[Samba] troubleshoot samba - Could not convert sid - problem

ML Wong wongmlb at gmail.com
Thu Jan 28 00:15:18 UTC 2016 

Kerberos - i can see the entries once i typed 'net ads keytab list' . Both
in the format 'host/*', and the 'hostname$' with different encryption
algorithm.  DNS is a good pointer. i did use 'dig' to check all the SRV
records, (_ldap, _kpasswd, _kerberos, _gc) they all come back with good
answers. SELinux is disabled, and iptables is disabled for my
troubleshooting.

Rowland, to your knowledge, as i have debug level 10 turned on, below log
excerpt shows the member-server can find the SID from the AD, but could not
convert the SID to UID. Am i right? When i did the google search, it
usually means idmap configuration is out of range. But, i really doubt that
with the range of 10000-9999999 would be a problem. And, the thing which
puzzles me the most is when doing: "wbinfo -S
S-1-5-21-2122386970-1603999544-1328175400-27912" can convert the SID fine
to 36912 without an error. So, why does winbind still complain coverting ??

[2016/01/27 16:08:53.952847,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)

       wbint_QueryUser: struct wbint_QueryUser

          in: struct wbint_QueryUser

              sid                      : *

                  sid                      :
S-1-5-21-2122386970-1603999544-1328175400-27912

[2016/01/27 16:08:53.952932, 10]
winbindd/winbindd_cache.c:4950(wcache_fetch_ndr)

  Entry has wrong sequence number: 121679380

[2016/01/27 16:08:53.955010,  1]
../librpc/ndr/ndr.c:284(ndr_print_function_debug)

       wbint_QueryUser: struct wbint_QueryUser

          out: struct wbint_QueryUser

              info                     : *

                  info: struct wbint_userinfo

                      acct_name                : NULL

                      full_name                : NULL

                      homedir                  : NULL

                      shell                    : NULL

                      primary_gid              : 0x0000000000000000 (0)

                      user_sid                 : S-0-0

                      group_sid                : S-0-0

              result                   : NT_STATUS_NO_SUCH_USER

[2016/01/27 16:08:53.955221,  5]
winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)

  Could not convert sid S-1-5-21-2122386970-1603999544-1328175400-27912:
NT_STATUS_NO_SUCH_USER

[2016/01/27 16:08:53.955264, 10] winbindd/winbindd.c:707(wb_request_done)

  wb_request_done[15036:GETPWNAM]: NT_STATUS_NO_SUCH_USER

[2016/01/27 16:08:53.955311, 10]
winbindd/winbindd.c:768(winbind_client_response_written)

  winbind_client_response_written[15036:GETPWNAM]: delivered response to
client

[2016/01/27 16:08:53.955876,  6]
winbindd/winbindd.c:870(winbind_client_request_read)

  closing socket 32, client exited

On Tue, Jan 26, 2016 at 2:10 AM, Rowland penny <rpenny at samba.org> wrote:

> On 26/01/16 00:32, ML Wong wrote:
>
>> Thanks for the pointer, Rowland. But i don't think i have avahi-daemon
>> running.
>> $ sudo chkconfig --list | grep -i avahi
>> $
>> Any other thoughts?
>>
>> thanks,
>> Melvin
>>
>>
>>
> The only other possible problem I can see is 'invalid users = root', this
> is meant to be used in a share and you have it in [global].
>
> You could also check what you have in /etc/krb5.conf and if
> /etc/resolv.conf points to your AD DC. You could also check if the firewall
> is running and if so, is it blocking a required port, you could also check
> selinux.
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list