[Samba] failed to find NT AUTHORITY domain log message during backup windows

[Joseph Dickson]

On Mon, Apr 11, 2016 at 6:10 PM, Jonathan Hunter <jmhunter1 at gmail.com>
 wrote:

> It sounds as though there are files on your servers owned by a UID or GID
> (most probably a GID) that is not in /etc/group, and is being looked up and
> "reverse resolved" to 'NT AUTHORITY\Authenticated Users', but this somehow
> doesn't map back the other way, i.e. from a name to a GID.
>
> Can you narrow it down and perhaps use the 'find' command to see what
> UID/GID this is?


On a hunch, I tried a getfacl on a directory and triggered the error that
way.  Here is the result of the getfacl:

# getfacl .
# file: .
# owner: root
# group: EVOLVETSI\134domain\040users
user::rwx
user:root:rwx
user:EVOLVETSI\134domain\040admins:rwx
group::---
group:5004:r-x
group:EVOLVETSI\134domain\040admins:rwx
group:EVOLVETSI\134domain\040users:---
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:EVOLVETSI\134domain\040admins:rwx
default:group::---
default:group:EVOLVETSI\134domain\040admins:rwx
default:group:EVOLVETSI\134domain\040users:---
default:mask::rwx
default:other::---

It looks like the group:5004:r-x permission is the one causing the issue..

Some more getent digging:

# getent group 5001
BUILTIN\users:x:5001:
# getent group 5002
# getent group 5003
# getent group 5004
# getent group 5005


and the relevant idmap lines from my config:

idmap config * : backend = tdb
idmap config * : range = 5000-25000
idmap config EVOLVETSI : backend = rid
idmap config EVOLVETSI : range = 1000000 - 1999999


Any idea where I should look next?

Thank you!

--
*Joseph Dickson*