[Samba] explorer.exe and mmc.exe crashes on security tab access
renaud.rolles+samba at giraudbtp.com
renaud.rolles+samba at giraudbtp.com
Fri Mar 23 15:33:29 UTC 2018
Hi the list,
I have updated to 4.8.0 after using 4.7.3
root at samba:~# /usr/local/samba/sbin/samba -V
Version 4.8.0
I compiled from source with the following options :
./configure --enable-debug --enable-selftest
Samba run apparently normaly, but when i try to edit permission via windows,
explorer.exe crashes
I dont get anything relevant from samba's log.
But I get an error from windows :
1 - When I try from explorer (right clic, properties, security tab)
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-03-23T13:14:20.295605000Z" />
<EventRecordID>17061</EventRecordID>
<Channel>Application</Channel>
<Computer>DESKTOP-xxxEUDC.OBFUSCATEDDOMAIN</Computer>
<Security />
</System>
- <EventData>
<Data>explorer.exe</Data>
<Data>10.0.16299.248</Data>
<Data>18ee648b</Data>
<Data>ntdll.dll</Data>
<Data>10.0.16299.248</Data>
<Data>effc9126</Data>
<Data>c0000374</Data>
<Data>00000000000f87bb</Data>
<Data>25d0</Data>
<Data>01d3c2a4fd11124c</Data>
<Data>C:\WINDOWS\explorer.exe</Data>
<Data>C:\WINDOWS\SYSTEM32\ntdll.dll</Data>
<Data>8ea5ec30-9ffd-42d4-ac6f-4f87b9d34dae</Data>
<Data />
<Data />
</EventData>
</Event>
2- With mmc.exe , i get 2 error the first one after connecting to the DC and
cliking on SystemTools is a localized error message saying :
Numéro de procédure hors de l'interval admis (1745)
This message raise an error :
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-DistributedCOM"
Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="0">10028</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2018-03-23T14:44:00.810939600Z" />
<EventRecordID>7352</EventRecordID>
<Correlation />
<Execution ProcessID="1000" ThreadID="7552" />
<Channel>System</Channel>
<Computer>DESKTOP-xxxEUDC.OBFUSCATEDDOMAIN </Computer>
<Security UserID="S-1-5-21-3281440387-2505246459-1686896579-1143" />
</System>
- <EventData>
<Data Name="param1">SAMBA</Data>
<Data Name="param2">2040</Data>
<Data Name="param3">C:\WINDOWS\system32\mmc.exe</Data>
<Data Name="param4">{03837521-098B-11D8-9414-505054503030}</Data>
<Binary>3C5265636F726423313A20436F6D70757465723D286E756C6C293B5069643D313030
303B332F32332F323031382031343A34343A303A3831303B5374617475733D313735333B4765
6E636F6D703D323B4465746C6F633D3530313B466C6167733D303B506172616D733D343B7B50
6172616D23303A6E6361636E5F69705F7463707D7B506172616D23313A53414D42417D7B5061
72616D23323A2D313731313437323935367D7B506172616D23333A3338323331323636327D3E
</Binary>
</EventData>
</Event>
Then right clic on on share and going to the security tab crashes mmc.exe
with the error
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2018-03-23T14:09:16.398231500Z" />
<EventRecordID>17073</EventRecordID>
<Channel>Application</Channel>
<Computer>DESKTOP-xxxEUDC.OBFUSCATEDDOMAIN </Computer>
<Security />
</System>
- <EventData>
<Data>mmc.exe</Data>
<Data>10.0.16299.248</Data>
<Data>06312878</Data>
<Data>ntdll.dll</Data>
<Data>10.0.16299.248</Data>
<Data>effc9126</Data>
<Data>c0000409</Data>
<Data>0000000000090d9f</Data>
<Data>19d0</Data>
<Data>01d3c2b05d0516aa</Data>
<Data>C:\WINDOWS\system32\mmc.exe</Data>
<Data>C:\WINDOWS\SYSTEM32\ntdll.dll</Data>
<Data>ccf7895e-f49e-44e7-aab7-633f6db2a69a</Data>
<Data />
<Data />
</EventData>
</Event>
But some share are fine, I can go in and modify permissions from windows.
Here is my running config :
root at samba:~# /usr/local/samba/bin/samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
cups server = 10.0.0.3
dns forwarder = 10.0.0.2
log level = 0
max log size = 5000
netbios name = SAMBA
realm = OBFUSCATEDDOMAIN
server role = active directory domain controller
server signing = required
workgroup = FUUBAR
full_audit:priority = notice
full_audit:facility = local5
full_audit:success = mkdir rmdir sendfile rename unlink chmod chown
symlink readlink link mknod write
full_audit:failure = connect
full_audit:prefix = %u|%I|%S
rpc_daemon:spoolssd = fork
rpc_server:spoolss = external
cups options = raw
hide files = /Thumbs.db/
veto files = /lost+found/
[netlogon]
path = /usr/local/samba/var/locks/sysvol/OBFUSCATEDDOMAIN/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[Partages]
path = /mnt/Partage
read only = No
vfs objects = full_audit
[Photos]
path = /mnt/Photos
read only = No
vfs objects = full_audit
[App1]
path = /mnt/App1
read only = No
[App2]
path = /mnt/App2
read only = No
[App3]
path = /mnt/App3
read only = No
vfs objects = full_audit
[Scan]
path = /mnt/Scan
read only = No
[Informatique]
path = /mnt/Informatique
read only = No
[printers]
browseable = No
comment = Toute les imprimantes
path = /usr/local/samba/var/spool
printable = Yes
read only = No
[print$]
comment = Point and Print Printer Drivers
path = /usr/local/samba/var/print
read only = No
I can change perm in [informatique] but not in [App3].
Here are the files acl and perm :
ls -lah /mnt/
total 68K
drwxr-xr-x 12 root root 4.0K Mar 19 12:57 .
drwxr-xr-x 21 root root 4.0K Mar 19 12:57 ..
drwxrwx---+ 5 root root 4.0K Mar 21 12:05 Informatique
drwx------ 12 500 513 4.0K Sep 16 2015 App1
drwxr-xr-x 3 root root 4.0K Jul 23 2014 Logiciels
drwxrwx---+ 4 root TLS\domain admins 4.0K Feb 28 16:57 App3
drwxr-xr-x 2 root root 4.0K Aug 2 2017 Mail
drwxrwxr-x+ 12 root root 4.0K Mar 16 14:55 Partage
drwxrwx--x+ 14 root 503 4.0K Feb 16 13:50 Photos
drwxrwx---+ 17 root root 4.0K Jan 9 09:36 Scan
drwxr-xr-x 3 root root 4.0K May 20 2014 App2
Tried to set group for Domain Admins instead of root in App3
Was previously root:root
getfacl /mnt/Informatique/
getfacl: Removing leading '/' from absolute path names
# file: mnt/Informatique/
# owner: root
# group: root
user::rwx
user:root:rwx
user:3000003:rwx
user:3000008:rwx
group::---
group:root:---
group:NT\040AUTHORITY\134authenticated\040users:rwx
group:TLS\134domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000003:rwx
default:user:3000008:rwx
default:group::---
default:group:root:---
default:group:NT\040AUTHORITY\134authenticated\040users:rwx
default:group:TLS\134domain\040admins:rwx
default:mask::rwx
default:other::---
getfacl /mnt/App3/
getfacl: Removing leading '/' from absolute path names
# file: mnt/App3/
# owner: root
# group: TLS\134domain\040admins
user::rwx
user:root:rwx
user:3000003:rwx
user:3000008:rwx
group::---
group:root:---
group:NT\040AUTHORITY\134authenticated\040users:rwx
group:TLS\134domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:3000003:rwx
default:user:3000008:rwx
default:group::---
default:group:root:---
default:group:NT\040AUTHORITY\134authenticated\040users:rwx
default:group:TLS\134domain\040admins:rwx
default:mask::rwx
default:other::---
root at samba:~# getfattr /mnt/Informatique/
root at samba:~# getfattr /mnt/App3/
Are both empty
Any hint, on what I have done and how to fix it ?
Thank You
Renaud ROLLES
More information about the samba
mailing list