[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
Norbert Hanke
norbert.hanke at gmx.ch
Wed Jul 26 20:00:03 UTC 2023
Hi,
I have the same issue with "Could not convert SID S-0-0..." on 2 out of
3 DCs. These messages _are_ cluttering syslog: 54 000 such messages with
severity "Warning" in the last 21 1/2 hours .
All 3 DCs are on samba 4.17.9 with identical configurations.
The DC that does not have the problem runs on Debian bullseye, using
bullseye-backports packages. It exists since many months, more or less
since Michael Tokarev provides the bullseye-packport packages, and has
repeatedly been updated since then.
The affected DCs run on Debian bookworm, using regular bookworm
packages. They were freshly joined after their equally named
predecessors had been cleanly demoted, and they had their idmap.ldb
taken from the preexisting DC.
My /etc/samba/smb.conf:
# Global parameters
[global]
netbios name = DC2
realm = AD.MYDOMAIN.TLD
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = MYDOMAIN
idmap_ldb:use rfc2307 = yes
logging = syslog at 3
log level = 1
printing = BSD
printcap name = /dev/null
load printers = no
tls ca file = /usr/local/share/ca-certificates/MydomainCA1.crt
username map = /etc/samba/user.map
disable spoolss = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/ad.mydomain.tld/scripts
read only = No
Any clue anyone?
regards,
Norbert
On 25.07.2023 13:21, Peter Eriksson via samba wrote:
> In my never-ending quest of removing clutter from the log files, I notice that we in /var/log/messages get a lot of:
>
>> Jul 25 13:08:30 filur00 winbindd[88603]: [2023/07/25 13:08:30.756462, 1] ../../source3/winbindd/winbindd_lookupname.c:122(winbindd_lookupname_recv)
>> Jul 25 13:08:30 filur00 winbindd[88603]: Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
> Seems to happen when our test-user logs in.
>
> I can just remove that log line in the source code, but I’m curious if there is something else I can do to silence it. I was thinking it was related to directories owned by the ‘root’ user (which doesn’t have a mapping to a Windows user but I’ve tried to get rid of the root-owned directories in the path for the test user but it doesn’t seem to help much. Any ideas?
>
>
> Another error in the syslog messages file is:
>
> Jul 25 13:16:19 filur00 samba-dcerpcd[43617]: [2023/07/25 13:16:19.901490, 1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> Jul 25 13:16:19 filur00 samba-dcerpcd[43617]: rpc_pipe_open_ncalrpc: connect(/liu/var/samba/ncalrpc/EPMAPPER) failed: No such file or directory
>
> This only happens once when starting Samba but it still annoys me. There is no EPMAPPER object in that directory, the closest that looks relevant is:
>
> /liu/var/samba/ncalrpc/np/epmapper
>
> Is that supposed to point to the same thing?
>
>
> Samba 4.18.5, FreeBSD 13.2
>
> - Peter
>
>
More information about the samba
mailing list