.10 (10.0.0.10)
[2018/07/05 13:48:12.489742,  3] 
../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
   string_to_sid: SID root is not in a valid format
[2018/07/05 13:48:12.491233,  3] 
../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
   string_to_sid: SID SAMDOM\myuser is not in a valid format
[2018/07/05 13:48:12.558201,  1] 
../source3/param/loadparm.c:2480(lp_idmap_range)
   idmap range not specified for domain '*'
[2018/07/05 13:48:12.577539,  1] 
../source3/auth/token_util.c:442(add_local_groups)
   SID S-1-5-21-299502267-616249376-1417001333-4174 -> getpwuid(3000002) 
failed
[2018/07/05 13:48:12.577678,  3] 
../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] 
status[NT_STATUS_NO_MEMORY] || at ../source3/smbd/smb2_tcon.c:135
[2018/07/05 13:48:14.672221,  2] ../source3/smbd/service.c:1120(close_cnum)
   10.0.0.10 (ipv4:10.0.0.10:50263) closed connection to service sysvol
-----

What shall I check?

More information about the samba mailing list