[Samba] string_to_sid: Sid MYDOMAIN\mygroup does not start with 'S-'.

Robinson, Eric eric.robinson at psmnv.com
Fri Nov 14 00:41:59 GMT 2008

I've been struggling for almost 2 weeks to get Samba working on two new

When I try to open a Samba share from a Windows 2003 computer, I always
get a logon challenge. I always get the following lot message

[2008/11/13 16:05:06,  3] lib/util_sid.c:string_to_sid(228)
  string_to_sid: Sid MYDOMAIN\mygroup does not start with 'S-'.
[2008/11/13 16:05:06,  2] smbd/service.c:make_connection_snum(732)
  user 'MYDOMAIN\user' (from session setup) not permitted to access this
share (ftp_site001)
[2008/11/13 16:05:06,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/reply.c(662) cmd=117 (SMBtconX)

The following code snippet shows where this error is coming from:


bool string_to_sid(DOM_SID *sidout, const char *sidstr)
        const char *p;
        char *q;
        /* BIG NOTE: this function only does SIDS where the identauth is
not >= 2^32 */
        uint32 conv;

        if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-')
                DEBUG(3,("string_to_sid: Sid %s does not start with
'S-'.\n", sidstr));
                return False;


QUESTION: It looks to me as though this function is designed to convert
a string such as MYDOMAIN\user into a SID starting with S-. Obviously
the string it is supposed to convert FROM would not start with "S-"
because that's what the string is supposed to be converted TO. So why
would it complain that the string does not start with an "S-" even
before it attempts to convert it?

Eric Robinson

Disclaimer - November 13, 2008 
This email and any files transmitted with it are confidential and intended solely for samba. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of . Warning: Although  has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. 
This disclaimer was added by Policy Patrol: http://www.policypatrol.com/

More information about the samba mailing list