[Samba] Fwd: Migrating server
Rob Thoman
emailthomasrob at gmail.com
Thu Mar 8 11:35:26 UTC 2018
Hi Harry,
Here are the outputs. I've attached them as logs with this email too.
root at sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:/// -f
olcdbindex.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
root at sam3dc:/tmp/ldifs-gr# service slapd stop
* Stopping OpenLDAP slapd
[
OK ]
root at sam3dc:/tmp/ldifs-gr# slapindex -v -n 1
WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!
indexing id=00000001
indexing id=00000002
indexing id=00000003
indexing id=00000004
indexing id=00000005
indexing id=00000006
It goes on and completes the indexing
root at sam3dc:/tmp/ldifs-gr# service slapd start
* Starting OpenLDAP slapd
[
OK ]
net getdomainsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032
SID for domain mydomain is: S-1-5-21-3936576374-1604348213-1812465911
net getlocalsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032
getent passwd sadmin
sadmin:x:1359:1359::/home/sadmin:/bin/sh
getent passwd tadmin
tadmin:x:1262:1150:Temp Admin,,,:/home/tadmin:/bin/bash
root at sam3dc:/# getent group 512
root at sam3dc:/#
root at sam3dc:/# getent group 1359
sadmin:x:1359:
SYSLOG during the netdomainsid and getlocalsid
tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
slapd[4698]: conn=1015 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1015 op=12 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[4698]: conn=1015 op=12 SRCH attr=supportedExtension
slapd[4698]: conn=1015 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1015 op=13 EXT oid=1.3.6.1.4.1.4203.1.11.1
slapd[4698]: conn=1015 op=13 PASSMOD id="uid=sadmin,ou=users,dc=mydomain"
new
slapd[4698]: conn=1015 op=13 RESULT oid= err=0 text=
slapd[4698]: conn=1015 op=14 MOD dn="uid=sadmin,ou=users,dc=mydomain"
slapd[4698]: conn=1015 op=14 MOD attr=sambaPwdLastSet sambaPwdLastSet
slapd[4698]: conn=1015 op=14 RESULT tag=103 err=0 text=
slapd[4698]: conn=1016 fd=25 ACCEPT from IP=[::1]:39024 (IP=[::]:389)
slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" method=128
slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE
ssf=0
slapd[4698]: conn=1016 op=0 RESULT tag=97 err=0 text=
slapd[4698]: conn=1016 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
slapd[4698]: conn=1016 op=1 SRCH attr=supportedControl
slapd[4698]: conn=1016 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1016 op=2 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=mydomain))"
slapd[4698]: conn=1016 op=2 SRCH attr=sambaDomainName sambaNextRid
sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
slapd[4698]: conn=1016 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1016 fd=25 closed (connection lost)
/var/log/syslog during domain join (WIndows 7)
root at sam3dc:/# tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
slapd[4698]: conn=1024 fd=24 ACCEPT from IP=[::1]:39034 (IP=[::]:389)
slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" method=128
slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE
ssf=0
slapd[4698]: conn=1024 op=0 RESULT tag=97 err=0 text=
slapd[4698]: conn=1024 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*
)"
slapd[4698]: conn=1024 op=1 SRCH attr=supportedControl
slapd[4698]: conn=1024 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=2 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(uid=sadmin)(objectClass=sambaSamAccount))"
slapd[4698]: conn=1024 op=2 SRCH attr=uid uidNumber gidNumber
homeDirectory sam
baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScrip
t
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupS
ID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sa
mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory mo
difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
homeDirectory
loginShell gecos
slapd[4698]: conn=1024 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=3 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=3 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=4 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=4 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=5 SRCH
base="sambaDomainName=mydomain,dc=mydomain"
scope=0 deref=0 filter="(objectClass=sambaDomain)"
slapd[4698]: conn=1024 op=5 SRCH attr=sambaMaxPwdAge
slapd[4698]: conn=1024 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=6 SRCH
base="sambaDomainName=mydomain,dc=mydomain"
scope=0 deref=0 filter="(objectClass=sambaDomain)"
slapd[4698]: conn=1024 op=6 SRCH attr=sambaMinPwdAge
slapd[4698]: conn=1024 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=7 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
slapd[4698]: conn=1024 op=7 SRCH attr=gidNumber sambaSID
slapd[4698]: conn=1024 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=8 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(uid=sadmin)(objectClass=sambaSamAccount))"
slapd[4698]: conn=1024 op=8 SRCH attr=uid uidNumber gidNumber
homeDirectory sam
baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime
sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScrip
t
sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupS
ID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sa
mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory mo
difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
homeDirectory
loginShell gecos
slapd[4698]: conn=1024 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=9 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&
(gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=9 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=10 SRCH base="dc=mydomain" scope=2 deref=0
filter="(
&(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
slapd[4698]: conn=1024 op=10 SRCH attr=gidNumber sambaSID
slapd[4698]: conn=1024 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
On Thu, Mar 8, 2018 at 8:52 PM, Harry Jede <walk2sun at arcor.de> wrote:
> Hi Rob,
>
>
>
> > Joining the machine to the domain
>
> >
>
> > slapd[2332]: conn=1120 op=9 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(uid=sadmin)(objectClass=sambaSamAccount))" slapd[2332]:
>
> > conn=1120 op=9 SRCH attr=uid uidNumber gidNumber homeDirectory
>
> > sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
>
> > sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive
>
> > sambaHomePath sambaLogonScript sambaProfilePath description
>
> > sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
>
> > sambaNTPassword sambaDomainName objectClass sambaAcctFlags
>
> > sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
>
> > sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>
> > uidNumber gidNumber homeDirectory loginShell gecos slapd[2332]: <=
>
> > bdb_equality_candidates: (uid) not indexed slapd[2332]: conn=1120
>
> > op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= slapd[2332]:
>
> > conn=1120 op=10 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(gidNumber=1359)(objectClass=sambaGroupMapping))"
>
> > slapd[2332]: conn=1120 op=10 SRCH attr=sambaSID slapd[2332]: <=
>
> > bdb_equality_candidates: (gidNumber) not indexed slapd[2332]:
>
> > conn=1120 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
>
> > slapd[2332]: conn=1120 op=11 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)
>
> > ))" slapd[2332]: conn=1120 op=11 SRCH attr=gidNumber sambaSID
>
> > slapd[2332]: <= bdb_equality_candidates: (memberUid) not indexed
>
> > slapd[2332]: <= bdb_equality_candidates: (gidNumber) not indexed
>
> > slapd[2332]: conn=1120 op=11 SEARCH RESULT tag=101 err=0 nentries=1
>
> > text=
>
> This is *not* a join. It is just samba's try to verify that sadmin has the
> rights (aka are in the right groups) to join. And he failed!
>
>
>
> so post the output of
>
>
>
> getent passwd sadmin
>
> getent passwd hadmin
>
>
>
> getent group 512
>
> getent group 1359
>
>
>
> After verifying group membership samba evaluates the privileges. This is
> not seen here. We set them, when we have solved the group problem.
>
>
>
> > The two ways I can join a machine to teh domain is
>
> > - Change to TDBSAM
>
> > - Remove both the lines from smb.conf
>
> > ldapsam:editposix = yes ldapsam:trusted = yes
>
> >
>
> > The strange thing is that Win7 joins to the domain, reboots then gives
>
> > the domain trust failed message. Windows10 joins and works. That
>
> > might be an issue with the machine password
>
> >
>
> > My question is that are we loosing anything by not using the editposix
>
> > and trusted option. I understand that smbdlap is not supported but it
>
> > seems to work in my testing
>
> Once we have fixed the errors in your configuration and your data, I'm
> pretty sure that both, smbldap and sameditposix, will work. Then you must
> decide which route you will follow in the future.
>
>
>
> Be patient, their are other errors.
>
>
>
> PS
>
> your output of the slapd logs are hard to read. Would be much easier if
> you turn of the line wrapping in your mail composer.
>
>
>
> --
>
>
>
> Gruss
>
> Harry Jede
>
-------------- next part --------------
root at sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:/// -f olcdbindex.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"
root at sam3dc:/tmp/ldifs-gr# service slapd stop
* Stopping OpenLDAP slapd [ OK ]
root at sam3dc:/tmp/ldifs-gr# slapindex -v -n 1
WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!
indexing id=00000001
indexing id=00000002
indexing id=00000003
indexing id=00000004
indexing id=00000005
indexing id=00000006
It goes on and completes the indexing
root at sam3dc:/tmp/ldifs-gr# service slapd start
* Starting OpenLDAP slapd [ OK ]
net getdomainsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032
SID for domain mydomain is: S-1-5-21-3936576374-1604348213-1812465911
tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
[sudo] password for sadmin:
slapd[4698]: conn=1015 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1015 op=12 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
slapd[4698]: conn=1015 op=12 SRCH attr=supportedExtension
slapd[4698]: conn=1015 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1015 op=13 EXT oid=1.3.6.1.4.1.4203.1.11.1
slapd[4698]: conn=1015 op=13 PASSMOD id="uid=sadmin,ou=users,dc=mydomain" new
slapd[4698]: conn=1015 op=13 RESULT oid= err=0 text=
slapd[4698]: conn=1015 op=14 MOD dn="uid=sadmin,ou=users,dc=mydomain"
slapd[4698]: conn=1015 op=14 MOD attr=sambaPwdLastSet sambaPwdLastSet
slapd[4698]: conn=1015 op=14 RESULT tag=103 err=0 text=
slapd[4698]: conn=1016 fd=25 ACCEPT from IP=[::1]:39024 (IP=[::]:389)
slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" method=128
slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE ssf=0
slapd[4698]: conn=1016 op=0 RESULT tag=97 err=0 text=
slapd[4698]: conn=1016 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
slapd[4698]: conn=1016 op=1 SRCH attr=supportedControl
slapd[4698]: conn=1016 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1016 op=2 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=mydomain))"
slapd[4698]: conn=1016 op=2 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
slapd[4698]: conn=1016 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1016 fd=25 closed (connection lost)
getent passwd sadmin
sadmin:x:1359:1359::/home/sadmin:/bin/sh
getent passwd tadmin
tadmin:x:1262:1150:Temp Admin,,,:/home/tadmin:/bin/bash
root at sam3dc:/# getent group 512
root at sam3dc:/#
root at sam3dc:/# getent group 1359
sadmin:x:1359:
DOMAIN JOIN: SYSLOG
root at sam3dc:/# tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
slapd[4698]: conn=1024 fd=24 ACCEPT from IP=[::1]:39034 (IP=[::]:389)
slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" method=128
slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE ssf=0
slapd[4698]: conn=1024 op=0 RESULT tag=97 err=0 text=
slapd[4698]: conn=1024 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=* )"
slapd[4698]: conn=1024 op=1 SRCH attr=supportedControl
slapd[4698]: conn=1024 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=2 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (uid=sadmin)(objectClass=sambaSamAccount))"
slapd[4698]: conn=1024 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sam baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScrip t sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupS ID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sa mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory mo difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
slapd[4698]: conn=1024 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=3 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=3 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=4 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=4 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=5 SRCH base="sambaDomainName=mydomain,dc=mydomain" scope=0 deref=0 filter="(objectClass=sambaDomain)"
slapd[4698]: conn=1024 op=5 SRCH attr=sambaMaxPwdAge
slapd[4698]: conn=1024 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=6 SRCH base="sambaDomainName=mydomain,dc=mydomain" scope=0 deref=0 filter="(objectClass=sambaDomain)"
slapd[4698]: conn=1024 op=6 SRCH attr=sambaMinPwdAge
slapd[4698]: conn=1024 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=7 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
slapd[4698]: conn=1024 op=7 SRCH attr=gidNumber sambaSID
slapd[4698]: conn=1024 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=8 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (uid=sadmin)(objectClass=sambaSamAccount))"
slapd[4698]: conn=1024 op=8 SRCH attr=uid uidNumber gidNumber homeDirectory sam baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScrip t sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupS ID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sa mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory mo difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos
slapd[4698]: conn=1024 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[4698]: conn=1024 op=9 SRCH base="dc=mydomain" scope=2 deref=0 filter="(& (gidNumber=1359)(objectClass=sambaGroupMapping))"
slapd[4698]: conn=1024 op=9 SRCH attr=sambaSID
slapd[4698]: conn=1024 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
slapd[4698]: conn=1024 op=10 SRCH base="dc=mydomain" scope=2 deref=0 filter="( &(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
slapd[4698]: conn=1024 op=10 SRCH attr=gidNumber sambaSID
slapd[4698]: conn=1024 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=
DOMAIN JOIN SAMBA LOGS
root at sam3dc:/var/log/samba# cat log.ldap7-01
[2018/03/07 06:25:59.630907, 5] auth/auth_util.c:111(make_user_info_map)
Mapping user [mydomain]\[sadmin] from workstation [LDAP7-01]
[2018/03/07 06:25:59.630969, 5] auth/user_info.c:59(make_user_info)
attempting to make a user_info for sadmin (sadmin)
[2018/03/07 06:25:59.631010, 5] auth/user_info.c:70(make_user_info)
making strings for sadmin's user_info struct
[2018/03/07 06:25:59.631047, 5] auth/user_info.c:87(make_user_info)
making blobs for sadmin's user_info struct
[2018/03/07 06:25:59.631086, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [mydomain]\[sadmin]@[LDAP7-01] with the new password interface
[2018/03/07 06:25:59.631124, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [mydomain]\[sadmin]@[LDAP7-01]
[2018/03/07 06:25:59.631296, 2] lib/smbldap.c:1018(smbldap_open_connection)
smbldap_open_connection: connection opened
[2018/03/07 06:25:59.633188, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: sadmin
[2018/03/07 06:25:59.635084, 4] auth/check_samsec.c:183(sam_account_ok)
sam_account_ok: Checking SMB password for user sadmin
[2018/03/07 06:25:59.635143, 5] auth/check_samsec.c:165(logon_hours_ok)
logon_hours_ok: user sadmin allowed to logon at this time (Tue Mar 6 20:25:59 2018
)
[2018/03/07 06:25:59.636377, 1] auth/server_info.c:447(samu_to_SamInfo3)
Failed to get groups from sam account.
[2018/03/07 06:25:59.636447, 0] auth/check_samsec.c:492(check_sam_security)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2018/03/07 06:25:59.636504, 5] auth/auth.c:271(check_ntlm_password)
check_ntlm_password: sam authentication for user [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:25:59.636549, 3] auth/auth_winbind.c:60(check_winbind_security)
check_winbind_security: Not using winbind, requested domain [mydomain] was for this SAM.
