Quotas in frischer 7.1

Server
,
1

Hallo zusammen,

auf einer Test-7.1 bekomme ich (die hier schon öfter erwähnte) Fehlermeldung bei Anlegen/Abfragen von Quotas.

Wie ist da derzeit der Stand?

Ich habe eine komplett neue 7.1 aufgesetzt und bekomme den obigen Fehler. Sudoers habe ich probiert - dann funktioniert die Schulkonsole nicht mehr, der Fehler in Sophomorix bleibt gleich.

Hier mal der problematische Befehl (mit höherem Debuglevel) /usr/bin/smbcquotas -mNT1 --debuglevel=20 -U administrator%'***' -S UQLIM:thomas:2102184960/2627731456 //server/default-school. Am Ende meckert er über ein fehlerhaftes Domänen-Logon. Aber das ist eine frisch installierte 7.1:

INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
Processing section "[global]"
doing parameter workgroup = TEAM
doing parameter realm = TEAM.LINUXMUSTER.LAN
doing parameter netbios name = SERVER
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 10.0.0.254
doing parameter registry shares = yes
doing parameter host msdfs = yes
doing parameter tls enabled = yes
doing parameter tls keyfile = /etc/linuxmuster/ssl/server.key.pem
doing parameter tls certfile = /etc/linuxmuster/ssl/server.cert.pem
doing parameter tls cafile = /etc/linuxmuster/ssl/cacert.pem
doing parameter tls verify peer = ca_and_name
doing parameter ldap server require strong auth = no
doing parameter rpc_server:spoolss = external
doing parameter rpc_daemon:spoolssd = fork
doing parameter spoolss:architecture = Windows x64
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter time server = yes
doing parameter ntp signd socket directory = /run/samba/ntp_signd
doing parameter ntlm auth = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface ens18 ip=10.0.0.1 bcast=10.0.255.255 netmask=255.255.0.0
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
Adding cache entry with key=[AD_SITENAME/DOMAIN/TEAM.LINUXMUSTER.LAN] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661709968 seconds in the past)
Could not get allrecord lock on gencache_notrans.tdb: Locking error
sitename_fetch: No stored sitename for realm 'TEAM.LINUXMUSTER.LAN'
internal_resolve_name: looking up server#20 (sitename (null))
name server#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.0.0.1 at port 445
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 2626560
	SO_RCVBUF = 131072
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
got OID=1.2.840.48018.1.2.2
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
SPNEGO login failed: The attempted logon is invalid. This is either due to a bad username or authentication information.
cli_full_connection failed! (NT_STATUS_LOGON_FAILURE)
2

@Entwickler

Gruß Alois

3

Kannst du den Befehl mal manuell so ausführen:

/usr/bin/smbcquotas -mNT1 --debuglevel=20 -U administrator%$(cat /etc/linuxmuster/.secret/administrator) -S UQLIM:thomas:2102184960/2627731456 //server/default-school

und die Ausgabe posten?

Wenn der Fehler weiterhin besteht bitte auch mal mit dem global-admin und dessen Passwort testen. Alle anderen Funktionen (import-devices usw.) funktionieren aber weiterhin?

4

Gleich die beiden Ausgaben (zu lang für einen Post). Der Rest scheint in meinen Augen normal zu funktionieren.

5

Der erste Befehl ergibt

root@server:~# /usr/bin/smbcquotas -mNT1 --debuglevel=20 -U administrator%$(cat /etc/linuxmuster/.secret/administrator) -S UQLIM:thomas:2102184960/2627731456 //server/default-school

INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
Processing section "[global]"
doing parameter workgroup = TEAM
doing parameter realm = TEAM.LINUXMUSTER.LAN
doing parameter netbios name = SERVER
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 10.0.0.254
doing parameter registry shares = yes
doing parameter host msdfs = yes
doing parameter tls enabled = yes
doing parameter tls keyfile = /etc/linuxmuster/ssl/server.key.pem
doing parameter tls certfile = /etc/linuxmuster/ssl/server.cert.pem
doing parameter tls cafile = /etc/linuxmuster/ssl/cacert.pem
doing parameter tls verify peer = ca_and_name
doing parameter ldap server require strong auth = no
doing parameter rpc_server:spoolss = external
doing parameter rpc_daemon:spoolssd = fork
doing parameter spoolss:architecture = Windows x64
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter time server = yes
doing parameter ntp signd socket directory = /run/samba/ntp_signd
doing parameter ntlm auth = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface ens18 ip=10.0.0.1 bcast=10.0.255.255 netmask=255.255.0.0
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
Adding cache entry with key=[AD_SITENAME/DOMAIN/TEAM.LINUXMUSTER.LAN] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661765752 seconds in the past)
Could not get allrecord lock on gencache_notrans.tdb: Locking error
sitename_fetch: No stored sitename for realm 'TEAM.LINUXMUSTER.LAN'
internal_resolve_name: looking up server#20 (sitename (null))
Adding cache entry with key=[NBT/SERVER#20] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661765752 seconds in the past)
no entry for server#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name server<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name server<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for server#20: 10.0.0.1
Adding cache entry with key=[NBT/SERVER#20] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661765752 seconds in the past)
Adding cache entry with key=[NBT/SERVER#20] and timeout=[Mo Aug 29 11:46:52 2022 CEST] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 10.0.0.1:0 
Connecting to 10.0.0.1 at port 445
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 2626560
	SO_RCVBUF = 131072
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
got OID=1.2.840.48018.1.2.2
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_activate: user_session_key
[0000] 44 12 57 A8 E3 5E A8 B4   61 77 68 25 89 D2 57 90   D.W..^.. awh%..W.
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] FE B8 27 3F 29 A7 FD 49                             ..'?)..I 
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] DF 0B 53 A0 B0 AB D3 E9                             ..S..... 
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] 2D 23 AE 03 CC A5 44 B8                             -#....D. 
num_setup=1, max_setup=0, param_total=2, this_param=2, max_param=0, data_total=0, this_data=0, max_data=560, param_offset=68, param_pad=0, param_disp=0, data_offset=72, data_pad=2, data_disp=0
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] 50 D0 3C B8 48 38 45 6E                             P.<.H8En 
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] 80 97 19 E6 1D B2 CD B0                             ........ 
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] 80 40 91 45 3A 3A FA 6B                             .@.E::.k 
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] 54 6C FE 62 C3 CC 6D D2                             Tl.b..m. 
string_to_sid: SID thomas is not in a valid format
Adding cache entry with key=[AD_SITENAME/DOMAIN/TEAM.LINUXMUSTER.LAN] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661765752 seconds in the past)
sitename_fetch: No stored sitename for realm 'TEAM.LINUXMUSTER.LAN'
internal_resolve_name: looking up server#20 (sitename (null))
name server#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.0.0.1 at port 445
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 2626560
	SO_RCVBUF = 131072
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
got OID=1.2.840.48018.1.2.2
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_activate: user_session_key
[0000] 46 15 6B A9 88 CC B9 0E   B2 12 C3 FF C0 5E 2E 4F   F.k..... .....^.O
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] 06 8F 44 C7 FA 91 10 41                             ..D....A 
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] 86 A0 4D 8B 32 25 CE C5                             ..M.2%.. 
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] 52 9F D3 A7 43 41 55 D0                             R...CAU. 
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] C5 A8 11 02 C9 26 DA DE                             .....&.. 
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] 2D DF FB 28 C8 40 2A A6                             -..(.@*. 
Bind RPC Pipe: host server auth_type 0, auth_level 1
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND (11)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0048 (72)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000001 (1)
        u                        : union dcerpc_payload(case 11)
        bind: struct dcerpc_bind
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x00000000 (0)
            num_contexts             : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ctx_list
                    context_id               : 0x0000 (0)
                    num_transfer_syntaxes    : 0x01 (1)
                    abstract_syntax: struct ndr_syntax_id
                        uuid                     : 12345778-1234-abcd-ef00-0123456789ab
                        if_version               : 0x00000000 (0)
                    transfer_syntaxes: ARRAY(1)
                        transfer_syntaxes: struct ndr_syntax_id
                            uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                            if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe: host server
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] A3 3F 8C 77 B8 A6 48 D7                             .?.w..H. 
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] 84 7E F5 82 D9 AD 93 23                             .~.....# 
rpc_read_send: data_to_read: 52
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_BIND_ACK (12)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0044 (68)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000001 (1)
        u                        : union dcerpc_payload(case 12)
        bind_ack: struct dcerpc_bind_ack
            max_xmit_frag            : 0x10b8 (4280)
            max_recv_frag            : 0x10b8 (4280)
            assoc_group_id           : 0x000079ab (31147)
            secondary_address_size   : 0x000d (13)
            secondary_address        : '\PIPE\lsarpc'
            _pad1                    : DATA_BLOB length=1
[0000] 00                                                 . 
            num_results              : 0x01 (1)
            ctx_list: ARRAY(1)
                ctx_list: struct dcerpc_ack_ctx
                    result                   : DCERPC_BIND_ACK_RESULT_ACCEPTANCE (0)
                    reason                   : union dcerpc_bind_ack_reason(case 0)
                    value                    : DCERPC_BIND_ACK_REASON_NOT_SPECIFIED (0)
                    syntax: struct ndr_syntax_id
                        uuid                     : 8a885d04-1ceb-11c9-9fe8-08002b104860
                        if_version               : 0x00000002 (2)
            auth_info                : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host server returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe lsarpc to machine server and bound anonymously.
     lsa_OpenPolicy: struct lsa_OpenPolicy
        in: struct lsa_OpenPolicy
            system_name              : *
                system_name              : 0x005c (92)
            attr                     : *
                attr: struct lsa_ObjectAttribute
                    len                      : 0x00000018 (24)
                    root_dir                 : NULL
                    object_name              : NULL
                    attributes               : 0x00000000 (0)
                    sec_desc                 : NULL
                    sec_qos                  : *
                        sec_qos: struct lsa_QosInfo
                            len                      : 0x0000000c (12)
                            impersonation_level      : 0x0002 (2)
                            context_mode             : 0x01 (1)
                            effective_only           : 0x00 (0)
            access_mask              : 0x20000000 (536870912)
                   0: LSA_POLICY_VIEW_LOCAL_INFORMATION
                   0: LSA_POLICY_VIEW_AUDIT_INFORMATION
                   0: LSA_POLICY_GET_PRIVATE_INFORMATION
                   0: LSA_POLICY_TRUST_ADMIN   
                   0: LSA_POLICY_CREATE_ACCOUNT
                   0: LSA_POLICY_CREATE_SECRET 
                   0: LSA_POLICY_CREATE_PRIVILEGE
                   0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
                   0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
                   0: LSA_POLICY_AUDIT_LOG_ADMIN
                   0: LSA_POLICY_SERVER_ADMIN  
                   0: LSA_POLICY_LOOKUP_NAMES  
                   0: LSA_POLICY_NOTIFICATION  
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000002 (2)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000002c (44)
            context_id               : 0x0000 (0)
            opnum                    : 0x0006 (6)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host server
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] DC 2D 8C 4D B7 D8 5D CB                             .-.M..]. 
smb_signing_md5: sequence number 9
smb_signing_check_pdu: seq 9: got good SMB signature of
[0000] 07 EE F3 F8 D7 A9 20 F7                             ...... . 
rpc_read_send: data_to_read: 32
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0030 (48)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000002 (2)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000018 (24)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=24
[0000] 00 00 00 00 7C 2B 6F 36   B2 97 EA 4B A6 76 41 48   ....|+o6 ...K.vAH
[0010] 65 F9 55 E8 00 00 00 00                             e.U..... 
Got pdu len 48, data_len 24
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host server returned 24 bytes.
     lsa_OpenPolicy: struct lsa_OpenPolicy
        out: struct lsa_OpenPolicy
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 366f2b7c-97b2-4bea-a676-414865f955e8
            result                   : NT_STATUS_OK
     lsa_LookupNames: struct lsa_LookupNames
        in: struct lsa_LookupNames
            handle                   : *
                handle: struct policy_handle
                    handle_type              : 0x00000000 (0)
                    uuid                     : 366f2b7c-97b2-4bea-a676-414865f955e8
            num_names                : 0x00000001 (1)
            names: ARRAY(1)
                names: struct lsa_String
                    length                   : 0x000c (12)
                    size                     : 0x000c (12)
                    string                   : *
                        string                   : 'thomas'
            sids                     : *
                sids: struct lsa_TransSidArray
                    count                    : 0x00000000 (0)
                    sids                     : NULL
            level                    : LSA_LOOKUP_NAMES_ALL (1)
            count                    : *
                count                    : 0x00000000 (0)
     &r: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_REQUEST (0)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0018 (24)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000003 (3)
        u                        : union dcerpc_payload(case 0)
        request: struct dcerpc_request
            alloc_hint               : 0x0000004c (76)
            context_id               : 0x0000 (0)
            opnum                    : 0x000e (14)
            object                   : union dcerpc_object(case 0)
            empty: struct dcerpc_empty
            stub_and_verifier        : DATA_BLOB length=0
rpc_api_pipe: host server

Fortsetzung folgt…

6 
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=100, this_data=100, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0
smb_signing_md5: sequence number 10
smb_signing_sign_pdu: sent SMB signature of
[0000] EF 10 4C 97 2B F4 64 1E                             ..L.+.d. 
smb_signing_md5: sequence number 11
smb_signing_check_pdu: seq 11: got good SMB signature of
[0000] EE 64 DD F5 3E F9 36 40                             .d..>.6@ 
rpc_read_send: data_to_read: 120
     state->pkt: struct ncacn_packet
        rpc_vers                 : 0x05 (5)
        rpc_vers_minor           : 0x00 (0)
        ptype                    : DCERPC_PKT_RESPONSE (2)
        pfc_flags                : 0x03 (3)
               1: DCERPC_PFC_FLAG_FIRST    
               1: DCERPC_PFC_FLAG_LAST     
               0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
               0: DCERPC_PFC_FLAG_CONC_MPX 
               0: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
               0: DCERPC_PFC_FLAG_MAYBE    
               0: DCERPC_PFC_FLAG_OBJECT_UUID
        drep: ARRAY(4)
            [0]                      : 0x10 (16)
            [1]                      : 0x00 (0)
            [2]                      : 0x00 (0)
            [3]                      : 0x00 (0)
        frag_length              : 0x0088 (136)
        auth_length              : 0x0000 (0)
        call_id                  : 0x00000003 (3)
        u                        : union dcerpc_payload(case 2)
        response: struct dcerpc_response
            alloc_hint               : 0x00000070 (112)
            context_id               : 0x0000 (0)
            cancel_count             : 0x00 (0)
            reserved                 : 0x00 (0)
            stub_and_verifier        : DATA_BLOB length=112
[0000] 04 00 02 00 01 00 00 00   08 00 02 00 20 00 00 00   ........ .... ...
[0010] 01 00 00 00 08 00 0A 00   0C 00 02 00 10 00 02 00   ........ ........
[0020] 05 00 00 00 00 00 00 00   04 00 00 00 54 00 45 00   ........ ....T.E.
[0030] 41 00 4D 00 04 00 00 00   01 04 00 00 00 00 00 05   A.M..... ........
[0040] 15 00 00 00 3F 15 71 11   C5 31 AC 5D 1B 40 0F EB   ....?.q. .1.].@..
[0050] 01 00 00 00 14 00 02 00   01 00 00 00 01 00 00 00   ........ ........
[0060] 73 04 00 00 00 00 00 00   01 00 00 00 00 00 00 00   s....... ........
Got pdu len 136, data_len 112
rpc_api_pipe: got frag len of 136 at offset 0: NT_STATUS_OK
rpc_api_pipe: host server returned 112 bytes.
     lsa_LookupNames: struct lsa_LookupNames
        out: struct lsa_LookupNames
            domains                  : *
                domains                  : *
                    domains: struct lsa_RefDomainList
                        count                    : 0x00000001 (1)
                        domains                  : *
                            domains: ARRAY(1)
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x0008 (8)
                                        size                     : 0x000a (10)
                                        string                   : *
                                            string                   : 'TEAM'
                                    sid                      : *
                                        sid                      : S-1-5-21-292623679-1571566021-3943645211
                        max_size                 : 0x00000020 (32)
            sids                     : *
                sids: struct lsa_TransSidArray
                    count                    : 0x00000001 (1)
                    sids                     : *
                        sids: ARRAY(1)
                            sids: struct lsa_TranslatedSid
                                sid_type                 : SID_NAME_USER (1)
                                rid                      : 0x00000473 (1139)
                                sid_index                : 0x00000000 (0)
            count                    : *
                count                    : 0x00000001 (1)
            result                   : NT_STATUS_OK
num_setup=1, max_setup=0, param_total=2, this_param=2, max_param=0, data_total=72, this_data=72, max_data=0, param_offset=78, param_pad=3, param_disp=0, data_offset=80, data_pad=0, data_disp=0
smb_signing_md5: sequence number 8
smb_signing_sign_pdu: sent SMB signature of
[0000] 0A 3B FD 80 FC 03 F9 69                             .;.....i 
smb_signing_md5: sequence number 9
smb_signing_check_pdu: seq 9: got good SMB signature of
[0000] 68 5C E5 17 E9 99 A4 EE                             h\...... 
NT_TRANSACT_SET_USER_QUOTA failed: NT_STATUS_INTERNAL_ERROR
NT_STATUS_INTERNAL_ERROR cli_set_user_quota thomas
7

Als global-admin (mit interaktiver Passworteingabe):

root@server:~# /usr/bin/smbcquotas -mNT1 --debuglevel=20 -U global-admin -S UQLIM:thomas:2102184960/2627731456 //server/default-school

INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 20
  tdb: 20
  printdrivers: 20
  lanman: 20
  smb: 20
  rpc_parse: 20
  rpc_srv: 20
  rpc_cli: 20
  passdb: 20
  sam: 20
  auth: 20
  winbind: 20
  vfs: 20
  idmap: 20
  quota: 20
  acls: 20
  locking: 20
  msdfs: 20
  dmapi: 20
  registry: 20
  scavenger: 20
  dns: 20
  ldb: 20
  tevent: 20
  auth_audit: 20
  auth_json_audit: 20
  kerberos: 20
  drs_repl: 20
Processing section "[global]"
doing parameter workgroup = TEAM
doing parameter realm = TEAM.LINUXMUSTER.LAN
doing parameter netbios name = SERVER
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 10.0.0.254
doing parameter registry shares = yes
doing parameter host msdfs = yes
doing parameter tls enabled = yes
doing parameter tls keyfile = /etc/linuxmuster/ssl/server.key.pem
doing parameter tls certfile = /etc/linuxmuster/ssl/server.cert.pem
doing parameter tls cafile = /etc/linuxmuster/ssl/cacert.pem
doing parameter tls verify peer = ca_and_name
doing parameter ldap server require strong auth = no
doing parameter rpc_server:spoolss = external
doing parameter rpc_daemon:spoolssd = fork
doing parameter spoolss:architecture = Windows x64
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter time server = yes
doing parameter ntp signd socket directory = /run/samba/ntp_signd
doing parameter ntlm auth = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface ens18 ip=10.0.0.1 bcast=10.0.255.255 netmask=255.255.0.0
Enter TEAM\global-admin's password: 
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
Adding cache entry with key=[AD_SITENAME/DOMAIN/TEAM.LINUXMUSTER.LAN] and timeout=[Do Jan  1 01:00:00 1970 CET] (-1661766121 seconds in the past)
sitename_fetch: No stored sitename for realm 'TEAM.LINUXMUSTER.LAN'
internal_resolve_name: looking up server#20 (sitename (null))
name server#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.0.0.1 at port 445
Socket options:
	SO_KEEPALIVE = 0
	SO_REUSEADDR = 0
	SO_BROADCAST = 0
	TCP_NODELAY = 1
	TCP_KEEPCNT = 9
	TCP_KEEPIDLE = 7200
	TCP_KEEPINTVL = 75
	IPTOS_LOWDELAY = 0
	IPTOS_THROUGHPUT = 0
	SO_REUSEPORT = 0
	SO_SNDBUF = 2626560
	SO_RCVBUF = 131072
	SO_SNDLOWAT = 1
	SO_RCVLOWAT = 1
	SO_SNDTIMEO = 0
	SO_RCVTIMEO = 0
	TCP_QUICKACK = 1
	TCP_DEFER_ACCEPT = 0
got OID=1.2.840.48018.1.2.2

Fortsetzung folgt auch hier

8 
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
     negotiate: struct NEGOTIATE_MESSAGE
        Signature                : 'NTLMSSP'
        MessageType              : NtLmNegotiate (1)
        NegotiateFlags           : 0x62088215 (1644724757)
               1: NTLMSSP_NEGOTIATE_UNICODE
               0: NTLMSSP_NEGOTIATE_OEM    
               1: NTLMSSP_REQUEST_TARGET   
               1: NTLMSSP_NEGOTIATE_SIGN   
               0: NTLMSSP_NEGOTIATE_SEAL   
               0: NTLMSSP_NEGOTIATE_DATAGRAM
               0: NTLMSSP_NEGOTIATE_LM_KEY 
               0: NTLMSSP_NEGOTIATE_NETWARE
               1: NTLMSSP_NEGOTIATE_NTLM   
               0: NTLMSSP_NEGOTIATE_NT_ONLY
               0: NTLMSSP_ANONYMOUS        
               0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
               0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
               0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
               1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
               0: NTLMSSP_TARGET_TYPE_DOMAIN
               0: NTLMSSP_TARGET_TYPE_SERVER
               0: NTLMSSP_TARGET_TYPE_SHARE
               1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
               0: NTLMSSP_NEGOTIATE_IDENTIFY
               0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
               0: NTLMSSP_NEGOTIATE_TARGET_INFO
               1: NTLMSSP_NEGOTIATE_VERSION
               1: NTLMSSP_NEGOTIATE_128    
               1: NTLMSSP_NEGOTIATE_KEY_EXCH
               0: NTLMSSP_NEGOTIATE_56     
        DomainNameLen            : 0x0000 (0)
        DomainNameMaxLen         : 0x0000 (0)
        DomainName               : *
            DomainName               : ''
        WorkstationLen           : 0x0000 (0)
        WorkstationMaxLen        : 0x0000 (0)
        Workstation              : *
            Workstation              : ''
        Version: struct ntlmssp_VERSION
            ProductMajorVersion      : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (6)
            ProductMinorVersion      : NTLMSSP_WINDOWS_MINOR_VERSION_1 (1)
            ProductBuild             : 0x0000 (0)
            Reserved: ARRAY(3)
                [0]                      : 0x00 (0)
                [1]                      : 0x00 (0)
                [2]                      : 0x00 (0)
            NTLMRevisionCurrent      : NTLMSSP_REVISION_W2K3 (15)
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_sign_pdu: sent SMB signature of
[0000] 42 53 52 53 50 59 4C 20                             BSRSPYL  
ntlmssp_check_packet: NTLMSSP signature OK !
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
smb_signing_activate: user_session_key
[0000] C0 4E 38 C6 D7 40 92 14   08 00 1D CB 50 F9 12 34   .N8..@.. ....P..4
smb_signing_activate: NULL response_data
smb_signing_md5: sequence number 1
smb_signing_check_pdu: seq 1: got good SMB signature of
[0000] C3 03 DC FE 31 43 FB 80                             ....1C.. 
smb_signing_md5: sequence number 2
smb_signing_sign_pdu: sent SMB signature of
[0000] 0D 98 E9 4A B8 37 E0 96                             ...J.7.. 
smb_signing_md5: sequence number 3
smb_signing_check_pdu: seq 3: got good SMB signature of
[0000] 59 18 F0 20 A2 DB 48 0F                             Y.. ..H. 
num_setup=1, max_setup=0, param_total=2, this_param=2, max_param=0, data_total=0, this_data=0, max_data=560, param_offset=68, param_pad=0, param_disp=0, data_offset=72, data_pad=2, data_disp=0
smb_signing_md5: sequence number 4
smb_signing_sign_pdu: sent SMB signature of
[0000] AF 7E 5F A3 2A C3 EE DC                             .~_.*... 
smb_signing_md5: sequence number 5
smb_signing_check_pdu: seq 5: got good SMB signature of
[0000] EC 38 80 1C 2A 7C FE 12                             .8..*|.. 
smb_signing_md5: sequence number 6
smb_signing_sign_pdu: sent SMB signature of
[0000] 1F 44 89 FE 9F D1 5A A0                             .D....Z. 
smb_signing_md5: sequence number 7
smb_signing_check_pdu: seq 7: got good SMB signature of
[0000] 68 7E 67 CC 94 B6 3A 3E                             h~g...:> 
Quotas are not enabled on this share.
Failed to open \$Extend\$Quota:$Q:$INDEX_ALLOCATION  NT_STATUS_ACCESS_DENIED.
9

Lange logfiles kannst du auch auf einem Textservice hochladen:

https://textuploader.com/

Zeig mal deine Samba config und die Ausgabe von


testparm -v
10

testparm -vhttp://txt.do/tt0q9

/etc/samba/smb.confhttp://txt.do/tt0q0

11

Okay, das sieht ganz okay aus. Zeig mal noch deine fstab bzw. die ausgabe von Mount.

die vorletzte Zeile

Quotas are not enabled on this share.

macht mich stutzig.

12

Hallo Till

das war es - denke ich. Zumindest konnte ich das Problem lösen.
Zunächst mal: ich bereite ein Produktivsystem vor und habe noch ein Testsystem parallel (jeweils Neuinstallation v7.1).

Die fstab unterscheidet sich bei beiden (beides Proxmox, Install from scratch nach Anleitung). Auf dem einen Server scheint sie korrekt:

> cat /etc/fstab

...
/dev/sda2				/						ext4	user_xattr,acl,usrquota,usrjquota=aquota.user,grpquota,grpjquota=aquota.group,jqfmt=vfsv0,errors=remount-ro,barrier=1	0	1
/dev/sg_srv/linbo		/srv/linbo				ext4	defaults	0	1
/dev/sg_srv/var			/var					ext4	defaults	0	1
/dev/sg_srv/global		/srv/samba/global		ext4	user_xattr,acl,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,barrier=1	0	1
/dev/sg_srv/default-school	/srv/samba/schools/default-school	ext4	user_xattr,acl,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,barrier=1	0	1
/swap.img	none	swap	sw	0	0

Auf dem anderen Server ist das „default“ nicht ersetzt. Da gibt es also auch keine Quotas. Außerdem sind die device-Namen (auch vom LVM) durch uuids ersetzt - das habe ich bisher auf den Test-Servern noch gar nicht gesehen!

Vor allem aber sind in beiden Fällen die Quota nicht aktiviert gewesen (auch nicht bei der korrekten fstab). Und das habe ich sicher nicht ausgeschaltet.

Nach Aufruf von quotacheck -ugm /srv/samba/global/ und quotaon /srv/samba/global) und Neustart lief dann sophomorix-quota fehlerfrei!

Ich habe für beide Anleitungen die Anleitung „from scratch“ verwendet - und dort steht ja, wenn man „default-Einstellungen“ wählt, muss in der fstab nichts ersetzt werden.

Danke jedenfalls fürs Mitdenken - was immer der Auslöser war.

Viele Grüße
Thomas

1 „Gefällt mir“