[Samba] Synology shares not accessible...

Rowland Penny rpenny at samba.org
Tue Jun 20 15:30:27 UTC 2023 


On 20/06/2023 14:11, Ingo Asche via samba wrote:
> Hi All,
> 
> the Synology support is claiming this bug is the reason for the access 
> problems via hostname (Kerberos):
> https://bugzilla.samba.org/show_bug.cgi?id=14213
> 
> These log entries in log.wb-ADNAME are given as evidence:
> 
> ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14 
> 22:13:42.913399, winbind 3, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: S-1-18-1 für Domäne ADNAME
> ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14 
> 22:13:42.914370, winbind 2, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen: 
> NT_STATUS_INVALID_SID
> ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14 
> 22:13:42.914415, winbind 3, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: S-1-18-1 für Domäne ADNAME
> ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14 
> 22:13:42.915040, winbind 2, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen: 
> NT_STATUS_INVALID_SID
> 
> ("Die Suche nach sids ist fehlgeschlagen" translates "The search for 
> sids failed")
> 
> They ask me to patch - I think - my DCs.

Patch what, with what ?
Do they not specify or provide a patch ?
The bug report you provided a link to is still ongoing, it doesn't seem 
to have come to a conclusion.

> 
> This only happens on the two Synos which have their interpretation of 
> Samba 4.15 installed. My member server (4.17.8) works without this 
> problem. I ask myself, is that a problem in my domain or has this to be 
> done on the machines which have the problem.
> 
> I even created a member server with 4.15 for testing and it works also 
> without such problems. Also an old Synology DS413 with Samba 4.4.18 
> (don't laugh) works perfectly, too.

So, it is only the synology machines that have the problem, other 
machines against your DC's do not have the problem. To me, that sounds 
like the problem lies on the synology machines, or am I missing 
something (which wouldn't be the first time).

> 
> So I would think this patch has to be installed on the machines with the 
> error.

Well, it sounds that way to me, but there in lies another possible 
problem. If you do have to patch the synology machines, this will entail 
patching and building synology's version of Samba, have they supplied 
you with the source code ?

I personally wouldn't want to patch my DC's to get a synology product to 
work correctly, if doing so could break the rest of my domain.

I could be extremely wrong here, but it makes more sense to me, to fix 
the 'broken' thing, rather than 'unbroken' things.

I would go back to synology and get them to clarify just what they would 
like you to do and how you should do it.

Rowland

More information about the samba mailing list