Web lists-archives.com

Re: [Samba] RSAT Hang





RPvs> On Tue, 22 May 2018 09:08:31 -0700
RPvs> Gregory Sloop via samba <samba@xxxxxxxxxxxxxxx> wrote:

>> I was under the impression that during provision that the
>> Administrator account got all the domain [and other] "root" privs by
>> default. If that's the case, why doesn't Administrator have the privs
>> we'd expect? [Perhaps I misunderstand what Administrator starts with
>> after an initial provision.]

RPvs> Administrator  doesn't get any privileges normally, but it does
RPvs> inherit all the 'Administrators' group privileges, but even this
RPvs> group doesn't get them all AND they only apply to the DC.
RPvs> You need to create them on each Unix machine.
RPvs>  

Yeah, I get that too. But since I'm simply doing user/computer maintenance in RSAT [in the AD], then Administrator _should_ have the correct privs to do what's required, right?

Obviously, the "Administrator" account won't have any file-system privs etc, unless properly granted. But I'm not [at least as far as I know] doing any changes to the filesystem or files. I'm simply trying to add/veiw/change AD attributes. [i.e. Create/View/Change attributes in a user/computer in Active Directory]

>> As to your prior message - the FreeNAS box isn't part of the setup
>> yet. I'm just trying to get the user and computer accounts I'll need
>> to join the NAS to AD ready.

RPvs> If the NAS isn't part of a domain, it isn't like to know who a domain
RPvs> user or group is, is it ;-)

Correct. But I'm simply trying to view a RSAT created user and/or computer account and view the "security" tab when RSAT hangs. [I can't begin to handle joining the NAS until I have a properly configured user and computer account in AD. And these RSAT steps are pre-reqs for that.]

Are we on the same page now? :)
---

If not, let me go back and restate, briefly, the root problem.
Provisioned a *new* AD domain using Ubuntu 18.04 packaged Samba. [Not an AD join.]
Took a Win7 machine, installed RSAT on it [but didn't join it to the domain.]
Pointed MSC at the domain.
Add in the user/computer RSAT tool.

At this point I can view the AD tree [for users/computers]. 
I can see in the Samba logs, the RSAT tool querying AD, and getting answers.
I can create users and computers fine. [And see that happen in Samba logging.]

In the setup steps for the NAS, I'm instructed to modify a setting on the "security" tab in RSAT for the computer account [which I created above]
When I try to view the "security" tab of a user or computer object, RSAT hangs.

This is a Log 5 of the relevant logs, when that happens.
---
[2018/05/21 19:03:39.828780,  4] ../auth/auth_log.c:860(log_successful_authz_event_human_readable)
  Successful AuthZ: [DCE/RPC,ncacn_np] user [AD]\[Administrator] [S-1-5-21-787471243-3174888660-1208226227-500] at [Mon, 21 May 2018 19:03:39.828768 PDT] Remote host [ipv4:10.115.1.154:49441] local host [ipv4:10.115.1.231:445]
[2018/05/21 19:03:39.828973,  4] ../auth/auth_log.c:220(log_json)
  JSON Authorization: {"timestamp": "2018-05-21T19:03:39.828933-0700", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 0}, "localAddress": "ipv4:10.115.1.231:445", "remoteAddress": "ipv4:10.115.1.154:49441", "serviceDescription": "DCE/RPC", "authType": "ncacn_np", "domain": "AD", "account": "Administrator", "sid": "S-1-5-21-787471243-3174888660-1208226227-500", "logonServer": "SNCC-ADC1", "transportProtection": "SMB", "accountFlags": "0x00000010"}}
[2018/05/21 19:03:39.829092,  3] ../auth/auth_log.c:139(get_auth_event_server)
  get_auth_event_server: Failed to find 'auth_event' registered on the message bus to send JSON authentication events to: NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/05/21 19:03:39.835556,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/05/21 19:03:39.835706,  3] ../source4/smbd/process_single.c:114(single_terminate)
  single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/05/21 19:04:07.594760,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
[2018/05/21 19:04:07.595045,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
[2018/05/21 19:04:07.595251,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
[2018/05/21 19:04:07.595416,  3] ../source4/smbd/service_stream.c:65(stream_terminate_connection)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET'
[2018/05/21 19:04:07.595741,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET'
[2018/05/21 19:04:07.596010,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET'
[2018/05/21 19:04:07.596253,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  Terminating connection - 'ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET'
[2018/05/21 19:04:07.596487,  2] ../source4/smbd/process_standard.c:473(standard_terminate)
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
  standard_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_RESET]
[2018/05/21 19:04:07.611197,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 28639 () exited with status 0
[2018/05/21 19:04:07.611422,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 28630 () exited with status 0
[2018/05/21 19:04:07.611573,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 28602 () exited with status 0
[2018/05/21 19:04:07.611724,  2] ../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
  Child 28609 () exited with status 0

---

Again - much thanks for the help so far. Hopefully I can nail this down.
-Greg
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba