Advertisement
cryptomirea

Untitled

Dec 21st, 2018
437
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.76 KB | None | 0 0
  1. # smbclient //NT4MEMBER/share1 -U NT4DOMAIN\\user1
  2.  
  3. smbd log:
  4. check_ntlm_password: Checking password for unmapped user [NT4DOMAIN]\[user1]@[NT4MEMBER] with the new password interface
  5. check_ntlm_password: mapped user is: [NT4DOMAIN]\[user1]@[NT4MEMBER]
  6. check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_NO_MEMORY, authoritative=1
  7. Auth: [SMB2,(null)] user [NT4DOMAIN]\[user1] at [Wed, 19 Dec 2018 13:56:08.989053 CET] with [NTLMv2] status [NT_STATUS_NO_MEMORY] workstation [NT4MEMBER] remote host [ipv4:X.X.X.X:40488] mapped to [NT4DOMAIN]\[user1]. local host [ipv4:X.X.X.X:445]
  8. log_no_json: JSON auth logs not available unless compiled with jansson
  9. gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_NO_MEMORY
  10. smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NO_MEMORY] || at ../source3/smbd/smb2_sesssetup.c:137
  11. Server exit (NT_STATUS_END_OF_FILE)
  12. Terminated
  13.  
  14. winbind log:
  15. [ 9232]: request interface version (version = 30)
  16. [ 9232]: request location of privileged pipe
  17. [ 9232]: pam auth crap domain: [NT4DOMAIN] user: user1
  18. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  19. [ 9228]: pam auth crap domain: NT4DOMAIN user: user1
  20. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  21. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  22. ldb_wrap open of secrets.ldb
  23. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
  24. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 0)
  25. The connection to netlogon failed, retrying
  26. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  27. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  28. ldb_wrap open of secrets.ldb
  29. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
  30. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 1)
  31. This is again a problem for this particular call, forcing the close of this connection
  32. The connection to netlogon failed, retrying
  33. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  34. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  35. ldb_wrap open of secrets.ldb
  36. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
  37. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 2)
  38. This is again a problem for this particular call, forcing the close of this connection
  39. This is the third problem for this particular call, adding DC to the negative cache list: NT4DOMAIN (null)
  40. The connection to netlogon failed, retrying
  41. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  42. set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize
  43. ldb_wrap open of secrets.ldb
  44. rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY
  45. Could not open handle to NETLOGON pipe (error: NT_STATUS_NO_MEMORY, attempts: 3)
  46. This is again a problem for this particular call, forcing the close of this connection
  47. This is the third problem for this particular call, adding DC to the negative cache list: NT4DOMAIN (null)
  48. NTLM CRAP authentication for user [NT4DOMAIN]\[user1] returned NT_STATUS_NO_MEMORY
  49.  
  50.  
  51. # smbclient //NT4MEMBER/share1 -U NT4MEMBER\\user1
  52.  
  53. smbd log:
  54. check_ntlm_password: Checking password for unmapped user [NT4MEMBER]\[user1]@[NT4MEMBER] with the new password interface
  55. check_ntlm_password: mapped user is: [NT4MEMBER]\[user1]@[NT4MEMBER]
  56. init_sam_from_ldap: Entry found for user: user1
  57. auth_check_ntlm_password: sam authentication for user [user1] succeeded
  58. Auth: [SMB2,(null)] user [NT4MEMBER]\[user1] at [Wed, 19 Dec 2018 14:00:37.714900 CET] with [NTLMv2] status [NT_STATUS_OK] workstation [NT4MEMBER] remote host [ipv4:X.X.X.X:40494] became [NT4MEMBER]\[user1] [S-1-5-21-x-x-x-21020]. local host [ipv4:X.X.X.X:445]
  59. log_no_json: JSON auth logs not available unless compiled with jansson
  60. check_ntlm_password: authentication for user [user1] -> [user1] -> [user1] succeeded
  61. NTLMSSP Sign/Seal - Initialising with flags:
  62. Got NTLMSSP neg_flags=0x62088215
  63. NTLMSSP Sign/Seal - Initialising with flags:
  64. Got NTLMSSP neg_flags=0x62088215
  65. init_group_from_ldap: Entry found for group: 544
  66. init_group_from_ldap: Entry found for group: 100000
  67. Adding homes service for user 'user1' using home directory: '/posta/user1'
  68. adding home's share [user1] for user 'user1' at '/data/osobni/%S'
  69. Allowed connection from X.X.X.X (X.X.X.X)
  70. Connect path is '/tmp' for service [IPC$]
  71. Initialising default vfs hooks
  72. Initialising custom vfs hooks from [/[Default VFS]/]
  73. NT4MEMBER (ipv4:X.X.X.X:40494) connect to service IPC$ initially as user user1 (uid=10010, gid=513) (pid 7874)
  74. get_referred_path: |share1| in dfs path \NT4MEMBER\share1 is not a dfs root.
  75. smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
  76. NT4MEMBER (ipv4:X.X.X.X:40494) closed connection to service IPC$
  77. Allowed connection from X.X.X.X (X.X.X.X)
  78. Connect path is '/samba1/664' for service [share1]
  79. Initialising default vfs hooks
  80. Initialising custom vfs hooks from [/[Default VFS]/]
  81. Initialising custom vfs hooks from [recycle]
  82. load_module_absolute_path: Module '/usr/lib64/samba/vfs/recycle.so' loaded
  83. NT4MEMBER (ipv4:X.X.X.X:40494) connect to service share1 initially as user user1 (uid=10010, gid=513) (pid 7874)
  84.  
  85. winbind log:
  86. [ 9238]: request interface version (version = 30)
  87. [ 9238]: request location of privileged pipe
  88. sids_to_xids
  89. sam_sid_to_name
  90. sam_sid_to_name
  91. sam_sid_to_name
  92. StartTLS issued: using a TLS connection
  93. smbldap_open_connection: connection opened
  94. ldap_connect_system: successful connection to the LDAP server
  95.  
  96. # wbinfo -i user1
  97. NT4MEMBER\user1:*:10010:513::/posta/user1:/bin/false
  98.  
  99. winbindd log:
  100. [ 9747]: request interface version (version = 30)
  101. [ 9747]: request location of privileged pipe
  102. getpwnam user1
  103. sam_name_to_sid
  104. name_to_sid: user1 for domain
  105. init_sam_from_ldap: Entry found for user: user1
  106. name_to_sid: user1 for domain
  107. init_sam_from_ldap: Entry found for user: user1
  108. sam_rids_to_names for NT4MEMBER
  109. sam_sid_to_name
  110.  
  111.  
  112. Please find more logs. wbinfo -i user1 (without prepending domain) should show NT4DOMAIN\user1 not NT4MEMBER\user1. The same should be for wbinfo -i NT4DOMAIN\\user1.
  113.  
  114. # wbinfo -i NT4MEMBER\\user1
  115. NT4MEMBER\user1:*:10010:513::/posta/user1:/bin/false
  116.  
  117. winbindd log:
  118. [ 9744]: request interface version (version = 30)
  119. [ 9744]: request location of privileged pipe
  120. getpwnam NT4MEMBER\user1
  121. sam_name_to_sid
  122. name_to_sid: NT4MEMBER\user1 for domain NT4MEMBER
  123. init_sam_from_ldap: Entry found for user: user1
  124. name_to_sid: NT4MEMBER\user1 for domain NT4MEMBER
  125. init_sam_from_ldap: Entry found for user: user1
  126. sam_rids_to_names for NT4MEMBER
  127. sam_sid_to_name
  128.  
  129.  
  130. # wbinfo -i NT4DOMAIN\\user1
  131. Could not get info for user NT4DOMAIN\user1
  132.  
  133. winbindd log:
  134. [ 9746]: request interface version (version = 30)
  135. [ 9746]: request location of privileged pipe
  136. getpwnam NT4DOMAIN\user1
  137. sam_name_to_sid
  138. name_to_sid: NT4DOMAIN\user1 for domain NT4DOMAIN
  139. name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
  140. name_to_sid: NT4DOMAIN\user1 for domain NT4DOMAIN
  141. name_to_sid: failed to lookup name: NT_STATUS_NONE_MAPPED
  142.  
  143.  
  144. wbinfo -u should list all users from NT4DOMAIN but list nothing. wbinfo -u --domain="NT4MEMBER" list all users which are from ldap - they are NT4DOMAIN users.
  145.  
  146. # wbinfo -u
  147.  
  148. winbindd log:
  149. [ 9754]: request interface version (version = 30)
  150. [ 9754]: request location of privileged pipe
  151. [ 9754]: request interface version (version = 30)
  152. [ 9754]: request misc info
  153. [ 9754]: request netbios name
  154. [ 9754]: request domain name
  155. [ 9754]: domain_info [NT4DOMAIN]
  156. list_users NT4DOMAIN
  157. samr: sequence number
  158.  
  159.  
  160. # wbinfo -u --domain="NT4MEMBER"
  161. NT4MEMBER\dovecot
  162. NT4MEMBER\root
  163. NT4MEMBER\nobody
  164. NT4MEMBER\user1
  165.  
  166. winbindd log:
  167. [ 9756]: request interface version (version = 30)
  168. [ 9756]: request location of privileged pipe
  169. list_users NT4MEMBER
  170. samr_query_user_list
  171. smbldap_search_paged: base => [ou=Users,dc=intranet,dc=xx], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1000]
  172. smbldap_search_paged: search was successful
  173. samr: sequence number
  174. sam_rids_to_names for NT4MEMBER
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement