[Samba] can login to new dc
basti
mailinglist at unix-solution.de
Thu Aug 3 11:03:40 UTC 2023
Hello,
i have install a new DC on debian bookworm (samba 4.17.9+dfsg-0+deb12u3)
all seems to work fine but I cant list shares.
root at dc1:/var/log/samba# wbinfo -u
NET\administrator
NET\guest
NET\krbtgt
NET\dns-dc1
root at dc1:/var/log/samba# wbinfo --ping-dc
checking the NETLOGON for domain[NET] dc connection to
"dc1.net.example.com" succeeded
root at dc1:/var/log/samba#
root at dc1:/var/log/samba# net getdomainsid
SID for domain NET is: S-1-5-21-3026428385-3353875275-5460633
root at dc1:/var/log/samba#
root at dc1:/var/log/samba# smbclient -L localhost -U%
session setup failed: NT_STATUS_INVALID_SID
root at dc1:/var/log/samba#
root at dc1:/var/log/samba# smbclient //localhost/netlogon -UAdministrator
-c 'ls'
Password for [NET\Administrator]:
session setup failed: NT_STATUS_INVALID_SID
root at dc1:/var/log/samba#
I the logs I can see:
[2023/08/03 12:59:41.215865, 0]
../../source4/auth/unix_token.c:123(security_token_to_unix_token)
Unable to convert SID (S-1-5-64-10) at index 3 in user token to a
GID. Conversion was returned as type 0, full token:
[2023/08/03 12:59:41.215907, 0]
../../libcli/security/security_token.c:51(security_token_debug)
Security token SIDs (4):
SID[ 0]: S-1-5-7
SID[ 1]: S-1-1-0
SID[ 2]: S-1-5-2
SID[ 3]: S-1-5-64-10
Privileges (0x 0):
Rights (0x 0):
[2023/08/03 13:00:39.684728, 0]
../../source4/auth/unix_token.c:95(security_token_to_unix_token)
or
[2023/08/03 13:00:39.684728, 0]
../../source4/auth/unix_token.c:95(security_token_to_unix_token)
Unable to convert first SID
(S-1-5-21-3026428385-3353875275-5460633-500) in user token to a UID.
Conversion was returned as type 0, full token:
[2023/08/03 13:00:39.684765, 0]
../../libcli/security/security_token.c:51(security_token_debug)
Security token SIDs (14):
SID[ 0]: S-1-5-21-3026428385-3353875275-5460633-500
SID[ 1]: S-1-5-21-3026428385-3353875275-5460633-513
SID[ 2]: S-1-5-21-3026428385-3353875275-5460633-512
SID[ 3]: S-1-5-21-3026428385-3353875275-5460633-572
SID[ 4]: S-1-5-21-3026428385-3353875275-5460633-518
SID[ 5]: S-1-5-21-3026428385-3353875275-5460633-519
SID[ 6]: S-1-5-21-3026428385-3353875275-5460633-520
SID[ 7]: S-1-1-0
SID[ 8]: S-1-5-2
SID[ 9]: S-1-5-11
SID[ 10]: S-1-5-64-10
SID[ 11]: S-1-5-32-544
SID[ 12]: S-1-5-32-545
SID[ 13]: S-1-5-32-554
Privileges (0x 1FFFFF00):
Privilege[ 0]: SeTakeOwnershipPrivilege
Privilege[ 1]: SeBackupPrivilege
Privilege[ 2]: SeRestorePrivilege
Privilege[ 3]: SeRemoteShutdownPrivilege
Privilege[ 4]: SeSecurityPrivilege
Privilege[ 5]: SeSystemtimePrivilege
Privilege[ 6]: SeShutdownPrivilege
Privilege[ 7]: SeDebugPrivilege
Privilege[ 8]: SeSystemEnvironmentPrivilege
Privilege[ 9]: SeSystemProfilePrivilege
Privilege[ 10]: SeProfileSingleProcessPrivilege
Privilege[ 11]: SeIncreaseBasePriorityPrivilege
Privilege[ 12]: SeLoadDriverPrivilege
Privilege[ 13]: SeCreatePagefilePrivilege
Privilege[ 14]: SeIncreaseQuotaPrivilege
Privilege[ 15]: SeChangeNotifyPrivilege
Privilege[ 16]: SeUndockPrivilege
Privilege[ 17]: SeManageVolumePrivilege
Privilege[ 18]: SeImpersonatePrivilege
Privilege[ 19]: SeCreateGlobalPrivilege
Privilege[ 20]: SeEnableDelegationPrivilege
Rights (0x 403):
Right[ 0]: SeInteractiveLogonRight
Right[ 1]: SeNetworkLogonRight
Right[ 2]: SeRemoteInteractiveLogonRight
More information about the samba
mailing list