Bug 14638 - restrict anonymous = 2 breaks RODC functionality
Summary: restrict anonymous = 2 breaks RODC functionality
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.13.4
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-16 07:51 UTC by Christian Naumer
Modified: 2021-02-16 15:07 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Naumer 2021-02-16 07:51:10 UTC
If on the RWDCs "restrict anonymous = 2" is set the communication of a RODC fails.

If I try to auth a user with wbinfo -a that is in the "Allowed RODC Password Replication Group" but not preloaded I get this error in the logs:



Feb 15 15:43:30 rodc.hq.domain.de winbindd[34442]: [2021/02/15 15:43:30.146704,  1] ../../source3/winbindd/winbindd_cm.c:1310(cm_prepare_connection)
Feb 15 15:43:30 rodc.hq.domain.de winbindd[34442]:   Failed to prepare SMB connection to dc2.hq.domain.de: NT_STATUS_ACCESS_DENIED 
Feb 15 15:43:30 rodc.hq.domain.de winbindd[34442]: [2021/02/15 15:43:30.147548,  2] ../../auth/auth_log.c:653(log_authentication_event_human_readable)
Feb 15 15:43:30 rodc.hq.domain.de winbindd[34442]:   Auth: [winbind,NTLM_AUTH, wbinfo, 34390] user [DOMAIN-02]\[bir] at [Mon, 15 Feb 2021 15:43:30.147532 CET] with [NTLMv2] status [NT_STATUS_ACCESS_DENIED] workstation [RODC] remote host [unix:] mapped to [(null)]\[(null)]. local host [unix:]

On the contacted RWDC I see this at loglevel 6:

Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Allowed connection from 10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.143398,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144075,  3] ../../source3/smbd/oplock.c:1427(init_oplocks)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   init_oplocks: initializing messages.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144103,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 774 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144117,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 778 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144141,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 770 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144158,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 801 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144187,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 787 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144213,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 779 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144236,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144255,  5] ../../source3/lib/messages.c:740(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Overriding messaging pointer for type 15 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144273,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging pointer for type 16 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144298,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 16 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144312,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging pointer for type 33 - private_data=0x55e1c3a5b150
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144326,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 33 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144339,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging pointer for type 790 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144355,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 790 - private_data=0x55e1c4745da0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144369,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging pointer for type 791 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144382,  5] ../../source3/lib/messages.c:772(messaging_deregister)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Deregistering messaging pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.144395,  5] ../../source3/lib/messages.c:725(messaging_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Registering messaging pointer for type 1 - private_data=(nil)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164146,  3] ../../source3/smbd/process.c:1957(process_smb)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Transaction 0 of length 242 (0 toread)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164212,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164253,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164266,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164294,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164321,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164336,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164347,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164357,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164367,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164409,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164431,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164684,  3] ../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Selected protocol SMB3_11
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164723,  5] ../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Making default auth method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164738,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend anonymous
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164753,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'anonymous'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164764,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend sam
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164777,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'sam'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164790,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend sam_ignoredomain
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164801,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'sam_ignoredomain'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164816,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend sam_netlogon3
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164826,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'sam_netlogon3'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164837,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend winbind
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164849,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'winbind'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164860,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend unix
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164870,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'unix'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164882,  5] ../../source3/auth/auth.c:51(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Attempting to register auth backend samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164893,  5] ../../source3/auth/auth.c:63(smb_register_auth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully added auth method 'samba4'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.164903,  5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166002,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'gssapi_spnego' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166023,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166037,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'gssapi_krb5_sasl' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166049,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'spnego' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166063,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'schannel' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166073,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'naclrpc_as_system' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166084,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'sasl-EXTERNAL' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166095,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'ntlmssp' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166105,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'ntlmssp_resume_ccache' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166116,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'http_basic' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166129,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'http_ntlm' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166140,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'http_negotiate' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166151,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166162,  3] ../../auth/gensec/gensec_start.c:988(gensec_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   GENSEC backend 'fake_gssapi_krb5' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166173,  5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: auth method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.166630,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   ldb_wrap open of secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167003,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'sam' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167030,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'sam_ignoredomain' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167044,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'anonymous' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167055,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'winbind' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167066,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'name_to_ntstatus' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.167076,  3] ../../source4/auth/ntlm/auth.c:867(auth_register)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   AUTH backend 'unix' registered
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.168554,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.168714,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC submechanism gssapi_krb5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170373,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170406,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170418,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170440,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170463,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170537,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170567,  5] ../../source3/auth/auth.c:536(make_auth3_context_for_ntlm)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Making default auth method list for server role = 'active directory domain controller'
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170584,  5] ../../source3/auth/auth.c:425(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: Attempting to find an auth method to match samba4
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170600,  5] ../../source3/auth/auth.c:450(load_auth_module)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   load_auth_module: auth method samba4 has a valid init
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.170997,  3] ../../lib/ldb-samba/ldb_wrap.c:332(ldb_wrap_connect)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   ldb_wrap open of secrets.ldb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172360,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC mechanism spnego
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172388,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172410,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172424,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172436,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172447,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172458,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172468,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172544,  5] ../../auth/gensec/gensec_start.c:750(gensec_start_mech)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Starting GENSEC submechanism ntlmssp
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172574,  3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP neg_flags=0x62088215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172690,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172732,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172747,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172758,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172768,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172781,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.172804,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173628,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173683,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173725,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173737,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173750,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173771,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173786,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173801,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173814,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173826,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173837,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173848,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173858,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173885,  3] ../../auth/ntlmssp/ntlmssp_server.c:513(ntlmssp_server_preauth)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got user=[] domain=[] workstation=[] len1=0 len2=0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173898,  3] ../../source4/auth/ntlm/auth.c:243(auth_check_password_send)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_check_password_send: Checking password for unmapped user []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_check_password_send: user is: []\[]@[]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173923,  5] ../../source4/auth/ntlm/auth.c:70(auth_get_challenge)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   auth_get_challenge: returning previous challenge by module random (normal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173934,  5] ../../lib/util/util.c:722(dump_data)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   [0000] A0 84 59 89 C9 C6 50 84                             ..Y...P.
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173957,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.173978,  5] ../../source4/auth/ntlm/auth.c:493(auth_check_password_recv)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: auth_check_password_recv: anonymous authentication for user [NT AUTHORITY\ANONYMOUS LOGON] succeeded
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174003,  5] ../../auth/auth_log.c:653(log_authentication_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Auth: [SMB2,NTLMSSP] user []\[] at [Tue, 16 Feb 2021 06:48:32.173997 CET] with [No-Password] status [NT_STATUS_OK] workstation [] remote host [ipv4:10.1.0.77:52026] became [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7]. local host [ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   {"timestamp": "2021-02-16T06:48:32.174065+0100", "type": "Authentication", "Authentication": {"version": {"major": 1, "minor": 2}, "eventId": 4624, "logonId": "0", "logonType": 3, "status": "NT_STATUS_OK", "localAddress": "ipv4:192.168.0.106:445", "remoteAddress": "ipv4:10.1.0.77:52026", "serviceDescription": "SMB2", "authDescription": "NTLMSSP", "clientDomain": "", "clientAccount": "", "workstation": "", "becameAccount": "ANONYMOUS LOGON", "becameDomain": "NT AUTHORITY", "becameSid": "S-1-5-7", "mappedAccount": "", "mappedDomain": "", "netlogonComputer": null, "netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", "netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null, "passwordType": "No-Password", "duration": 2927}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174122,  3] ../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174136,  3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174181,  5] ../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174201,  3] ../../auth/ntlmssp/ntlmssp_sign.c:623(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - Initialising with flags:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174213,  3] ../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Got NTLMSSP neg_flags=0x62008215
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_UNICODE
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_REQUEST_TARGET
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_NTLM
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_VERSION
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     NTLMSSP_NEGOTIATE_128
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: NTLMSSP_NEGOTIATE_KEY_EXCH
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174254,  5] ../../auth/ntlmssp/ntlmssp_sign.c:792(ntlmssp_sign_reset)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   NTLMSSP Sign/Seal - using NTLM1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174269,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174281,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174291,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174301,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174311,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174334,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16 06:48:32.174475,  3] ../../source3/winbindd/winbindd_misc.c:432(winbindd_interface_version)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: winbindd_interface_version: [nss_winbind (971786)]: request interface version (version = 31)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]: [2021/02/16 06:48:32.174555,  3] ../../source3/winbindd/winbindd_sids_to_xids.c:50(winbindd_sids_to_xids_send)
Feb 16 06:48:32 dc4.hq.domain.de winbindd[971610]:   sids_to_xids
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174608,  5] ../../source4/auth/unix_token.c:131(security_token_to_unix_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successfully converted security token to a unix token:Security token SIDs (4):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  0]: S-1-5-7
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  1]: S-1-1-0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  2]: S-1-5-2
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     SID[  3]: S-1-5-64-10
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:    Privileges (0x        0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:    Rights (0x    0):
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174680,  5] ../../auth/auth_log.c:753(log_successful_authz_event_human_readable)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Successful AuthZ: [SMB2,NTLMSSP] user [NT AUTHORITY]\[ANONYMOUS LOGON] [S-1-5-7] at [Tue, 16 Feb 2021 06:48:32.174662 CET] Remote host [ipv4:10.1.0.77:52026] local host [ipv4:192.168.0.106:445]
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   {"timestamp": "2021-02-16T06:48:32.174712+0100", "type": "Authorization", "Authorization": {"version": {"major": 1, "minor": 1}, "localAddress": "ipv4:192.168.0.106:445", "remoteAddress": "ipv4:10.1.0.77:52026", "serviceDescription": "SMB2", "authType": "NTLMSSP", "domain": "NT AUTHORITY", "account": "ANONYMOUS LOGON", "sid": "S-1-5-7", "sessionId": "8ee53b36-dea5-4ac4-9b5c-15a6a3c58519", "logonServer": "DC4", "transportProtection": "SMB", "accountFlags": "0x00000010"}}
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.174774,  5] ../../lib/util/debug.c:811(debug_dump_status)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   INFO: Current debug levels:
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     all: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     printdrivers: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     lanman: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_parse: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_srv: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     rpc_cli: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     passdb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     sam: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     winbind: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     vfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     idmap: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     quota: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     acls: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     locking: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     msdfs: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dmapi: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     registry: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     scavenger: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dns: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     ldb: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     tevent: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     auth_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     kerberos: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     drs_repl: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     smb2_credits: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_password_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_password_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_transaction_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dsdb_transaction_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:     dsdb_group_json_audit: 5
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.175034,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.175084,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.177955,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178000,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_session_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178016,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178030,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178041,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Primary group is 0 and contains 0 supplementary groups
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178061,  5] ../../source3/smbd/uid.c:494(smbd_change_to_root_user)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   change_to_root_user: now uid=(0,0) gid=(0,0)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178089,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178128,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178150,  3] ../../lib/util/access.c:371(allow_access)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Allowed connection from 10.1.0.77 (10.1.0.77)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178164,  1] ../../source3/smbd/service.c:355(create_connection_session_info)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: create_connection_session_info: guest user (from session setup) not permitted to access this share (IPC$)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178175,  1] ../../source3/smbd/service.c:544(make_connection_snum)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178192,  5] ../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   dbwrap_lock_order_lock: check lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178208,  5] ../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: dbwrap_lock_order_unlock: release lock order 1 for /var/cache/samba/smbXsrv_tcon_global.tdb
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.178221,  3] ../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_tcon.c:151
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.179379,  3] ../../source3/smbd/smb2_server.c:3863(smbd_smb2_request_error_ex)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NETWORK_NAME_DELETED] || at ../../source3/smbd/smb2_server.c:3147
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.180041,  4] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.180067,  5] ../../libcli/security/security_token.c:52(security_token_debug)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   Security token: (NULL)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]: [2021/02/16 06:48:32.180079,  5] ../../source3/auth/token_util.c:874(debug_unix_user_token)
Feb 16 06:48:32 dc4.hq.domain.de smbd[971786]:   UNIX token of user 0 

This also prevents samba_dnsupdate from running corectly.