[Samba] failed to find NT AUTHORITY domain log message during backup windows
Joseph Dickson
jdickson at evolvetsi.com
Tue Apr 12 14:17:41 UTC 2016
On Mon, Apr 11, 2016 at 6:10 PM, Jonathan Hunter <jmhunter1 at gmail.com>
wrote:
> It sounds as though there are files on your servers owned by a UID or GID
> (most probably a GID) that is not in /etc/group, and is being looked up and
> "reverse resolved" to 'NT AUTHORITY\Authenticated Users', but this somehow
> doesn't map back the other way, i.e. from a name to a GID.
>
> Can you narrow it down and perhaps use the 'find' command to see what
> UID/GID this is?
On a hunch, I tried a getfacl on a directory and triggered the error that
way. Here is the result of the getfacl:
# getfacl .
# file: .
# owner: root
# group: EVOLVETSI\134domain\040users
user::rwx
user:root:rwx
user:EVOLVETSI\134domain\040admins:rwx
group::---
group:5004:r-x
group:EVOLVETSI\134domain\040admins:rwx
group:EVOLVETSI\134domain\040users:---
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:EVOLVETSI\134domain\040admins:rwx
default:group::---
default:group:EVOLVETSI\134domain\040admins:rwx
default:group:EVOLVETSI\134domain\040users:---
default:mask::rwx
default:other::---
It looks like the group:5004:r-x permission is the one causing the issue..
Some more getent digging:
# getent group 5001
BUILTIN\users:x:5001:
# getent group 5002
# getent group 5003
# getent group 5004
# getent group 5005
and the relevant idmap lines from my config:
idmap config * : backend = tdb
idmap config * : range = 5000-25000
idmap config EVOLVETSI : backend = rid
idmap config EVOLVETSI : range = 1000000 - 1999999
Any idea where I should look next?
Thank you!
--
*Joseph Dickson*
More information about the samba
mailing list