Web lists-archives.com

[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource




I have a working Samba 4.7.6 DC with the default /sysvol and /netlogon shares.

These shares work perfectly and domain users can access them without any issue.

Now, to ease experimenting with config files and stuff (it's not a production server), I've added a /rootdisk share (path=/) limiting its access ro root and domain admins:

---------
# cat /etc/samba/smb.conf
[global]
        bind interfaces only = Yes
        interfaces = lo eth_lan
        netbios name = SRVADDC
        realm = SAMDOM.LOCAL
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = SAMDOM
        #username map = /etc/samba/username.map

[netlogon]
        path = /var/lib/samba/sysvol/samdom.it/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[RootDisk]
        path = /
        read only = No
        valid users = root SAMDOM\myuser @"SAMDOM\domain admins"
        force user = root
        force group = root
        create mode = 0640
        force create mode = 0640
-----

It worked at first but now, after about 2 days, it stopped working and I can't connect to it from Windows anymore.

Running this from a command prompt:
net use * \\srvaddc.samdom.local\RootDisk

returns this error message (translated from localized one, so it could not be exactly the same in English):
-----
System error 8.
Insufficient memory to execute the command
-----

This is the samba log (level 4) of the client trying to connect with the NT_STATUS_NO_MEMORY error:
-----
[2018/07/05 13:48:12.411901,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of secrets.ldb
[2018/07/05 13:48:12.423964,  3] ../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
  ldb_wrap open of privilege.ldb
[2018/07/05 13:48:12.480798,  3] ../source3/smbd/password.c:144(register_homes_share)   Adding homes service for user 'SAMDOM\myuser' using home directory: '/home/SAMDOM/myuser'
[2018/07/05 13:48:12.482416,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 10.0.0.10 (10.0.0.10)
[2018/07/05 13:48:12.482509,  3] ../source3/smbd/service.c:595(make_connection_snum)
  Connect path is '/tmp' for service [IPC$]
[2018/07/05 13:48:12.482581,  3] ../source3/smbd/vfs.c:113(vfs_init_default)
  Initialising default vfs hooks
[2018/07/05 13:48:12.482619,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [/[Default VFS]/]
[2018/07/05 13:48:12.482657,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [acl_xattr]
[2018/07/05 13:48:12.482696,  3] ../source3/smbd/vfs.c:139(vfs_init_custom)
  Initialising custom vfs hooks from [dfs_samba4]
[2018/07/05 13:48:12.482738,  2] ../source3/modules/vfs_acl_xattr.c:236(connect_acl_xattr)   connect_acl_xattr: setting 'inherit acls = true' 'dos filemode = true' and 'force unknown acl user = true' for service IPC$ [2018/07/05 13:48:12.485807,  3] ../source3/smbd/service.c:841(make_connection_snum)   10.0.0.10 (ipv4:10.0.0.10:50263) connect to service IPC$ initially as user SAMDOM\myuser (uid=3000071, gid=100) (pid 11670) [2018/07/05 13:48:12.486968,  3] ../source3/smbd/msdfs.c:1008(get_referred_path)   get_referred_path: |RootDisk| in dfs path \srvaddc.samdom.it\RootDisk is not a dfs root. [2018/07/05 13:48:12.487048,  3] ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:309
[2018/07/05 13:48:12.489682,  3] ../lib/util/access.c:365(allow_access)
  Allowed connection from 10.0.0.10 (10.0.0.10)
[2018/07/05 13:48:12.489742,  3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
  string_to_sid: SID root is not in a valid format
[2018/07/05 13:48:12.491233,  3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
  string_to_sid: SID SAMDOM\myuser is not in a valid format
[2018/07/05 13:48:12.558201,  1] ../source3/param/loadparm.c:2480(lp_idmap_range)
  idmap range not specified for domain '*'
[2018/07/05 13:48:12.577539,  1] ../source3/auth/token_util.c:442(add_local_groups)   SID S-1-5-21-299502267-616249376-1417001333-4174 -> getpwuid(3000002) failed [2018/07/05 13:48:12.577678,  3] ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NO_MEMORY] || at ../source3/smbd/smb2_tcon.c:135
[2018/07/05 13:48:14.672221,  2] ../source3/smbd/service.c:1120(close_cnum)
  10.0.0.10 (ipv4:10.0.0.10:50263) closed connection to service sysvol
-----

What shall I check?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba