[CentOS] Samba Problem with AD Connection

Sat Jul 17 11:38:59 UTC 2021
Mr Typo <euroregistrar at gmail.com>

Hello all,

i hope you can help me. I have successfully set up a connection with
samba to my domain controller. What works:
* wbinfo -u / wbinfo -g
* wbinfo -a
* bet ads info

i hope you can help me! thank you!

============
net ads info
LDAP server: 10.40.130.10
LDAP server name: sv1-dc01p.pfw.local
Realm: PFW.LOCAL
Bind Path: dc=PFW,dc=LOCAL
LDAP port: 389
Server time: Sat, 17 Jul 2021 13:32:03 CEST
KDC server: 10.40.130.10
Server time offset: 0
Last machine account password change: Sat, 17 Jul 2021 10:55:08 CEST
===========

========
wbinfo -a srvadmsar
Enter srvadmsar's password:
plaintext password authentication succeeded
Enter srvadmsar's password:
challenge/response password authentication succeeded
=======

when i try to connect with smbclient and a domain user i get the error

SPNEGO login failed: The attempted logon is invalid. This is either
due to a bad username or authentication information.
session setup failed: NT_STATUS_LOGON_FAILURE

in the Logfiles ob the samba server i get a NT_STATUS_OK (when i join
with a domain joined windows system, i get NT_STATUS_OK, but windows
then wants a username and password.

below you can find the logs from /var/log/samba/*

i hope you can help me, i am trying for hours...



==> /var/log/samba/log.127.0.0.1 <==
[2021/07/17 13:38:05.792287,  5]
../../source3/param/loadparm.c:1396(free_service)
  free_service: Freeing service shareshare
[2021/07/17 13:38:05.792319,  5]
../../source3/param/loadparm.c:1396(free_service)
  free_service: Freeing service IPC$
[2021/07/17 13:38:05.792339,  3] ../../source3/param/loadparm.c:3945(lp_load_ex)
  lp_load_ex: refreshing parameters
[2021/07/17 13:38:05.792349,  5]
../../source3/param/loadparm.c:1371(free_param_opts)
  Freeing parametrics:
[2021/07/17 13:38:05.792434,  3]
../../source3/param/loadparm.c:551(init_globals)
  Initialising global parameters
[2021/07/17 13:38:05.792535,  3]
../../source3/param/loadparm.c:2847(lp_do_section)
  Processing section "[global]"
  doing parameter workgroup = PFW
  doing parameter realm = PFW.LOCAL
  doing parameter security = ads
  doing parameter password server = 10.40.130.10
  doing parameter idmap config * : backend = autorid
  doing parameter idmap config * : range = 100000-19999999
  doing parameter idmap config * : rangesize = 1000000
  doing parameter template homedir = /home/%D/%U
  doing parameter template shell = /bin/bash
  doing parameter winbind use default domain = true
  doing parameter ntlm auth = yes
  doing parameter winbind offline logon = true
  doing parameter log file = /var/log/samba/log.%m
  doing parameter max log size = 50
  doing parameter log level = 5
[2021/07/17 13:38:05.792740,  5] ../../lib/util/debug.c:811(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
    auth_audit: 5
    auth_json_audit: 5
    kerberos: 5
    drs_repl: 5
    smb2: 5
    smb2_credits: 5
    dsdb_audit: 5
    dsdb_json_audit: 5
    dsdb_password_audit: 5
    dsdb_password_json_audit: 5
    dsdb_transaction_audit: 5
    dsdb_transaction_json_audit: 5
    dsdb_group_audit: 5
    dsdb_group_json_audit: 5
  doing parameter load printers = no
[2021/07/17 13:38:05.792873,  2]
../../source3/param/loadparm.c:2864(lp_do_section)
  Processing section "[shareshare]"
  doing parameter path = /storage/share
  doing parameter browsable = yes
  doing parameter writable = yes
  doing parameter read only = no
  doing parameter guest ok = yes
  doing parameter valid users = PFW\SRVADMSAR
[2021/07/17 13:38:05.792992,  4] ../../source3/param/loadparm.c:3987(lp_load_ex)
  pm_process() returned Yes
[2021/07/17 13:38:05.793023,  3] ../../source3/param/loadparm.c:1648(lp_add_ipc)
  adding IPC service
[2021/07/17 13:38:05.793057,  5] ../../lib/util/debug.c:811(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
    auth_audit: 5
    auth_json_audit: 5
    kerberos: 5
    drs_repl: 5
    smb2: 5
    smb2_credits: 5
    dsdb_audit: 5
    dsdb_json_audit: 5
    dsdb_password_audit: 5
    dsdb_password_json_audit: 5
    dsdb_transaction_audit: 5
    dsdb_transaction_json_audit: 5
    dsdb_group_audit: 5
    dsdb_group_json_audit: 5
[2021/07/17 13:38:05.793459,  2]
../../source3/lib/interface.c:345(add_interface)
  added interface ens192 ip=192.168.110.104 bcast=192.168.110.255
netmask=255.255.255.0
[2021/07/17 13:38:05.793493,  5]
../../lib/util/util_net.c:1058(print_socket_options)
  Socket options:
  SO_KEEPALIVE = 1
  SO_REUSEADDR = 1
  SO_BROADCAST = 0
  TCP_NODELAY = 1
  TCP_KEEPCNT = 9
  TCP_KEEPIDLE = 7200
  TCP_KEEPINTVL = 75
  IPTOS_LOWDELAY = 0
  IPTOS_THROUGHPUT = 0
  SO_REUSEPORT = 1
  SO_SNDBUF = 2626560
  SO_RCVBUF = 1061488
  SO_SNDLOWAT = 1
  SO_RCVLOWAT = 1
  SO_SNDTIMEO = 0
  SO_RCVTIMEO = 0
  TCP_QUICKACK = 1
  TCP_DEFER_ACCEPT = 0
  TCP_USER_TIMEOUT = 0
[2021/07/17 13:38:05.793563,  5]
../../lib/util/util_net.c:1058(print_socket_options)
  Socket options:
  SO_KEEPALIVE = 1
  SO_REUSEADDR = 1
  SO_BROADCAST = 0
  TCP_NODELAY = 1
  TCP_KEEPCNT = 9
  TCP_KEEPIDLE = 7200
  TCP_KEEPINTVL = 75
  IPTOS_LOWDELAY = 0
  IPTOS_THROUGHPUT = 0
  SO_REUSEPORT = 1
  SO_SNDBUF = 2626560
  SO_RCVBUF = 1061488
  SO_SNDLOWAT = 1
  SO_RCVLOWAT = 1
  SO_SNDTIMEO = 0
  SO_RCVTIMEO = 0
  TCP_QUICKACK = 1
  TCP_DEFER_ACCEPT = 0
  TCP_USER_TIMEOUT = 0
[2021/07/17 13:38:05.793659,  3] ../../source3/smbd/oplock.c:1427(init_oplocks)
  init_oplocks: initializing messages.
[2021/07/17 13:38:05.793672,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 774 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793681,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 778 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793692,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 770 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793700,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 801 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793706,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 787 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793713,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 779 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793723,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 15 - private_data=(nil)
[2021/07/17 13:38:05.793740,  5]
../../source3/lib/messages.c:740(messaging_register)
  Overriding messaging pointer for type 15 - private_data=(nil)
[2021/07/17 13:38:05.793751,  5]
../../source3/lib/messages.c:772(messaging_deregister)
  Deregistering messaging pointer for type 16 - private_data=(nil)
[2021/07/17 13:38:05.793762,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 16 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793773,  5]
../../source3/lib/messages.c:772(messaging_deregister)
  Deregistering messaging pointer for type 33 - private_data=0x55fecf14d350
[2021/07/17 13:38:05.793783,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 33 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793793,  5]
../../source3/lib/messages.c:772(messaging_deregister)
  Deregistering messaging pointer for type 790 - private_data=(nil)
[2021/07/17 13:38:05.793804,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 790 - private_data=0x55fecf175270
[2021/07/17 13:38:05.793815,  5]
../../source3/lib/messages.c:772(messaging_deregister)
  Deregistering messaging pointer for type 791 - private_data=(nil)
[2021/07/17 13:38:05.793826,  5]
../../source3/lib/messages.c:772(messaging_deregister)
  Deregistering messaging pointer for type 1 - private_data=(nil)
[2021/07/17 13:38:05.793836,  5]
../../source3/lib/messages.c:725(messaging_register)
  Registering messaging pointer for type 1 - private_data=(nil)
[2021/07/17 13:38:05.793889,  3] ../../source3/smbd/process.c:1957(process_smb)
  Transaction 0 of length 214 (0 toread)
[2021/07/17 13:38:05.793943,  4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2021/07/17 13:38:05.793963,  5]
../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2021/07/17 13:38:05.793979,  5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2021/07/17 13:38:05.794013,  5]
../../source3/smbd/uid.c:494(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2021/07/17 13:38:05.794036,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2021/07/17 13:38:05.794045,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2021/07/17 13:38:05.794056,  4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2021/07/17 13:38:05.794064,  5]
../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2021/07/17 13:38:05.794070,  5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2021/07/17 13:38:05.794125,  4] ../../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2021/07/17 13:38:05.794151,  5] ../../lib/util/debug.c:811(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
    auth_audit: 5
    auth_json_audit: 5
    kerberos: 5
    drs_repl: 5
    smb2: 5
    smb2_credits: 5
    dsdb_audit: 5
    dsdb_json_audit: 5
    dsdb_password_audit: 5
    dsdb_password_json_audit: 5
    dsdb_transaction_audit: 5
    dsdb_transaction_json_audit: 5
    dsdb_group_audit: 5
    dsdb_group_json_audit: 5
[2021/07/17 13:38:05.794366,  3]
../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
  Selected protocol SMB3_11
[2021/07/17 13:38:05.794393,  5]
../../source3/auth/auth.c:540(make_auth3_context_for_ntlm)
  Making default auth method list for server role = 'domain member'
[2021/07/17 13:38:05.794417,  5] ../../source3/auth/auth.c:51(smb_register_auth)
  Attempting to register auth backend anonymous
[2021/07/17 13:38:05.794436,  5] ../../source3/auth/auth.c:63(smb_register_auth)
  Successfully added auth method 'anonymous'
[2021/07/17 13:38:05.794450,  5] ../../source3/auth/auth.c:51(smb_register_auth)
  Attempting to register auth backend sam
[2021/07/17 13:38:05.794467,  5] ../../source3/auth/auth.c:63(smb_register_auth)
  Successfully added auth method 'sam'
[2021/07/17 13:38:05.794480,  5] ../../source3/auth/auth.c:51(smb_register_auth)
  Attempting to register auth backend sam_ignoredomain
[2021/07/17 13:38:05.794493,  5] ../../source3/auth/auth.c:63(smb_register_auth)
  Successfully added auth method 'sam_ignoredomain'
[2021/07/17 13:38:05.794501,  5] ../../source3/auth/auth.c:51(smb_register_auth)
  Attempting to register auth backend sam_netlogon3
[2021/07/17 13:38:05.794517,  5] ../../source3/auth/auth.c:63(smb_register_auth)
  Successfully added auth method 'sam_netlogon3'
[2021/07/17 13:38:05.794529,  5] ../../source3/auth/auth.c:51(smb_register_auth)
  Attempting to register auth backend winbind
[2021/07/17 13:38:05.794539,  5] ../../source3/auth/auth.c:63(smb_register_auth)
  Successfully added auth method 'winbind'
[2021/07/17 13:38:05.794549,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match anonymous
[2021/07/17 13:38:05.794560,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method anonymous has a valid init
[2021/07/17 13:38:05.794571,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2021/07/17 13:38:05.794582,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2021/07/17 13:38:05.794593,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match winbind
[2021/07/17 13:38:05.794604,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2021/07/17 13:38:05.794611,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2021/07/17 13:38:05.794617,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method sam_ignoredomain has a valid init
[2021/07/17 13:38:05.794730,  5]
../../auth/gensec/gensec_start.c:849(gensec_start_mech)
  Starting GENSEC mechanism spnego
[2021/07/17 13:38:05.794813,  5]
../../auth/gensec/gensec_start.c:849(gensec_start_mech)
  Starting GENSEC submechanism gse_krb5

==> /var/log/samba/log.smbd <==
[2021/07/17 13:38:05.791006,  2]
../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2021/07/17 13:38:05.791086,  5]
../../source3/passdb/pdb_interface.c:155(make_pdb_method_name)
  Attempting to find a passdb backend to match tdbsam (tdbsam)
[2021/07/17 13:38:05.791103,  5]
../../source3/passdb/pdb_interface.c:176(make_pdb_method_name)
  Found pdb backend tdbsam
[2021/07/17 13:38:05.791143,  5]
../../source3/passdb/pdb_interface.c:187(make_pdb_method_name)
  pdb backend tdbsam has a valid init
[2021/07/17 13:38:05.791248,  5]
../../lib/util/util_net.c:1058(print_socket_options)
  Socket options:
  SO_KEEPALIVE = 1
  SO_REUSEADDR = 1
  SO_BROADCAST = 0
  TCP_NODELAY = 1
  TCP_KEEPCNT = 9
  TCP_KEEPIDLE = 7200
  TCP_KEEPINTVL = 75
  IPTOS_LOWDELAY = 0
  IPTOS_THROUGHPUT = 0
  SO_REUSEPORT = 1
  SO_SNDBUF = 2626560
  SO_RCVBUF = 1061488
  SO_SNDLOWAT = 1
  SO_RCVLOWAT = 1
  SO_SNDTIMEO = 0
  SO_RCVTIMEO = 0
  TCP_QUICKACK = 1
  TCP_DEFER_ACCEPT = 0
  TCP_USER_TIMEOUT = 0
[2021/07/17 13:38:05.791344,  5]
../../lib/util/util_net.c:1058(print_socket_options)
  Socket options:
  SO_KEEPALIVE = 1
  SO_REUSEADDR = 1
  SO_BROADCAST = 0
  TCP_NODELAY = 1
  TCP_KEEPCNT = 9
  TCP_KEEPIDLE = 7200
  TCP_KEEPINTVL = 75
  IPTOS_LOWDELAY = 0
  IPTOS_THROUGHPUT = 0
  SO_REUSEPORT = 1
  SO_SNDBUF = 2626560
  SO_RCVBUF = 1061488
  SO_SNDLOWAT = 1
  SO_RCVLOWAT = 1
  SO_SNDTIMEO = 0
  SO_RCVTIMEO = 0
  TCP_QUICKACK = 1
  TCP_DEFER_ACCEPT = 0
  TCP_USER_TIMEOUT = 0
[2021/07/17 13:38:05.791502,  3] ../../lib/util/access.c:371(allow_access)
  Allowed connection from 127.0.0.1 (127.0.0.1)
[2021/07/17 13:38:05.791563,  5] ../../lib/util/debug.c:811(debug_dump_status)
  INFO: Current debug levels:
    all: 5
    tdb: 5
    printdrivers: 5
    lanman: 5
    smb: 5
    rpc_parse: 5
    rpc_srv: 5
    rpc_cli: 5
    passdb: 5
    sam: 5
    auth: 5
    winbind: 5
    vfs: 5
    idmap: 5
    quota: 5
    acls: 5
    locking: 5
    msdfs: 5
    dmapi: 5
    registry: 5
    scavenger: 5
    dns: 5
    ldb: 5
    tevent: 5
    auth_audit: 5
    auth_json_audit: 5
    kerberos: 5
    drs_repl: 5
    smb2: 5
    smb2_credits: 5
    dsdb_audit: 5
    dsdb_json_audit: 5
    dsdb_password_audit: 5
    dsdb_password_json_audit: 5
    dsdb_transaction_audit: 5
    dsdb_transaction_json_audit: 5
    dsdb_group_audit: 5
    dsdb_group_json_audit: 5

==> /var/log/samba/log.127.0.0.1 <==
[2021/07/17 13:38:08.966773,  4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2021/07/17 13:38:08.966824,  5]
../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2021/07/17 13:38:08.966839,  5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2021/07/17 13:38:08.966873,  5]
../../source3/smbd/uid.c:494(smbd_change_to_root_user)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2021/07/17 13:38:08.966910,  5]
../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
  dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/lock/smbXsrv_session_global.tdb
[2021/07/17 13:38:08.967145,  5]
../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
  dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/lock/smbXsrv_session_global.tdb
[2021/07/17 13:38:08.967170,  5]
../../source3/auth/auth.c:540(make_auth3_context_for_ntlm)
  Making default auth method list for server role = 'domain member'
[2021/07/17 13:38:08.967183,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match anonymous
[2021/07/17 13:38:08.967216,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method anonymous has a valid init
[2021/07/17 13:38:08.967239,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam
[2021/07/17 13:38:08.967251,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method sam has a valid init
[2021/07/17 13:38:08.967261,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match winbind
[2021/07/17 13:38:08.967271,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method winbind has a valid init
[2021/07/17 13:38:08.967281,  5] ../../source3/auth/auth.c:425(load_auth_module)
  load_auth_module: Attempting to find an auth method to match sam_ignoredomain
[2021/07/17 13:38:08.967292,  5] ../../source3/auth/auth.c:450(load_auth_module)
  load_auth_module: auth method sam_ignoredomain has a valid init
[2021/07/17 13:38:08.967388,  5]
../../auth/gensec/gensec_start.c:849(gensec_start_mech)
  Starting GENSEC mechanism spnego
[2021/07/17 13:38:08.967406,  5]
../../lib/dbwrap/dbwrap.c:148(dbwrap_lock_order_lock)
  dbwrap_lock_order_lock: check lock order 1 for
/var/lib/samba/lock/smbXsrv_session_global.tdb
[2021/07/17 13:38:08.967430,  5]
../../lib/dbwrap/dbwrap.c:180(dbwrap_lock_order_unlock)
  dbwrap_lock_order_unlock: release lock order 1 for
/var/lib/samba/lock/smbXsrv_session_global.tdb
[2021/07/17 13:38:08.967442,  4] ../../source3/smbd/sec_ctx.c:216(push_sec_ctx)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2021/07/17 13:38:08.967451,  4] ../../source3/smbd/uid.c:562(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2021/07/17 13:38:08.967462,  4]
../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2021/07/17 13:38:08.967472,  5]
../../libcli/security/security_token.c:52(security_token_debug)
  Security token: (NULL)
[2021/07/17 13:38:08.967479,  5]
../../source3/auth/token_util.c:874(debug_unix_user_token)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2021/07/17 13:38:08.967550,  5]
../../auth/gensec/gensec_start.c:849(gensec_start_mech)
  Starting GENSEC submechanism ntlmssp
[2021/07/17 13:38:08.967586,  3]
../../auth/ntlmssp/ntlmssp_util.c:72(debug_ntlmssp_flags)
  Got NTLMSSP neg_flags=0x62088215
    NTLMSSP_NEGOTIATE_UNICODE
    NTLMSSP_REQUEST_TARGET
    NTLMSSP_NEGOTIATE_SIGN
    NTLMSSP_NEGOTIATE_NTLM

==> /var/log/samba/log.wb-PFW <==
[2021/07/17 13:38:08.969578,  4]
../../source3/winbindd/winbindd_dual.c:1626(child_handler)
  child daemon request 14
[2021/07/17 13:38:08.969608,  3]
../../source3/winbindd/winbindd_pam.c:2683(winbindd_dual_pam_auth_crap)
  [10364]: pam auth crap domain: PFW user: srvadmsar
[2021/07/17 13:38:08.969741,  5]
../../source3/rpc_client/cli_pipe.c:827(rpc_api_pipe_send)
  rpc_api_pipe: host sv1-dc01p.pfw.local
[2021/07/17 13:38:08.969754,  5]
../../source3/rpc_client/cli_pipe.c:179(rpc_write_send)
  rpc_write_send: data_to_write: 696
[2021/07/17 13:38:08.970968,  5]
../../source3/rpc_client/cli_pipe.c:99(rpc_read_send)
  rpc_read_send: data_to_read: 632
[2021/07/17 13:38:08.971188,  5]
../../source3/winbindd/winbindd_pam.c:2640(winbind_dual_SamLogon)
  NTLM CRAP authentication for user [PFW]\[srvadmsar] returned NT_STATUS_OK
[2021/07/17 13:38:08.971291,  3]
../../auth/auth_log.c:653(log_authentication_event_human_readable)
  Auth: [winbind,NTLM_AUTH, smbd, 10364] user [PFW]\[srvadmsar] at
[Sat, 17 Jul 2021 13:38:08.971273 CEST] with [NTLMv2] status
[NT_STATUS_OK] workstation [SMBTEST-ANDI] remote host [unix:] became
[PFW]\[srvadmsar] [S-1-5-21-4080695503-475066264-1108356078-1126].
local host [unix:]
  {"timestamp": "2021-07-17T13:38:08.971345+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
2}, "eventId": 4624, "logonId": "7944426e07973722", "logonType": 3,
"status": "NT_STATUS_OK", "localAddress": "unix:", "remoteAddress":
"unix:", "serviceDescription": "winbind", "authDescription":
"NTLM_AUTH, smbd, 10364", "clientDomain": "PFW", "clientAccount":
"srvadmsar", "workstation": "SMBTEST-ANDI", "becameAccount":
"srvadmsar", "becameDomain": "PFW", "becameSid":
"S-1-5-21-4080695503-475066264-1108356078-1126", "mappedAccount":
null, "mappedDomain": null, "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "NTLMv2", "duration": 1758}}
[2021/07/17 13:38:08.971423,  4]
../../source3/winbindd/winbindd_dual.c:1634(child_handler)
  Finished processing child request 14

==> /var/log/samba/log.winbindd <==
[2021/07/17 13:38:08.969181,  3]
../../source3/winbindd/winbindd_misc.c:432(winbindd_interface_version)
  winbindd_interface_version: [smbd (10448)]: request interface
version (version = 31)
[2021/07/17 13:38:08.969319,  3]
../../source3/winbindd/winbindd_misc.c:470(winbindd_priv_pipe_dir)
  winbindd_priv_pipe_dir: [smbd (10448)]: request location of privileged pipe
[2021/07/17 13:38:08.969346,  3]
../../source3/winbindd/winbindd_misc.c:483(winbindd_priv_pipe_dir)
  winbindd_priv_pipe_dir: [smbd (10448)]: response location of
privileged pipe: (null)
[2021/07/17 13:38:08.969496,  3]
../../source3/winbindd/winbindd_pam_auth_crap.c:113(winbindd_pam_auth_crap_send)
  [10448]: pam auth crap domain: [PFW] user: srvadmsar
[2021/07/17 13:38:08.973296,  3]
../../source3/winbindd/winbindd_misc.c:407(winbindd_ping)
  winbindd_ping: [smbd (10448)]: ping