[Samba] Synology shares not accessible...
Rowland Penny
rpenny at samba.org
Tue Jun 20 15:30:27 UTC 2023
On 20/06/2023 14:11, Ingo Asche via samba wrote:
> Hi All,
>
> the Synology support is claiming this bug is the reason for the access
> problems via hostname (Kerberos):
> https://bugzilla.samba.org/show_bug.cgi?id=14213
>
> These log entries in log.wb-ADNAME are given as evidence:
>
> ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14
> 22:13:42.913399, winbind 3, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: S-1-18-1 für Domäne ADNAME
> ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14
> 22:13:42.914370, winbind 2, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen:
> NT_STATUS_INVALID_SID
> ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14
> 22:13:42.914415, winbind 3, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: S-1-18-1 für Domäne ADNAME
> ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14
> 22:13:42.915040, winbind 2, pid=10150] msrpc_sid_to_name
> msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen:
> NT_STATUS_INVALID_SID
>
> ("Die Suche nach sids ist fehlgeschlagen" translates "The search for
> sids failed")
>
> They ask me to patch - I think - my DCs.
Patch what, with what ?
Do they not specify or provide a patch ?
The bug report you provided a link to is still ongoing, it doesn't seem
to have come to a conclusion.
>
> This only happens on the two Synos which have their interpretation of
> Samba 4.15 installed. My member server (4.17.8) works without this
> problem. I ask myself, is that a problem in my domain or has this to be
> done on the machines which have the problem.
>
> I even created a member server with 4.15 for testing and it works also
> without such problems. Also an old Synology DS413 with Samba 4.4.18
> (don't laugh) works perfectly, too.
So, it is only the synology machines that have the problem, other
machines against your DC's do not have the problem. To me, that sounds
like the problem lies on the synology machines, or am I missing
something (which wouldn't be the first time).
>
> So I would think this patch has to be installed on the machines with the
> error.
Well, it sounds that way to me, but there in lies another possible
problem. If you do have to patch the synology machines, this will entail
patching and building synology's version of Samba, have they supplied
you with the source code ?
I personally wouldn't want to patch my DC's to get a synology product to
work correctly, if doing so could break the rest of my domain.
I could be extremely wrong here, but it makes more sense to me, to fix
the 'broken' thing, rather than 'unbroken' things.
I would go back to synology and get them to clarify just what they would
like you to do and how you should do it.
Rowland
More information about the samba
mailing list