[Samba] troubleshoot samba - Could not convert sid - problem

ML Wong wongmlb at gmail.com
Thu Jan 28 00:15:18 UTC 2016

Kerberos - i can see the entries once i typed 'net ads keytab list' . Both
in the format 'host/*', and the 'hostname$' with different encryption
algorithm.  DNS is a good pointer. i did use 'dig' to check all the SRV
records, (_ldap, _kpasswd, _kerberos, _gc) they all come back with good
answers. SELinux is disabled, and iptables is disabled for my

Rowland, to your knowledge, as i have debug level 10 turned on, below log
excerpt shows the member-server can find the SID from the AD, but could not
convert the SID to UID. Am i right? When i did the google search, it
usually means idmap configuration is out of range. But, i really doubt that
with the range of 10000-9999999 would be a problem. And, the thing which
puzzles me the most is when doing: "wbinfo -S
S-1-5-21-2122386970-1603999544-1328175400-27912" can convert the SID fine
to 36912 without an error. So, why does winbind still complain coverting ??

[2016/01/27 16:08:53.952847,  1]

       wbint_QueryUser: struct wbint_QueryUser

          in: struct wbint_QueryUser

              sid                      : *

                  sid                      :

[2016/01/27 16:08:53.952932, 10]

  Entry has wrong sequence number: 121679380

[2016/01/27 16:08:53.955010,  1]

       wbint_QueryUser: struct wbint_QueryUser

          out: struct wbint_QueryUser

              info                     : *

                  info: struct wbint_userinfo

                      acct_name                : NULL

                      full_name                : NULL

                      homedir                  : NULL

                      shell                    : NULL

                      primary_gid              : 0x0000000000000000 (0)

                      user_sid                 : S-0-0

                      group_sid                : S-0-0

              result                   : NT_STATUS_NO_SUCH_USER

[2016/01/27 16:08:53.955221,  5]

  Could not convert sid S-1-5-21-2122386970-1603999544-1328175400-27912:

[2016/01/27 16:08:53.955264, 10] winbindd/winbindd.c:707(wb_request_done)

  wb_request_done[15036:GETPWNAM]: NT_STATUS_NO_SUCH_USER

[2016/01/27 16:08:53.955311, 10]

  winbind_client_response_written[15036:GETPWNAM]: delivered response to

[2016/01/27 16:08:53.955876,  6]

  closing socket 32, client exited

On Tue, Jan 26, 2016 at 2:10 AM, Rowland penny <rpenny at samba.org> wrote:

> On 26/01/16 00:32, ML Wong wrote:
>> Thanks for the pointer, Rowland. But i don't think i have avahi-daemon
>> running.
>> $ sudo chkconfig --list | grep -i avahi
>> $
>> Any other thoughts?
>> thanks,
>> Melvin
> The only other possible problem I can see is 'invalid users = root', this
> is meant to be used in a share and you have it in [global].
> You could also check what you have in /etc/krb5.conf and if
> /etc/resolv.conf points to your AD DC. You could also check if the firewall
> is running and if so, is it blocking a required port, you could also check
> selinux.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list