Web lists-archives.com

Re: [Samba] Fwd: Migrating server




Hi Harry,


Here are the outputs. I've attached them as logs with this email too.

root@sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:///  -f
olcdbindex.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"


root@sam3dc:/tmp/ldifs-gr# service slapd stop
 * Stopping OpenLDAP slapd
                                                                          [
OK ]
root@sam3dc:/tmp/ldifs-gr# slapindex -v -n 1

WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!

indexing id=00000001
indexing id=00000002
indexing id=00000003
indexing id=00000004
indexing id=00000005
indexing id=00000006
It goes on and completes the indexing



root@sam3dc:/tmp/ldifs-gr# service slapd start
 * Starting OpenLDAP slapd
                                                                          [
OK ]


net getdomainsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032
SID for domain mydomain is: S-1-5-21-3936576374-1604348213-1812465911

net getlocalsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032


getent passwd sadmin
sadmin:x:1359:1359::/home/sadmin:/bin/sh

getent passwd tadmin
tadmin:x:1262:1150:Temp Admin,,,:/home/tadmin:/bin/bash

root@sam3dc:/# getent group 512
root@sam3dc:/#
root@sam3dc:/# getent group 1359
sadmin:x:1359:

SYSLOG during the netdomainsid and getlocalsid

tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
 slapd[4698]: conn=1015 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1015 op=12 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
 slapd[4698]: conn=1015 op=12 SRCH attr=supportedExtension
 slapd[4698]: conn=1015 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1015 op=13 EXT oid=1.3.6.1.4.1.4203.1.11.1
 slapd[4698]: conn=1015 op=13 PASSMOD id="uid=sadmin,ou=users,dc=mydomain"
new
 slapd[4698]: conn=1015 op=13 RESULT oid= err=0 text=
 slapd[4698]: conn=1015 op=14 MOD dn="uid=sadmin,ou=users,dc=mydomain"
 slapd[4698]: conn=1015 op=14 MOD attr=sambaPwdLastSet sambaPwdLastSet
 slapd[4698]: conn=1015 op=14 RESULT tag=103 err=0 text=
 slapd[4698]: conn=1016 fd=25 ACCEPT from IP=[::1]:39024 (IP=[::]:389)
 slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" method=128
 slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE
ssf=0
 slapd[4698]: conn=1016 op=0 RESULT tag=97 err=0 text=
 slapd[4698]: conn=1016 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
 slapd[4698]: conn=1016 op=1 SRCH attr=supportedControl
 slapd[4698]: conn=1016 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1016 op=2 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&(objectClass=sambaDomain)(sambaDomainName=mydomain))"
 slapd[4698]: conn=1016 op=2 SRCH attr=sambaDomainName sambaNextRid
sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase
objectClass
 slapd[4698]: conn=1016 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1016 fd=25 closed (connection lost)

/var/log/syslog during domain join (WIndows 7)

root@sam3dc:/# tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
 slapd[4698]: conn=1024 fd=24 ACCEPT from IP=[::1]:39034 (IP=[::]:389)
 slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" method=128
 slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE
ssf=0
 slapd[4698]: conn=1024 op=0 RESULT tag=97 err=0 text=
 slapd[4698]: conn=1024 op=1 SRCH base="" scope=0 deref=0
filter="(objectClass=*


)"
 slapd[4698]: conn=1024 op=1 SRCH attr=supportedControl
 slapd[4698]: conn=1024 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=2 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(uid=sadmin)(objectClass=sambaSamAccount))"
 slapd[4698]: conn=1024 op=2 SRCH attr=uid uidNumber gidNumber
homeDirectory sam


baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime


sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScrip
                 t

sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupS
                   ID

sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sa


mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory mo


difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
homeDirectory


loginShell gecos
 slapd[4698]: conn=1024 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=3 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=3 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=4 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=4 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=5 SRCH
base="sambaDomainName=mydomain,dc=mydomain"


scope=0 deref=0 filter="(objectClass=sambaDomain)"
 slapd[4698]: conn=1024 op=5 SRCH attr=sambaMaxPwdAge
 slapd[4698]: conn=1024 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=6 SRCH
base="sambaDomainName=mydomain,dc=mydomain"


