# smbclient //NT4MEMBER/share1 -U NT4DOMAIN\\user1smbd log:check_ntlm_pass

1. # smbclient //NT4MEMBER/share1 -U NT4DOMAIN\\user1
2.  
3. smbd log:
4. check_ntlm_password: Checking password for unmapped user [NT4DOMAIN]\[user1]@[NT4MEMBER] with the new password interface
5. check_ntlm_password: mapped user is: [NT4DOMAIN]\[user1]@[NT4MEMBER]
6. check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_NO_MEMORY, authoritative=1
7. Auth: [SMB2,(null)] user [NT4DOMAIN]\[user1] at [Wed, 19 Dec 2018 13:56:08.989053 CET] with [NTLMv2] status [NT_STATUS_NO_MEMORY] workstation [NT4MEMBER] remote host [ipv4:X.X.X.X:40488] mapped to [NT4DOMAIN]\[user1]. local host [ipv4:X.X.X.X:445]
8. log_no_json: JSON auth logs not available unless compiled with jansson
9. gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_MEMORY
10. smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NO_MEMORY] || at ../source3/smbd/smb2_sesssetup.c:137
11. Server exit (NT_STATUS_END_OF_FILE)
12. Terminated
13.  
14. winbind log:
15. [ 9232]: request interface version (version = 30)
16. [ 9232]: request location of privileged pipe
17. [ 9232]: pam auth crap domain: [NT4DOMAIN] user: user1
18. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
19. [ 9228]: pam auth crap domain: NT4DOMAIN user: user1
20. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
21. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
22. ldb_wrap open of secrets.ldb
23. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
24. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 0)
25. The connection to netlogon failed, retrying
26. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
27. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
28. ldb_wrap open of secrets.ldb
29. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
30. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 1)
31. This is again a problem for this particular call, forcing the close of this connection
32. The connection to netlogon failed, retrying
33. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
34. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
35. ldb_wrap open of secrets.ldb
36. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
37. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 2)
38. This is again a problem for this particular call, forcing the close of this connection
39. This is the third problem for this particular call, adding DC to the negative cache list: NT4DOMAIN (null)
40. The connection to netlogon failed, retrying
41. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
42. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
43. ldb_wrap open of secrets.ldb
44. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
45. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 3)
46. This is again a problem for this particular call, forcing the close of this connection
47. This is the third problem for this particular call, adding DC to the negative cache list: NT4DOMAIN (null)
48. NTLM CRAP authentication for user [NT4DOMAIN]\[user1] returned NT_STATUS_NO_MEMORY
49.  
50.  
51. # smbclient //NT4MEMBER/share1 -U NT4MEMBER\\user1
52.  
53. smbd log:
54. check_ntlm_password: Checking password for unmapped user [NT4MEMBER]\[user1]@[NT4MEMBER] with the new password interface
55. check_ntlm_password: mapped user is: [NT4MEMBER]\[user1]@[NT4MEMBER]
56. init_sam_from_ldap: Entry found for user: user1
57. auth_check_ntlm_password: sam authentication for user [user1] succeeded
58. Auth: [SMB2,(null)] user [NT4MEMBER]\[user1] at [Wed, 19 Dec 2018 14:00:37.714900 CET] with [NTLMv2] status [NT_STATUS_OK] workstation [NT4MEMBER] remote host [ipv4:X.X.X.X:40494] became [NT4MEMBER]\[user1] [S-1-5-21-x-x-x-21020]. local host [ipv4:X.X.X.X:445]
59. log_no_json: JSON auth logs not available unless compiled with jansson
60. check_ntlm_password: authentication for user [user1] -> [user1] -> [user1] succeeded
61. NTLMSSP Sign/Seal - Initialising with flags:
62. Got NTLMSSP neg_flags=0x62088215
63. NTLMSSP Sign/Seal - Initialising with flags:
64. Got NTLMSSP neg_flags=0x62088215
65. init_group_from_ldap: Entry found for group: 544
66. init_group_from_ldap: Entry found for group: 100000
67. Adding homes service for user 'user1' using home directory: '/posta/user1'
68. adding home's share [user1] for user 'user1' at '/data/osobni/%S'
69. Allowed connection from X.X.X.X (X.X.X.X)
70. Connect path is '/tmp' for service [IPC$]
71. Initialising default vfs hooks
72. Initialising custom vfs hooks from [/[Default VFS]/]
73. NT4MEMBER (ipv4:X.X.X.X:40494) connect to service IPC$ initially as user user1 (uid=10010, gid=513) (pid 7874)
74. get_referred_path: |share1| in dfs path \NT4MEMBER\share1 is not a dfs root.
75. smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
76. NT4MEMBER (ipv4:X.X.X.X:40494) closed connection to service IPC$
77. Allowed connection from X.X.X.X (X.X.X.X)
78. Connect path is '/samba1/664' for service [share1]
79. Initialising default vfs hooks
80. Initialising custom vfs hooks from [/[Default VFS]/]
81. Initialising custom vfs hooks from [recycle]
82. load_module_absolute_path: Module '/usr/lib64/samba/vfs/recycle.so' loaded
83. NT4MEMBER (ipv4:X.X.X.X:40494) connect to service share1 initially as user user1 (uid=10010, gid=513) (pid 7874)
84.  
85. winbind log:
86. [ 9238]: request interface version (version = 30)
87. [ 9238]: request location of privileged pipe
88. sids_to_xids
89. sam_sid_to_name
90. sam_sid_to_name
91. sam_sid_to_name
92. StartTLS issued: using a TLS connection
93. smbldap_open_connection: connection opened
94. ldap_connect_system: successful connection to the LDAP server
95.  
96. # wbinfo -i user1
97. NT4MEMBER\user1:*:10010:513::/posta/user1:/bin/false
98.  
99. winbindd log:
100. [ 9747]: request interface version (version = 30)
101. [ 9747]: request location of privileged pipe
102. getpwnam user1
103. sam_name_to_sid
104. name_to_sid: user1 for domain
105. init_sam_from_ldap: Entry found for user: user1
106. name_to_sid: user1 for domain
107. init_sam_from_ldap: Entry found for user: user1
108. sam_rids_to_names for NT4MEMBER
109. sam_sid_to_name
110.  
111.  
112. Please find more logs. wbinfo -i user1 (without prepending domain) should show NT4DOMAIN\user1 not NT4MEMBER\user1. The same should be for wbinfo -i NT4DOMAIN\\user1.
113.  
114. # wbinfo -i NT4MEMBER\\user1
115. NT4MEMBER\user1:*:10010:513::/posta/user1:/bin/false
116.  
117. winbindd log:
118. [ 9744]: request interface version (version = 30)
119. [ 9744]: request location of privileged pipe
120. getpwnam NT4MEMBER\user1
121. sam_name_to_sid
122. name_to_sid: NT4MEMBER\user1 for domain NT4MEMBER
123. init_sam_from_ldap: Entry found for user: user1
124. name_to_sid: NT4MEMBER\user1 for domain NT4MEMBER
125. init_sam_from_ldap: Entry found for user: user1
126. sam_rids_to_names for NT4MEMBER
127. sam_sid_to_name
128.  
129.  
130. # wbinfo -i NT4DOMAIN\\user1
131. Could not get info for user NT4DOMAIN\user1
132.  
133. winbindd log:
134. [ 9746]: request interface version (version = 30)
135. [ 9746]: request location of privileged pipe
136. getpwnam NT4DOMAIN\user1
137. sam_name_to_sid
138. name_to_sid: NT4DOMAIN\user1 for domain NT4DOMAIN
139. name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
140. name_to_sid: NT4DOMAIN\user1 for domain NT4DOMAIN
141. name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
142.  
143.  
144. wbinfo -u should list all users from NT4DOMAIN but list nothing. wbinfo -u --domain="NT4MEMBER" list all users which are from ldap - they are NT4DOMAIN users.
145.  
146. # wbinfo -u
147.  
148. winbindd log:
149. [ 9754]: request interface version (version = 30)
150. [ 9754]: request location of privileged pipe
151. [ 9754]: request interface version (version = 30)
152. [ 9754]: request misc info
153. [ 9754]: request netbios name
154. [ 9754]: request domain name
155. [ 9754]: domain_info [NT4DOMAIN]
156. list_users NT4DOMAIN
157. samr: sequence number
158.  
159.  
160. # wbinfo -u --domain="NT4MEMBER"
161. NT4MEMBER\dovecot
162. NT4MEMBER\root
163. NT4MEMBER\nobody
164. NT4MEMBER\user1
165.  
166. winbindd log:
167. [ 9756]: request interface version (version = 30)
168. [ 9756]: request location of privileged pipe
169. list_users NT4MEMBER
170. samr_query_user_list
171. smbldap_search_paged: base => [ou=Users,dc=intranet,dc=xx], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1000]
172. smbldap_search_paged: search was successful
173. samr: sequence number
174. sam_rids_to_names for NT4MEMBER