[Samba] RSAT Hang

Gregory Sloop gregs at sloop.net
Tue May 22 00:15:21 UTC 2018


See Inline

LPHvBvs> Hi Gregory, 

LPHvBvs> On the questions.
>> Is there a good reason to avoid Samba internal DNS?
LPHvBvs> No, imo not, but i only use bind9_dlz because i need bind in my lan for other setups also.

LPHvBvs> I just used my RSAT on my win7 64b, but at my point it works fine. 

LPHvBvs> I do have questions to get a better impression of the setup. 
LPHvBvs> Whats the os your using with RSAT and did u use
LPHvBvs> DOM\Administrator or an other account? 
LPHvBvs> Check if Adminsitrator has id 0. (root)

W7P, on a station not joined to the domain. But using this kind of launch.
runas /netonly /user:someco-adc1\administrator "mmc /server=someco-adc1.ad.sncc.local."
[The names are defined in the hosts file, on the W7 box.]

LPHvBvs> Is there anything showing up in the windows event logs? 

No.

LPHvBvs> Are the SePrivileges checked if the needed groups/users exists? 
LPHvBvs> I use this script to check this, it shows the seprivileges. 
LPHvBvs> https://raw.githubusercontent.com/thctlo/samba4/master/samba-check-SePrivileges.sh

-SNIPPED YOURS- 
[But mine don't appear to have "NTDOM\Domain Admins" - which seems odd.]

SeMachineAccountPrivilege:
SeTakeOwnershipPrivilege:
  BUILTIN\Administrators
SeBackupPrivilege:
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeRestorePrivilege:
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeRemoteShutdownPrivilege:
  BUILTIN\Administrators
  BUILTIN\Server Operators
SePrintOperatorPrivilege:
SeAddUsersPrivilege:
SeDiskOperatorPrivilege:
SeSecurityPrivilege:
  BUILTIN\Administrators
SeSystemtimePrivilege:
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeShutdownPrivilege:
  BUILTIN\Print Operators
  BUILTIN\Backup Operators
  BUILTIN\Administrators
  BUILTIN\Server Operators
SeDebugPrivilege:
  BUILTIN\Administrators
SeSystemEnvironmentPrivilege:
  BUILTIN\Administrators
SeSystemProfilePrivilege:
  BUILTIN\Administrators
SeProfileSingleProcessPrivilege:
  BUILTIN\Administrators
SeIncreaseBasePriorityPrivilege:
  BUILTIN\Administrators
SeLoadDriverPrivilege:
  BUILTIN\Print Operators
  BUILTIN\Administrators
SeCreatePagefilePrivilege:
  BUILTIN\Administrators
SeIncreaseQuotaPrivilege:
  BUILTIN\Administrators
SeChangeNotifyPrivilege:
  BUILTIN\Administrators
  BUILTIN\Pre-Windows 2000 Compatible Access
SeUndockPrivilege:
  BUILTIN\Administrators
SeManageVolumePrivilege:
  BUILTIN\Administrators
SeImpersonatePrivilege:
  BUILTIN\Administrators
SeCreateGlobalPrivilege:
  BUILTIN\Administrators
SeEnableDelegationPrivilege:
  BUILTIN\Administrators


LPHvBvs> Have you setup samba with a higher debug level also, that
LPHvBvs> might show whats missing/going wrong. 
Samba logs, [log level = 2]
Opening a user/computer properties gives these log lines:

[2018/05/21 17:05:15.278252,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_wait_done: call->wait_recv() - NT_STATUS_LOCAL_DISCONNECT]
[2018/05/21 17:05:15.283207,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27541 () exited with status 0
[2018/05/21 17:05:15.327654,  0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
  NTLMSSP NTLM2 packet check failed due to invalid signature!
[2018/05/21 17:05:15.328495,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_IO_DEVICE_ERROR]
[2018/05/21 17:05:15.333242,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27553 () exited with status 0

[Multiple times]

Then when I open the security tab, and force close after the hang of the MMC, I get this.

[2018/05/21 17:05:36.549449,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
[2018/05/21 17:05:36.549762,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
[2018/05/21 17:05:36.549967,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
[2018/05/21 17:05:36.550139,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
[2018/05/21 17:05:36.565558,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27531 () exited with status 0
[2018/05/21 17:05:36.565742,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27524 () exited with status 0
[2018/05/21 17:05:36.565877,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27561 () exited with status 0
[2018/05/21 17:05:36.566021,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 27552 () exited with status 0

Not sure if any of that is helpful, but lets see. I'll keep digging too.

-Greg


More information about the samba mailing list