[Samba] samba crashes windows explorer (while trying to view file permissions)

Michael Tokarev mjt at tls.msk.ru
Sat Nov 19 11:36:32 UTC 2022


Hi!

I've created a new Samba-based AD DC, using samba-tool domain provision,
and joined a windows machine to it.  It works fairy well.

However, there's an interesting thing about it.

When trying to view the Permissions tab of a file in a random share
from within windows explorer (in the file properties dialog), the
explorer crashes.  It looks like it is trying to convert SIDs
returned by samba to a text form, - because first it shows the
numeric SIDs in the list for a brief moment, before crashing.
On another domain, this works, and I see it displays numeric SIDs
first and converts them into names (like UNIX group foo etc)
second.  On this newly created domain, it looks like this
conversion causes explorer to crash (and it crashes completely,
so that the "instance" which shows desktop is restarted too).

At the same time, samba logs shows this:

[2022/11/19 14:25:53.990119,  0] ../../source4/auth/unix_token.c:109(security_token_to_unix_token)
   Unable to convert second SID (S-1-5-21-540662649-332824406-1706519170-513) in user token to a GID.  Conversion was returned as type 0, full token:
[2022/11/19 14:25:53.990225,  0] ../../libcli/security/security_token.c:51(security_token_debug)
   Security token SIDs (10):
     SID[  0]: S-1-5-21-540662649-332824406-1706519170-1103
     SID[  1]: S-1-5-21-540662649-332824406-1706519170-513
     SID[  2]: S-1-5-21-540662649-332824406-1706519170-512
     SID[  3]: S-1-5-21-540662649-332824406-1706519170-572
     SID[  4]: S-1-1-0
     SID[  5]: S-1-5-2
     SID[  6]: S-1-5-11
     SID[  7]: S-1-5-32-545
     SID[  8]: S-1-5-32-544
     SID[  9]: S-1-5-32-554
    Privileges (0x        1FFFFF00):
     Privilege[  0]: SeTakeOwnershipPrivilege
     Privilege[  1]: SeBackupPrivilege
     Privilege[  2]: SeRestorePrivilege
     Privilege[  3]: SeRemoteShutdownPrivilege
     Privilege[  4]: SeSecurityPrivilege
     Privilege[  5]: SeSystemtimePrivilege
     Privilege[  6]: SeShutdownPrivilege
     Privilege[  7]: SeDebugPrivilege
     Privilege[  8]: SeSystemEnvironmentPrivilege
     Privilege[  9]: SeSystemProfilePrivilege
     Privilege[ 10]: SeProfileSingleProcessPrivilege
     Privilege[ 11]: SeIncreaseBasePriorityPrivilege
     Privilege[ 12]: SeLoadDriverPrivilege
     Privilege[ 13]: SeCreatePagefilePrivilege
     Privilege[ 14]: SeIncreaseQuotaPrivilege
     Privilege[ 15]: SeChangeNotifyPrivilege
     Privilege[ 16]: SeUndockPrivilege
     Privilege[ 17]: SeManageVolumePrivilege
     Privilege[ 18]: SeImpersonatePrivilege
     Privilege[ 19]: SeCreateGlobalPrivilege
     Privilege[ 20]: SeEnableDelegationPrivilege
    Rights (0x             403):
     Right[  0]: SeInteractiveLogonRight
     Right[  1]: SeNetworkLogonRight
     Right[  2]: SeRemoteInteractiveLogonRight


This is happening on the DC itself, there's no other
machines in this domain yet, - just the DC and a test
machine with Windows 10 LTSC (1809) joined to it.

I don't know where these SIDs are coming from (-512, -513, -572).

What to do next to debug and fix this?

Thanks,

/mjt



More information about the samba mailing list