[Samba] RODC in remote Site
cn at brain-biotech.de
cn at brain-biotech.de
Tue Feb 16 06:35:13 UTC 2021
Thanks Andrew for looking at this.
Am 15.02.21 um 21:42 schrieb Andrew Bartlett via samba:
>
> I would turn up the logs on the DC and see why it objects.
on the DC that is contacted I see this:
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16
06:45:45.904935, 1]
../../source3/smbd/service.c:355(create_connection_session_info)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]:
create_connection_session_info: guest user (from session setup) not
permitted to access this share (IPC$)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]: [2021/02/16
06:45:45.904978, 1] ../../source3/smbd/service.c:544(make_connection_snum)
Feb 16 06:45:45 dc4.hq.domain.de smbd[971474]:
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
GUEST Access??
And here with loglevel 5:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Allowed connection from
10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.143398, 5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144075, 3] ../../source3/smbd/oplock.c:1427(init_oplocks)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: init_oplocks:
initializing messages.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144103, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 774 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144117, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 778 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144141, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 770 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144158, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 801 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144187, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 787 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144213, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 779 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144236, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144255, 5] ../../source3/lib/messages.c:740(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Overriding messaging
pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144273, 5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Deregistering messaging
pointer for type 16 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144298, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 16 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144312, 5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Deregistering messaging
pointer for type 33 - private_data=0x55e1c3a5b150
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144326, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 33 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144339, 5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Deregistering messaging
pointer for type 790 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144355, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 790 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144369, 5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Deregistering messaging
pointer for type 791 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144382, 5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Deregistering messaging
pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.144395, 5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Registering messaging
pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164146, 3] ../../source3/smbd/process.c:1957(process_smb)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Transaction 0 of length
242 (0 toread)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164212, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164253, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164266, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164294, 5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: change_to_root_user:
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164321, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164336, 4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164347, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164357, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164367, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164409, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164431, 5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164684, 3]
../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Selected protocol SMB3_11
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164723, 5]
../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Making default auth
method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164738, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend anonymous
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164753, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'anonymous'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164764, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend sam
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164777, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'sam'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164790, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend sam_ignoredomain
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164801, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'sam_ignoredomain'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164816, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend sam_netlogon3
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164826, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'sam_netlogon3'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164837, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend winbind
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164849, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'winbind'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164860, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend unix
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164870, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'unix'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164882, 5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Attempting to register
auth backend samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164893, 5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully added auth
method 'samba4'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.164903, 5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: load_auth_module:
Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166002, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'gssapi_spnego' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166023, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166037, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'gssapi_krb5_sasl' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166049, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend 'spnego'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166063, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'schannel' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166073, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'naclrpc_as_system' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166084, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'sasl-EXTERNAL' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166095, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'ntlmssp' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166105, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'ntlmssp_resume_ccache' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166116, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'http_basic' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166129, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'http_ntlm' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166140, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'http_negotiate' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166151, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend 'krb5'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166162, 3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: GENSEC backend
'fake_gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166173, 5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: load_auth_module: auth
method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.166630, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: ldb_wrap open of
secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167003, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend 'sam'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167030, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend
'sam_ignoredomain' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167044, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend
'anonymous' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167055, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend 'winbind'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167066, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend
'name_to_ntstatus' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.167076, 3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: AUTH backend 'unix'
registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.168554, 5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Starting GENSEC
mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.168714, 5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Starting GENSEC
submechanism gssapi_krb5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170373, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170406, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170418, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170440, 5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: change_to_root_user:
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170463, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170537, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170567, 5]
../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Making default auth
method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170584, 5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: load_auth_module:
Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170600, 5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: load_auth_module: auth
method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.170997, 3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: ldb_wrap open of
secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172360, 5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Starting GENSEC
mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172388, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172410, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172424, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172436, 4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172447, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172458, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172468, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172544, 5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Starting GENSEC
submechanism ntlmssp
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172574, 3]
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Got NTLMSSP
neg_flags=0x62088215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172690, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172732, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172747, 4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172758, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172768, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172781, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.172804, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173628, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173683, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173725, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173737, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173750, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173771, 5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: change_to_root_user:
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173786, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173801, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173814, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173826, 4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173837, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173848, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173858, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173885, 3]
../../auth/ntlmssp/ntlmssp_server.c:513(ntlmssp_server_preauth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Got user=[] domain=[]
workstation=[] len1=0 len2=0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173898, 3]
../../source4/auth/ntlm/auth.c:243(auth_check_password_send)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
auth_check_password_send: Checking password for unmapped user []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
auth_check_password_send: user is: []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173923, 5] ../../source4/auth/ntlm/auth.c:70(auth_get_challenge)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_get_challenge:
returning previous challenge by module random (normal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173934, 5] ../../lib/util/util.c:722(dump_data)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [0000] A0 84 59 89 C9
C6 50 84 ..Y...P.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173957, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.173978, 5]
../../source4/auth/ntlm/auth.c:493(auth_check_password_recv)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
auth_check_password_recv: anonymous authentication for user [NT
AUTHORITY\ANONYMOUS LOGON] succeeded
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174003, 5]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Auth: [SMB2,NTLMSSP]
user []\[] at [Tue, 16 Feb 2021 06:48:32.173997 CET] with [No-Password]
status [NT_STATUS_OK] workstation [] remote host [ipv4:10.1.0.77:52026]
became [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7]. local host
[ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: {"timestamp":
"2021-02-16T06:48:32.174065+0100", "type": "Authentication",
"Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624,
"logonId": "0", "logonType": 3, "status": "NT_STATUS_OK",
"localAddress": "ipv4:192.168.0.106:445", "remoteAddress":
"ipv4:10.1.0.77:52026", "serviceDescription": "SMB2", "authDescription":
"NTLMSSP", "clientDomain": "", "clientAccount": "", "workstation": "",
"becameAccount": "ANONYMOUS LOGON", "becameDomain": "NT AUTHORITY",
"becameSid": "S-1-5-7", "mappedAccount": "", "mappedDomain": "",
"netlogonComputer": null, "netlogonTrustAccount": null,
"netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0,
"netlogonTrustAccountSid": null, "passwordType": "No-Password",
"duration": 2927}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174122, 3]
../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP Sign/Seal -
Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174136, 3]
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Got NTLMSSP
neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174181, 5]
../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP Sign/Seal -
using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174201, 3]
../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP Sign/Seal -
Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174213, 3]
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Got NTLMSSP
neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174254, 5]
../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP Sign/Seal -
using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174269, 4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_sec_ctx(0, 0) :
sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174281, 4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: push_conn_ctx(0) :
conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174291, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174301, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174311, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174334, 4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: pop_sec_ctx (0, 0) -
sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16
06:48:32.174475, 3]
../../source3/winbindd/winbindd_misc.c:432(winbindd_interface_version)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]:
winbindd_interface_version: [nss_winbind (971786)]: request interface
version (version = 31)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16
06:48:32.174555, 3]
../../source3/winbindd/winbindd_sids_to_xids.c:50(winbindd_sids_to_xids_send)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: sids_to_xids
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174608, 5]
../../source4/auth/unix_token.c:131(security_token_to_unix_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successfully converted
security token to a unix token:Security token SIDs (4):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: SID[ 0]: S-1-5-7
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: SID[ 1]: S-1-1-0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: SID[ 2]: S-1-5-2
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: SID[ 3]: S-1-5-64-10
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Privileges (0x
0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Rights (0x
0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174680, 5]
../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Successful AuthZ:
[SMB2,NTLMSSP] user [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7] at [Tue,
16 Feb 2021 06:48:32.174662 CET] Remote host [ipv4:10.1.0.77:52026]
local host [ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: {"timestamp":
"2021-02-16T06:48:32.174712+0100", "type": "Authorization",
"Authorization": {"version": {"major": 1, "minor": 1}, "localAddress":
"ipv4:192.168.0.106:445", "remoteAddress": "ipv4:10.1.0.77:52026",
"serviceDescription": "SMB2", "authType": "NTLMSSP", "domain": "NT
AUTHORITY", "account": "ANONYMOUS LOGON", "sid": "S-1-5-7", "sessionId":
"8ee53b36-dea5-4ac4-9b5c-15a6a3c58519", "logonServer": "DC4",
"transportProtection": "SMB", "accountFlags": "0x00000010"}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.174774, 5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.175034, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.175084, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.177955, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178000, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178016, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178030, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178041, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Primary group is 0 and
contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178061, 5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: change_to_root_user:
now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178089, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178128, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178150, 3] ../../lib/util/access.c:371(allow_access)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Allowed connection from
10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178164, 1]
../../source3/smbd/service.c:355(create_connection_session_info)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
create_connection_session_info: guest user (from session setup) not
permitted to access this share (IPC$)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178175, 1] ../../source3/smbd/service.c:544(make_connection_snum)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178192, 5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_lock:
check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178208, 5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
dbwrap_lock_order_unlock: release lock order 1 for
/var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.178221, 3]
../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_tcon.c:151
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.179379, 3]
../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NETWORK_NAME_DELETED] || at
../../source3/smbd/smb2_server.c:3147
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.180041, 4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: setting sec ctx (0, 0)
- sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.180067, 5]
../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16
06:48:32.180079, 5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: UNIX token of user 0
Anyone can make some sence out of this?
Regards
--
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development
B.R.A.I.N Aktiengesellschaft
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11
Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender),
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen
More information about the samba
mailing list