[Samba] samba crashes windows explorer (while trying to view file permissions)
Michael Tokarev
mjt at tls.msk.ru
Sat Nov 19 11:36:32 UTC 2022
Hi!
I've created a new Samba-based AD DC, using samba-tool domain provision,
and joined a windows machine to it. It works fairy well.
However, there's an interesting thing about it.
When trying to view the Permissions tab of a file in a random share
from within windows explorer (in the file properties dialog), the
explorer crashes. It looks like it is trying to convert SIDs
returned by samba to a text form, - because first it shows the
numeric SIDs in the list for a brief moment, before crashing.
On another domain, this works, and I see it displays numeric SIDs
first and converts them into names (like UNIX group foo etc)
second. On this newly created domain, it looks like this
conversion causes explorer to crash (and it crashes completely,
so that the "instance" which shows desktop is restarted too).
At the same time, samba logs shows this:
[2022/11/19 14:25:53.990119, 0] ../../source4/auth/unix_token.c:109(security_token_to_unix_token)
Unable to convert second SID (S-1-5-21-540662649-332824406-1706519170-513) in user token to a GID. Conversion was returned as type 0, full token:
[2022/11/19 14:25:53.990225, 0] ../../libcli/security/security_token.c:51(security_token_debug)
Security token SIDs (10):
SID[ 0]: S-1-5-21-540662649-332824406-1706519170-1103
SID[ 1]: S-1-5-21-540662649-332824406-1706519170-513
SID[ 2]: S-1-5-21-540662649-332824406-1706519170-512
SID[ 3]: S-1-5-21-540662649-332824406-1706519170-572
SID[ 4]: S-1-1-0
SID[ 5]: S-1-5-2
SID[ 6]: S-1-5-11
SID[ 7]: S-1-5-32-545
SID[ 8]: S-1-5-32-544
SID[ 9]: S-1-5-32-554
Privileges (0x 1FFFFF00):
Privilege[ 0]: SeTakeOwnershipPrivilege
Privilege[ 1]: SeBackupPrivilege
Privilege[ 2]: SeRestorePrivilege
Privilege[ 3]: SeRemoteShutdownPrivilege
Privilege[ 4]: SeSecurityPrivilege
Privilege[ 5]: SeSystemtimePrivilege
Privilege[ 6]: SeShutdownPrivilege
Privilege[ 7]: SeDebugPrivilege
Privilege[ 8]: SeSystemEnvironmentPrivilege
Privilege[ 9]: SeSystemProfilePrivilege
Privilege[ 10]: SeProfileSingleProcessPrivilege
Privilege[ 11]: SeIncreaseBasePriorityPrivilege
Privilege[ 12]: SeLoadDriverPrivilege
Privilege[ 13]: SeCreatePagefilePrivilege
Privilege[ 14]: SeIncreaseQuotaPrivilege
Privilege[ 15]: SeChangeNotifyPrivilege
Privilege[ 16]: SeUndockPrivilege
Privilege[ 17]: SeManageVolumePrivilege
Privilege[ 18]: SeImpersonatePrivilege
Privilege[ 19]: SeCreateGlobalPrivilege
Privilege[ 20]: SeEnableDelegationPrivilege
Rights (0x 403):
Right[ 0]: SeInteractiveLogonRight
Right[ 1]: SeNetworkLogonRight
Right[ 2]: SeRemoteInteractiveLogonRight
This is happening on the DC itself, there's no other
machines in this domain yet, - just the DC and a test
machine with Windows 10 LTSC (1809) joined to it.
I don't know where these SIDs are coming from (-512, -513, -572).
What to do next to debug and fix this?
Thanks,
/mjt
More information about the samba
mailing list