scope=0 deref=0 filter="(objectClass=sambaDomain)"
 slapd[4698]: conn=1024 op=6 SRCH attr=sambaMinPwdAge
 slapd[4698]: conn=1024 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=7 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
 slapd[4698]: conn=1024 op=7 SRCH attr=gidNumber sambaSID
 slapd[4698]: conn=1024 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=8 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(uid=sadmin)(objectClass=sambaSamAccount))"
 slapd[4698]: conn=1024 op=8 SRCH attr=uid uidNumber gidNumber
homeDirectory sam


baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
sambaLogoffTime


sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath
sambaLogonScrip
                 t

sambaProfilePath description sambaUserWorkstations sambaSID
sambaPrimaryGroupS
                   ID

sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sa


mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory mo


difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber
homeDirectory


loginShell gecos
 slapd[4698]: conn=1024 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=9 SRCH base="dc=mydomain" scope=2 deref=0
filter="(&


(gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=9 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=10 SRCH base="dc=mydomain" scope=2 deref=0
filter="(


&(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
 slapd[4698]: conn=1024 op=10 SRCH attr=gidNumber sambaSID
 slapd[4698]: conn=1024 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=






On Thu, Mar 8, 2018 at 8:52 PM, Harry Jede <walk2sun@xxxxxxxx> wrote:

> Hi Rob,
>
>
>
> > Joining the machine to the domain
>
> >
>
> > slapd[2332]: conn=1120 op=9 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(uid=sadmin)(objectClass=sambaSamAccount))" slapd[2332]:
>
> > conn=1120 op=9 SRCH attr=uid uidNumber gidNumber homeDirectory
>
> > sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime
>
> > sambaLogoffTime sambaKickoffTime cn sn displayName sambaHomeDrive
>
> > sambaHomePath sambaLogonScript sambaProfilePath description
>
> > sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
>
> > sambaNTPassword sambaDomainName objectClass sambaAcctFlags
>
> > sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
>
> > sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
>
> > uidNumber gidNumber homeDirectory loginShell gecos slapd[2332]: <=
>
> > bdb_equality_candidates: (uid) not indexed slapd[2332]: conn=1120
>
> > op=9 SEARCH RESULT tag=101 err=0 nentries=1 text= slapd[2332]:
>
> > conn=1120 op=10 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(gidNumber=1359)(objectClass=sambaGroupMapping))"
>
> > slapd[2332]: conn=1120 op=10 SRCH attr=sambaSID slapd[2332]: <=
>
> > bdb_equality_candidates: (gidNumber) not indexed slapd[2332]:
>
> > conn=1120 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text=
>
> > slapd[2332]: conn=1120 op=11 SRCH base="dc=mydomain" scope=2 deref=0
>
> > filter="(&(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)
>
> > ))" slapd[2332]: conn=1120 op=11 SRCH attr=gidNumber sambaSID
>
> > slapd[2332]: <= bdb_equality_candidates: (memberUid) not indexed
>
> > slapd[2332]: <= bdb_equality_candidates: (gidNumber) not indexed
>
> > slapd[2332]: conn=1120 op=11 SEARCH RESULT tag=101 err=0 nentries=1
>
> > text=
>
> This is *not* a join. It is just samba's try to verify that sadmin has the
> rights (aka are in the right groups) to join. And he failed!
>
>
>
> so post the output of
>
>
>
> getent passwd sadmin
>
> getent passwd hadmin
>
>
>
> getent group 512
>
> getent group 1359
>
>
>
> After verifying group membership samba evaluates the privileges. This is
> not seen here. We set them, when we have solved the group problem.
>
>
>
> > The two ways I can join a machine to teh domain is
>
> > - Change to TDBSAM
>
> > - Remove both the lines from smb.conf
>
> > ldapsam:editposix = yes ldapsam:trusted = yes
>
> >
>
> > The strange thing is that Win7 joins to the domain, reboots then gives
>
> > the domain trust failed message. Windows10 joins and works. That
>
> > might be an issue with the machine password
>
> >
>
> > My question is that are we loosing anything by not using the editposix
>
> > and trusted option. I understand that smbdlap is not supported but it
>
> > seems to work in my testing
>
> Once we have fixed the errors in your configuration and your data, I'm
> pretty sure that both, smbldap and sameditposix, will work. Then you must
> decide which route you will follow in the future.
>
>
>
> Be patient, their are other errors.
>
>
>
> PS
>
> your output of the slapd logs are hard to read. Would be much easier if
> you turn of the line wrapping in your mail composer.
>
>
>
> --
>
>
>
> Gruss
>
> Harry Jede
>
root@sam3dc:/tmp/ldifs-gr# ldapmodify -Y external -H ldapi:///  -f olcdbindex.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}hdb,cn=config"


root@sam3dc:/tmp/ldifs-gr# service slapd stop
 * Stopping OpenLDAP slapd                                                                                                                            [ OK ]
root@sam3dc:/tmp/ldifs-gr# slapindex -v -n 1

WARNING!
Runnig as root!
There's a fair chance slapd will fail to start.
Check file permissions!

indexing id=00000001
indexing id=00000002
indexing id=00000003
indexing id=00000004
indexing id=00000005
indexing id=00000006
It goes on and completes the indexing



root@sam3dc:/tmp/ldifs-gr# service slapd start
 * Starting OpenLDAP slapd                                                                                                                            [ OK ]


net getdomainsid
SID for local machine sam3dc is: S-1-5-21-286905455-3929894668-3957719032
SID for domain mydomain is: S-1-5-21-3936576374-1604348213-1812465911


tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
[sudo] password for sadmin:
 slapd[4698]: conn=1015 op=11 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1015 op=12 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
 slapd[4698]: conn=1015 op=12 SRCH attr=supportedExtension
 slapd[4698]: conn=1015 op=12 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1015 op=13 EXT oid=1.3.6.1.4.1.4203.1.11.1
 slapd[4698]: conn=1015 op=13 PASSMOD id="uid=sadmin,ou=users,dc=mydomain" new
 slapd[4698]: conn=1015 op=13 RESULT oid= err=0 text=
 slapd[4698]: conn=1015 op=14 MOD dn="uid=sadmin,ou=users,dc=mydomain"
 slapd[4698]: conn=1015 op=14 MOD attr=sambaPwdLastSet sambaPwdLastSet
 slapd[4698]: conn=1015 op=14 RESULT tag=103 err=0 text=
 slapd[4698]: conn=1016 fd=25 ACCEPT from IP=[::1]:39024 (IP=[::]:389)
 slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" method=128
 slapd[4698]: conn=1016 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE ssf=0
 slapd[4698]: conn=1016 op=0 RESULT tag=97 err=0 text=
 slapd[4698]: conn=1016 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
 slapd[4698]: conn=1016 op=1 SRCH attr=supportedControl
 slapd[4698]: conn=1016 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1016 op=2 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&(objectClass=sambaDomain)(sambaDomainName=mydomain))"
 slapd[4698]: conn=1016 op=2 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupRid sambaSID sambaAlgorithmicRidBase objectClass
 slapd[4698]: conn=1016 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1016 fd=25 closed (connection lost)

getent passwd sadmin
sadmin:x:1359:1359::/home/sadmin:/bin/sh

getent passwd tadmin
tadmin:x:1262:1150:Temp Admin,,,:/home/tadmin:/bin/bash

root@sam3dc:/# getent group 512
root@sam3dc:/#
root@sam3dc:/# getent group 1359
sadmin:x:1359:


