[Samba] troubleshoot samba - Could not convert sid - problem
ML Wong
wongmlb at gmail.com
Thu Jan 28 00:15:18 UTC 2016
Kerberos - i can see the entries once i typed 'net ads keytab list' . Both
in the format 'host/*', and the 'hostname$' with different encryption
algorithm. DNS is a good pointer. i did use 'dig' to check all the SRV
records, (_ldap, _kpasswd, _kerberos, _gc) they all come back with good
answers. SELinux is disabled, and iptables is disabled for my
troubleshooting.
Rowland, to your knowledge, as i have debug level 10 turned on, below log
excerpt shows the member-server can find the SID from the AD, but could not
convert the SID to UID. Am i right? When i did the google search, it
usually means idmap configuration is out of range. But, i really doubt that
with the range of 10000-9999999 would be a problem. And, the thing which
puzzles me the most is when doing: "wbinfo -S
S-1-5-21-2122386970-1603999544-1328175400-27912" can convert the SID fine
to 36912 without an error. So, why does winbind still complain coverting ??
[2016/01/27 16:08:53.952847, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_QueryUser: struct wbint_QueryUser
in: struct wbint_QueryUser
sid : *
sid :
S-1-5-21-2122386970-1603999544-1328175400-27912
[2016/01/27 16:08:53.952932, 10]
winbindd/winbindd_cache.c:4950(wcache_fetch_ndr)
Entry has wrong sequence number: 121679380
[2016/01/27 16:08:53.955010, 1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)
wbint_QueryUser: struct wbint_QueryUser
out: struct wbint_QueryUser
info : *
info: struct wbint_userinfo
acct_name : NULL
full_name : NULL
homedir : NULL
shell : NULL
primary_gid : 0x0000000000000000 (0)
user_sid : S-0-0
group_sid : S-0-0
result : NT_STATUS_NO_SUCH_USER
[2016/01/27 16:08:53.955221, 5]
winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
Could not convert sid S-1-5-21-2122386970-1603999544-1328175400-27912:
NT_STATUS_NO_SUCH_USER
[2016/01/27 16:08:53.955264, 10] winbindd/winbindd.c:707(wb_request_done)
wb_request_done[15036:GETPWNAM]: NT_STATUS_NO_SUCH_USER
[2016/01/27 16:08:53.955311, 10]
winbindd/winbindd.c:768(winbind_client_response_written)
winbind_client_response_written[15036:GETPWNAM]: delivered response to
client
[2016/01/27 16:08:53.955876, 6]
winbindd/winbindd.c:870(winbind_client_request_read)
closing socket 32, client exited
On Tue, Jan 26, 2016 at 2:10 AM, Rowland penny <rpenny at samba.org> wrote:
> On 26/01/16 00:32, ML Wong wrote:
>
>> Thanks for the pointer, Rowland. But i don't think i have avahi-daemon
>> running.
>> $ sudo chkconfig --list | grep -i avahi
>> $
>> Any other thoughts?
>>
>> thanks,
>> Melvin
>>
>>
>>
> The only other possible problem I can see is 'invalid users = root', this
> is meant to be used in a share and you have it in [global].
>
> You could also check what you have in /etc/krb5.conf and if
> /etc/resolv.conf points to your AD DC. You could also check if the firewall
> is running and if so, is it blocking a required port, you could also check
> selinux.
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list