Компьютерный форум OSzone.net  

Компьютерный форум OSzone.net (http://forum.oszone.net/index.php)
-   Microsoft Exchange Server (http://forum.oszone.net/forumdisplay.php?f=76)
-   -   Слетают права на ящик. (http://forum.oszone.net/showthread.php?t=149388)

BOOBLIK_RU 31-08-2009 12:05 1207803
Слетают права на ящик.
 
Имеем:
Пользователь подключающийся атлуком на стандартный ресив коннектор эксченджа
Аутентификация, судя по логу, проходит нормально
Код:
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,2,192.168.0.30:587,192.168.0.174:2858,>,"220 *FQDN* Microsoft ESMTP MAIL Service ready at Mon, 31 Aug 2009 10:18:27 +0400",
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,3,192.168.0.30:587,192.168.0.174:2858,<,EHLO *user*,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,4,192.168.0.30:587,192.168.0.174:2858,>,250-*FQDN* Hello [192.168.0.174],
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,5,192.168.0.30:587,192.168.0.174:2858,>,250-SIZE 10485760,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,6,192.168.0.30:587,192.168.0.174:2858,>,250-PIPELINING,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,7,192.168.0.30:587,192.168.0.174:2858,>,250-DSN,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,8,192.168.0.30:587,192.168.0.174:2858,>,250-ENHANCEDSTATUSCODES,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,9,192.168.0.30:587,192.168.0.174:2858,>,250-STARTTLS,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,10,192.168.0.30:587,192.168.0.174:2858,>,250-AUTH NTLM,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,11,192.168.0.30:587,192.168.0.174:2858,>,250-8BITMIME,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,12,192.168.0.30:587,192.168.0.174:2858,>,250-BINARYMIME,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,13,192.168.0.30:587,192.168.0.174:2858,>,250 CHUNKING,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,14,192.168.0.30:587,192.168.0.174:2858,<,STARTTLS,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,15,192.168.0.30:587,192.168.0.174:2858,>,220 2.0.0 SMTP server ready,
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,16,192.168.0.30:587,192.168.0.174:2858,*,,Sending certificate
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,17,192.168.0.30:587,192.168.0.174:2858,*,"CN=*FQDN*, O=*domain*, DC=ru, DC=co, DC=*domain*",Certificate subject
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,18,192.168.0.30:587,192.168.0.174:2858,*,"CN=*FQDN*, DC=office, DC=*domain*",Certificate issuer name
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,19,192.168.0.30:587,192.168.0.174:2858,*,3F8E06A5000000000002,Certificate serial number
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,20,192.168.0.30:587,192.168.0.174:2858,*,B20E92D56E867F403CE01E641613F957748177B8,Certificate thumbprint
2009-08-31T06:18:27.840Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,21,192.168.0.30:587,192.168.0.174:2858,*,*domains*;exchange;exchange.office.mdom,Certificate alternate names
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,22,192.168.0.30:587,192.168.0.174:2858,<,EHLO *user*,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,23,192.168.0.30:587,192.168.0.174:2858,>,250-*FQDN* Hello [192.168.0.174],
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,24,192.168.0.30:587,192.168.0.174:2858,>,250-SIZE 10485760,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,25,192.168.0.30:587,192.168.0.174:2858,>,250-PIPELINING,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,26,192.168.0.30:587,192.168.0.174:2858,>,250-DSN,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,27,192.168.0.30:587,192.168.0.174:2858,>,250-ENHANCEDSTATUSCODES,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,28,192.168.0.30:587,192.168.0.174:2858,>,250-AUTH NTLM LOGIN,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,29,192.168.0.30:587,192.168.0.174:2858,>,250-8BITMIME,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,30,192.168.0.30:587,192.168.0.174:2858,>,250-BINARYMIME,
2009-08-31T06:18:27.855Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,31,192.168.0.30:587,192.168.0.174:2858,>,250 CHUNKING,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,32,192.168.0.30:587,192.168.0.174:2858,<,AUTH LOGIN,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,33,192.168.0.30:587,192.168.0.174:2858,>,334 <authentication response>,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,34,192.168.0.30:587,192.168.0.174:2858,>,334 <authentication response>,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,35,192.168.0.30:587,192.168.0.174:2858,*,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,36,192.168.0.30:587,192.168.0.174:2858,*,OFFICE\*user*,authenticated
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,37,192.168.0.30:587,192.168.0.174:2858,>,235 2.7.0 Authentication successful,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,38,192.168.0.30:587,192.168.0.174:2858,<,MAIL FROM: <*user*@*domain*.ru>,
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,39,192.168.0.30:587,192.168.0.174:2858,*,08CBE9389F87D46C;2009-08-31T06:18:27.840Z;1,receiving message
2009-08-31T06:18:27.871Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,40,192.168.0.30:587,192.168.0.174:2858,>,550 5.7.1 Client does not have permissions to send as this sender,
2009-08-31T06:18:27.902Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,41,192.168.0.30:587,192.168.0.174:2858,<,RSET,
2009-08-31T06:18:27.902Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,42,192.168.0.30:587,192.168.0.174:2858,>,250 2.0.0 Resetting,
2009-08-31T06:18:27.902Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,43,192.168.0.30:587,192.168.0.174:2858,<,MAIL FROM: <*user*@*domain*.ru>,
2009-08-31T06:18:27.902Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,44,192.168.0.30:587,192.168.0.174:2858,*,08CBE9389F87D46C;2009-08-31T06:18:27.840Z;2,receiving message
2009-08-31T06:18:27.902Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,45,192.168.0.30:587,192.168.0.174:2858,>,550 5.7.1 Client does not have permissions to send as this sender,
2009-08-31T06:18:30.387Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,46,192.168.0.30:587,192.168.0.174:2858,<,QUIT,
2009-08-31T06:18:30.387Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,47,192.168.0.30:587,192.168.0.174:2858,>,221 2.0.0 Service closing transmission channel,
2009-08-31T06:18:30.387Z,EXCHANGE\SMTP Receive Connector (587),08CBE9389F87D46C,48,192.168.0.30:587,192.168.0.174:2858,-,,Local
Получаем в ответ 550 5.7.1 Client does not have permissions to send as this sender
Ставим Send As права на ящик для NT AUTHORITY\SELF, все работает час-два, после чего права снова слетают.
Из всех ~500 пользователей такое происходит только у двух человек. Не пойму причин такого поведения сервера.

Oleg Krylov 31-08-2009 12:26 1207811
А пользователь случаем не из админов Exchange организации?

BOOBLIK_RU 31-08-2009 14:13 1207880
нет, пльзователь простой Builtin\Domain Users

ЗЫ: пока что решаю такую проблему переносом почты на сервер+созданием MAPI учетки в аутлуке для пользователей сидящих под доменками или же пересозданием доменной учетки для авторизации на эксчендже в случае если пользователь в малом бранч офисе и под доменны профилем не сидит. Гугл увы ничем пока не помог, находит только развалы статей про Send as & Send on behalf.


Время: 03:09.

Время: 03:09.
© OSzone.net 2001-