[2018/03/07 06:25:59.636586, 2] auth/auth.c:319(check_ntlm_password)
check_ntlm_password: Authentication for user [sadmin] -> [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:00.004182, 2] smbd/sesssetup.c:1291(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2018/03/07 06:26:00.004329, 5] auth/auth.c:489(make_auth_context_subsystem)
Making default auth method list for DC, security=user, encrypt passwords = yes
[2018/03/07 06:26:00.004377, 5] auth/auth.c:385(load_auth_module)
load_auth_module: Attempting to find an auth method to match guest
[2018/03/07 06:26:00.004416, 5] auth/auth.c:410(load_auth_module)
load_auth_module: auth method guest has a valid init
[2018/03/07 06:26:00.004453, 5] auth/auth.c:385(load_auth_module)
load_auth_module: Attempting to find an auth method to match sam
[2018/03/07 06:26:00.004491, 5] auth/auth.c:410(load_auth_module)
load_auth_module: auth method sam has a valid init
[2018/03/07 06:26:00.004527, 5] auth/auth.c:385(load_auth_module)
load_auth_module: Attempting to find an auth method to match winbind:trustdomain
[2018/03/07 06:26:00.004564, 5] auth/auth.c:385(load_auth_module)
load_auth_module: Attempting to find an auth method to match trustdomain
[2018/03/07 06:26:00.004601, 5] auth/auth.c:410(load_auth_module)
load_auth_module: auth method trustdomain has a valid init
[2018/03/07 06:26:00.004637, 5] auth/auth.c:410(load_auth_module)
load_auth_module: auth method winbind has a valid init
[2018/03/07 06:26:00.004678, 5] auth/auth.c:99(get_ntlm_challenge)
auth_get_challenge: module guest did not want to specify a challenge
[2018/03/07 06:26:00.004716, 5] auth/auth.c:99(get_ntlm_challenge)
auth_get_challenge: module sam did not want to specify a challenge
[2018/03/07 06:26:00.004752, 5] auth/auth.c:99(get_ntlm_challenge)
auth_get_challenge: module winbind did not want to specify a challenge
[2018/03/07 06:26:00.004795, 5] auth/auth.c:134(get_ntlm_challenge)
auth_context challenge created by random
[2018/03/07 06:26:00.004846, 5] auth/auth.c:135(get_ntlm_challenge)
challenge is:
[2018/03/07 06:26:00.005231, 2] smbd/sesssetup.c:1291(setup_new_vc_session)
setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2018/03/07 06:26:00.005340, 5] auth/auth_util.c:111(make_user_info_map)
Mapping user [mydomain]\[sadmin] from workstation [LDAP7-01]
[2018/03/07 06:26:00.005386, 5] auth/user_info.c:59(make_user_info)
attempting to make a user_info for sadmin (sadmin)
[2018/03/07 06:26:00.005426, 5] auth/user_info.c:70(make_user_info)
making strings for sadmin's user_info struct
[2018/03/07 06:26:00.005463, 5] auth/user_info.c:87(make_user_info)
making blobs for sadmin's user_info struct
[2018/03/07 06:26:00.005501, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [mydomain]\[sadmin]@[LDAP7-01] with the new password interface
[2018/03/07 06:26:00.005540, 3] auth/auth.c:222(check_ntlm_password)
check_ntlm_password: mapped user is: [mydomain]\[sadmin]@[LDAP7-01]
[2018/03/07 06:26:00.006595, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: sadmin
[2018/03/07 06:26:00.007471, 4] auth/check_samsec.c:183(sam_account_ok)
sam_account_ok: Checking SMB password for user sadmin
[2018/03/07 06:26:00.007529, 5] auth/check_samsec.c:165(logon_hours_ok)
logon_hours_ok: user sadmin allowed to logon at this time (Tue Mar 6 20:26:00 2018
)
[2018/03/07 06:26:00.008194, 1] auth/server_info.c:447(samu_to_SamInfo3)
Failed to get groups from sam account.
[2018/03/07 06:26:00.008273, 0] auth/check_samsec.c:492(check_sam_security)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2018/03/07 06:26:00.008322, 5] auth/auth.c:271(check_ntlm_password)
check_ntlm_password: sam authentication for user [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:00.008365, 3] auth/auth_winbind.c:60(check_winbind_security)
check_winbind_security: Not using winbind, requested domain [mydomain] was for this SAM.
[2018/03/07 06:26:00.008403, 2] auth/auth.c:319(check_ntlm_password)
check_ntlm_password: Authentication for user [sadmin] -> [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:11.922227, 1] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client 192.168.17.196 read error = NT_STATUS_CONNECTION_RESET.
More information about the samba
mailing list