DOMAIN JOIN: SYSLOG

root@sam3dc:/# tail -f /var/log/syslog|sed -nre 's/^.*( slapd.*$)/\1/p'
 slapd[4698]: conn=1024 fd=24 ACCEPT from IP=[::1]:39034 (IP=[::]:389)
 slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" method=128
 slapd[4698]: conn=1024 op=0 BIND dn="cn=admin,dc=mydomain" mech=SIMPLE ssf=0
 slapd[4698]: conn=1024 op=0 RESULT tag=97 err=0 text=
 slapd[4698]: conn=1024 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*                                                                             )"
 slapd[4698]: conn=1024 op=1 SRCH attr=supportedControl
 slapd[4698]: conn=1024 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=2 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (uid=sadmin)(objectClass=sambaSamAccount))"
 slapd[4698]: conn=1024 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sam                                                                             baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime                                                                              sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScrip                                                                             t sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupS                                                                             ID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sa                                                                             mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory mo                                                                             difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory                                                                              loginShell gecos
 slapd[4698]: conn=1024 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=3 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=3 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=4 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=4 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=5 SRCH base="sambaDomainName=mydomain,dc=mydomain"                                                                              scope=0 deref=0 filter="(objectClass=sambaDomain)"
 slapd[4698]: conn=1024 op=5 SRCH attr=sambaMaxPwdAge
 slapd[4698]: conn=1024 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=6 SRCH base="sambaDomainName=mydomain,dc=mydomain"                                                                              scope=0 deref=0 filter="(objectClass=sambaDomain)"
 slapd[4698]: conn=1024 op=6 SRCH attr=sambaMinPwdAge
 slapd[4698]: conn=1024 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=7 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
 slapd[4698]: conn=1024 op=7 SRCH attr=gidNumber sambaSID
 slapd[4698]: conn=1024 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=8 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (uid=sadmin)(objectClass=sambaSamAccount))"
 slapd[4698]: conn=1024 op=8 SRCH attr=uid uidNumber gidNumber homeDirectory sam                                                                             baPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime                                                                              sambaKickoffTime cn sn displayName sambaHomeDrive sambaHomePath sambaLogonScrip                                                                             t sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupS                                                                             ID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sa                                                                             mbaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory mo                                                                             difyTimestamp sambaLogonHours modifyTimestamp uidNumber gidNumber homeDirectory                                                                              loginShell gecos
 slapd[4698]: conn=1024 op=8 SEARCH RESULT tag=101 err=0 nentries=1 text=
 slapd[4698]: conn=1024 op=9 SRCH base="dc=mydomain" scope=2 deref=0 filter="(&                                                                             (gidNumber=1359)(objectClass=sambaGroupMapping))"
 slapd[4698]: conn=1024 op=9 SRCH attr=sambaSID
 slapd[4698]: conn=1024 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text=
 slapd[4698]: conn=1024 op=10 SRCH base="dc=mydomain" scope=2 deref=0 filter="(                                                                             &(objectClass=posixGroup)(|(memberUid=sadmin)(gidNumber=1359)))"
 slapd[4698]: conn=1024 op=10 SRCH attr=gidNumber sambaSID
 slapd[4698]: conn=1024 op=10 SEARCH RESULT tag=101 err=0 nentries=1 text=


DOMAIN JOIN SAMBA LOGS

root@sam3dc:/var/log/samba# cat log.ldap7-01
[2018/03/07 06:25:59.630907,  5] auth/auth_util.c:111(make_user_info_map)
  Mapping user [mydomain]\[sadmin] from workstation [LDAP7-01]
[2018/03/07 06:25:59.630969,  5] auth/user_info.c:59(make_user_info)
  attempting to make a user_info for sadmin (sadmin)
[2018/03/07 06:25:59.631010,  5] auth/user_info.c:70(make_user_info)
  making strings for sadmin's user_info struct
[2018/03/07 06:25:59.631047,  5] auth/user_info.c:87(make_user_info)
  making blobs for sadmin's user_info struct
[2018/03/07 06:25:59.631086,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [mydomain]\[sadmin]@[LDAP7-01] with the new password interface
[2018/03/07 06:25:59.631124,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [mydomain]\[sadmin]@[LDAP7-01]
[2018/03/07 06:25:59.631296,  2] lib/smbldap.c:1018(smbldap_open_connection)
  smbldap_open_connection: connection opened
[2018/03/07 06:25:59.633188,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: sadmin
[2018/03/07 06:25:59.635084,  4] auth/check_samsec.c:183(sam_account_ok)
  sam_account_ok: Checking SMB password for user sadmin
[2018/03/07 06:25:59.635143,  5] auth/check_samsec.c:165(logon_hours_ok)
  logon_hours_ok: user sadmin allowed to logon at this time (Tue Mar  6 20:25:59 2018
  )
[2018/03/07 06:25:59.636377,  1] auth/server_info.c:447(samu_to_SamInfo3)
  Failed to get groups from sam account.
[2018/03/07 06:25:59.636447,  0] auth/check_samsec.c:492(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2018/03/07 06:25:59.636504,  5] auth/auth.c:271(check_ntlm_password)
  check_ntlm_password: sam authentication for user [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:25:59.636549,  3] auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [mydomain] was for this SAM.
[2018/03/07 06:25:59.636586,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [sadmin] -> [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:00.004182,  2] smbd/sesssetup.c:1291(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2018/03/07 06:26:00.004329,  5] auth/auth.c:489(make_auth_context_subsystem)
  Making default auth method list for DC, security=user, encrypt passwords = yes
[2018/03/07 06:26:00.004377,  5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match guest
[2018/03/07 06:26:00.004416,  5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method guest has a valid init
[2018/03/07 06:26:00.004453,  5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2018/03/07 06:26:00.004491,  5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2018/03/07 06:26:00.004527,  5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match winbind:trustdomain
[2018/03/07 06:26:00.004564,  5] auth/auth.c:385(load_auth_module)
  load_auth_module: Attempting to find an auth method to match trustdomain
[2018/03/07 06:26:00.004601,  5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method trustdomain has a valid init
[2018/03/07 06:26:00.004637,  5] auth/auth.c:410(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2018/03/07 06:26:00.004678,  5] auth/auth.c:99(get_ntlm_challenge)
  auth_get_challenge: module guest did not want to specify a challenge
[2018/03/07 06:26:00.004716,  5] auth/auth.c:99(get_ntlm_challenge)
  auth_get_challenge: module sam did not want to specify a challenge
[2018/03/07 06:26:00.004752,  5] auth/auth.c:99(get_ntlm_challenge)
  auth_get_challenge: module winbind did not want to specify a challenge
[2018/03/07 06:26:00.004795,  5] auth/auth.c:134(get_ntlm_challenge)
  auth_context challenge created by random
[2018/03/07 06:26:00.004846,  5] auth/auth.c:135(get_ntlm_challenge)
  challenge is:
[2018/03/07 06:26:00.005231,  2] smbd/sesssetup.c:1291(setup_new_vc_session)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2018/03/07 06:26:00.005340,  5] auth/auth_util.c:111(make_user_info_map)
  Mapping user [mydomain]\[sadmin] from workstation [LDAP7-01]
[2018/03/07 06:26:00.005386,  5] auth/user_info.c:59(make_user_info)
  attempting to make a user_info for sadmin (sadmin)
[2018/03/07 06:26:00.005426,  5] auth/user_info.c:70(make_user_info)
  making strings for sadmin's user_info struct
[2018/03/07 06:26:00.005463,  5] auth/user_info.c:87(make_user_info)
  making blobs for sadmin's user_info struct
[2018/03/07 06:26:00.005501,  3] auth/auth.c:219(check_ntlm_password)
  check_ntlm_password:  Checking password for unmapped user [mydomain]\[sadmin]@[LDAP7-01] with the new password interface
[2018/03/07 06:26:00.005540,  3] auth/auth.c:222(check_ntlm_password)
  check_ntlm_password:  mapped user is: [mydomain]\[sadmin]@[LDAP7-01]
[2018/03/07 06:26:00.006595,  2] passdb/pdb_ldap.c:553(init_sam_from_ldap)
  init_sam_from_ldap: Entry found for user: sadmin
[2018/03/07 06:26:00.007471,  4] auth/check_samsec.c:183(sam_account_ok)
  sam_account_ok: Checking SMB password for user sadmin
[2018/03/07 06:26:00.007529,  5] auth/check_samsec.c:165(logon_hours_ok)
  logon_hours_ok: user sadmin allowed to logon at this time (Tue Mar  6 20:26:00 2018
  )
[2018/03/07 06:26:00.008194,  1] auth/server_info.c:447(samu_to_SamInfo3)
  Failed to get groups from sam account.
[2018/03/07 06:26:00.008273,  0] auth/check_samsec.c:492(check_sam_security)
  check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INTERNAL_DB_CORRUPTION'
[2018/03/07 06:26:00.008322,  5] auth/auth.c:271(check_ntlm_password)
  check_ntlm_password: sam authentication for user [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:00.008365,  3] auth/auth_winbind.c:60(check_winbind_security)
  check_winbind_security: Not using winbind, requested domain [mydomain] was for this SAM.
[2018/03/07 06:26:00.008403,  2] auth/auth.c:319(check_ntlm_password)
  check_ntlm_password:  Authentication for user [sadmin] -> [sadmin] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION
[2018/03/07 06:26:11.922227,  1] smbd/process.c:457(receive_smb_talloc)
  receive_smb_raw_talloc failed for client 192.168.17.196 read error = NT_STATUS_CONNECTION_RESET.









-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba