[Samba] can login to new dc
Christian Naumer
christian.naumer at greyfish.net
Thu Aug 3 11:43:58 UTC 2023
Have you tried:
min domain uid = 0
in smb.conf?
On 03.08.23 13:03, basti via samba wrote:
> Hello,
> i have install a new DC on debian bookworm (samba 4.17.9+dfsg-0+deb12u3)
> all seems to work fine but I cant list shares.
>
>
> root at dc1:/var/log/samba# wbinfo -u
> NET\administrator
> NET\guest
> NET\krbtgt
> NET\dns-dc1
>
> root at dc1:/var/log/samba# wbinfo --ping-dc
> checking the NETLOGON for domain[NET] dc connection to
> "dc1.net.example.com" succeeded
> root at dc1:/var/log/samba#
>
> root at dc1:/var/log/samba# net getdomainsid
> SID for domain NET is: S-1-5-21-3026428385-3353875275-5460633
> root at dc1:/var/log/samba#
>
>
> root at dc1:/var/log/samba# smbclient -L localhost -U%
> session setup failed: NT_STATUS_INVALID_SID
> root at dc1:/var/log/samba#
>
> root at dc1:/var/log/samba# smbclient //localhost/netlogon -UAdministrator
> -c 'ls'
> Password for [NET\Administrator]:
> session setup failed: NT_STATUS_INVALID_SID
> root at dc1:/var/log/samba#
>
>
> I the logs I can see:
>
> [2023/08/03 12:59:41.215865, 0]
> ../../source4/auth/unix_token.c:123(security_token_to_unix_token)
> Unable to convert SID (S-1-5-64-10) at index 3 in user token to a
> GID. Conversion was returned as type 0, full token:
> [2023/08/03 12:59:41.215907, 0]
> ../../libcli/security/security_token.c:51(security_token_debug)
> Security token SIDs (4):
> SID[ 0]: S-1-5-7
> SID[ 1]: S-1-1-0
> SID[ 2]: S-1-5-2
> SID[ 3]: S-1-5-64-10
> Privileges (0x 0):
> Rights (0x 0):
> [2023/08/03 13:00:39.684728, 0]
> ../../source4/auth/unix_token.c:95(security_token_to_unix_token)
>
> or
>
> [2023/08/03 13:00:39.684728, 0]
> ../../source4/auth/unix_token.c:95(security_token_to_unix_token)
> Unable to convert first SID
> (S-1-5-21-3026428385-3353875275-5460633-500) in user token to a UID.
> Conversion was returned as type 0, full token:
> [2023/08/03 13:00:39.684765, 0]
> ../../libcli/security/security_token.c:51(security_token_debug)
> Security token SIDs (14):
> SID[ 0]: S-1-5-21-3026428385-3353875275-5460633-500
> SID[ 1]: S-1-5-21-3026428385-3353875275-5460633-513
> SID[ 2]: S-1-5-21-3026428385-3353875275-5460633-512
> SID[ 3]: S-1-5-21-3026428385-3353875275-5460633-572
> SID[ 4]: S-1-5-21-3026428385-3353875275-5460633-518
> SID[ 5]: S-1-5-21-3026428385-3353875275-5460633-519
> SID[ 6]: S-1-5-21-3026428385-3353875275-5460633-520
> SID[ 7]: S-1-1-0
> SID[ 8]: S-1-5-2
> SID[ 9]: S-1-5-11
> SID[ 10]: S-1-5-64-10
> SID[ 11]: S-1-5-32-544
> SID[ 12]: S-1-5-32-545
> SID[ 13]: S-1-5-32-554
> Privileges (0x 1FFFFF00):
> Privilege[ 0]: SeTakeOwnershipPrivilege
> Privilege[ 1]: SeBackupPrivilege
> Privilege[ 2]: SeRestorePrivilege
> Privilege[ 3]: SeRemoteShutdownPrivilege
> Privilege[ 4]: SeSecurityPrivilege
> Privilege[ 5]: SeSystemtimePrivilege
> Privilege[ 6]: SeShutdownPrivilege
> Privilege[ 7]: SeDebugPrivilege
> Privilege[ 8]: SeSystemEnvironmentPrivilege
> Privilege[ 9]: SeSystemProfilePrivilege
> Privilege[ 10]: SeProfileSingleProcessPrivilege
> Privilege[ 11]: SeIncreaseBasePriorityPrivilege
> Privilege[ 12]: SeLoadDriverPrivilege
> Privilege[ 13]: SeCreatePagefilePrivilege
> Privilege[ 14]: SeIncreaseQuotaPrivilege
> Privilege[ 15]: SeChangeNotifyPrivilege
> Privilege[ 16]: SeUndockPrivilege
> Privilege[ 17]: SeManageVolumePrivilege
> Privilege[ 18]: SeImpersonatePrivilege
> Privilege[ 19]: SeCreateGlobalPrivilege
> Privilege[ 20]: SeEnableDelegationPrivilege
> Rights (0x 403):
> Right[ 0]: SeInteractiveLogonRight
> Right[ 1]: SeNetworkLogonRight
> Right[ 2]: SeRemoteInteractiveLogonRight
>
>
>
>
More information about the samba
mailing list