[Samba] Failed to find domain 'NT AUTHORITY'

Rowland Penny rpenny at samba.org
Mon Nov 6 15:17:26 UTC 2017 

On Mon, 6 Nov 2017 15:27:13 +0100
Giuseppe Arvati via samba <samba at lists.samba.org> wrote:

> Hello,
> I recently set up a new software to backup samba share.
> This software ( https://github.com/borgbackup/borg ) run on file
> server as root cron script during the night and save file on external
> NAS.
> 
> The problem I have is that for each file copied from
> samba share to external NAS, winbindd log an error
> such this to samba.log.winbindd and /var/log/messages
> 
> [2017/11/06 11:05:16.747449,  0] 
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
>    Failed to find domain 'NT AUTHORITY'. Check connection to trusted 
> domains!
> 
> thousends lines !!! ( 2 lines for each file )
> This problem also slow down the backup process.
> 
> This happen only on share named [utenti] ( home share ) and not
> on share [gruppi].
> 
> this is the winbindd log output at log level 5
> 
> [2017/11/06 14:58:04.800302,  3] 
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
>    [27319]: request interface version (version = 28)
> [2017/11/06 14:58:04.800377,  3] 
> ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
>    [27319]: request location of privileged pipe
> [2017/11/06 14:58:04.800498,  3] 
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000033
> [2017/11/06 14:58:04.815079,  3] 
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000000
> [2017/11/06 14:58:04.820655,  5] 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.820845,  3] 
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000002
> [2017/11/06 14:58:04.826444,  5] 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.826582,  3] 
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000008
> [2017/11/06 14:58:04.832246,  5] 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid
> S-1-5-21-1853045328-2428526881-2616184179-512: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.832357,  3] 
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000033
> [2017/11/06 14:58:04.838453,  3] 
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000000
> [2017/11/06 14:58:04.844045,  3] 
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000002
> [2017/11/06 14:58:04.849482,  0] 
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
>    Failed to find domain 'NT AUTHORITY'. Check connection to trusted 
> domains!
> [2017/11/06 14:58:04.849528,  5] 
> ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
>    fill_grent failed
> [2017/11/06 14:58:04.849641,  3] 
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000008
> [2017/11/06 14:58:04.854863,  3] 
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000008
> [2017/11/06 14:58:04.860567,  3] 
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000033
> [2017/11/06 14:58:04.866466,  3] 
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000000
> [2017/11/06 14:58:04.872322,  5] 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.872476,  3] 
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000002
> [2017/11/06 14:58:04.878349,  5] 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.878500,  3] 
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000008
> [2017/11/06 14:58:04.884406,  5] 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.884571,  3] 
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam APAM-AD\134garvati
> [2017/11/06 14:58:04.890192,  5] 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.890485,  3] 
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
>    getgrnam BUILTIN\134administrators
> [2017/11/06 14:58:04.896378,  5] 
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.896527,  3] 
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
>    getgrnam 3000002
> [2017/11/06 14:58:04.902694,  5] 
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> 
> 
> -----------------
> Linux version 2.6.32-642.13.1.el6.x86_64
> CentOS release 6.8 (Final)
> samba 4.6.9 AD DC
> -------------------
> smb.conf
> # Global parameters
> [global]
>          workgroup = APAM-AD
>          realm = apam-ad.apam.it
>          netbios name = APAMFS2
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbind, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          printing = bsd
>          printcap name = /dev/null
>          load printers = no
>          log file = /usr/local/samba/var/samba.log.%m
>          log level = 0
>          winbind enum users = yes
>          winbind enum groups = yes
> 
> [netlogon]
>          path
> = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts read only
> = No
> 
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
> 
> [utenti]
>          path = /dati/utenti
>          read only = No
>          directory mask = 700
>          create mask = 700
>          vfs object = recycle
>          recycle:repository = /dati/utenti/%U/.recycle
>          recycle:keeptree = yes
>          recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
>          recycle:maxsize = 10485760
>          recycle:exclude_dir = .recycle
> 
> [gruppi]
>          path = /dati/gruppi
>          read only = No
>          create mask = 770
> 
> 
> Can someone help me ?
> 
> thank you
> 
> giuseppe
> 

There is a bug for this:
https://bugzilla.samba.org/show_bug.cgi?id=12164

Also just a couple of things about your smb.conf:

I would remove the two 'winbind enum' lines, you DO NOT need them and
they slow things down.

You have lines like this 'directory mask = 700'
They do not work on a DC, you need to set the permissions from windows
or with setfacl.

Rowland

More information about the samba mailing list