[Samba] Failed to find domain 'NT AUTHORITY'
Rowland Penny
rpenny at samba.org
Mon Nov 6 15:17:26 UTC 2017
On Mon, 6 Nov 2017 15:27:13 +0100
Giuseppe Arvati via samba <samba at lists.samba.org> wrote:
> Hello,
> I recently set up a new software to backup samba share.
> This software ( https://github.com/borgbackup/borg ) run on file
> server as root cron script during the night and save file on external
> NAS.
>
> The problem I have is that for each file copied from
> samba share to external NAS, winbindd log an error
> such this to samba.log.winbindd and /var/log/messages
>
> [2017/11/06 11:05:16.747449, 0]
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
> Failed to find domain 'NT AUTHORITY'. Check connection to trusted
> domains!
>
> thousends lines !!! ( 2 lines for each file )
> This problem also slow down the backup process.
>
> This happen only on share named [utenti] ( home share ) and not
> on share [gruppi].
>
> this is the winbindd log output at log level 5
>
> [2017/11/06 14:58:04.800302, 3]
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> [27319]: request interface version (version = 28)
> [2017/11/06 14:58:04.800377, 3]
> ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> [27319]: request location of privileged pipe
> [2017/11/06 14:58:04.800498, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 3000033
> [2017/11/06 14:58:04.815079, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 3000000
> [2017/11/06 14:58:04.820655, 5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.820845, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 3000002
> [2017/11/06 14:58:04.826444, 5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.826582, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 3000008
> [2017/11/06 14:58:04.832246, 5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> Could not convert sid
> S-1-5-21-1853045328-2428526881-2616184179-512: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.832357, 3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> getpwuid 3000033
> [2017/11/06 14:58:04.838453, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 3000000
> [2017/11/06 14:58:04.844045, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 3000002
> [2017/11/06 14:58:04.849482, 0]
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
> Failed to find domain 'NT AUTHORITY'. Check connection to trusted
> domains!
> [2017/11/06 14:58:04.849528, 5]
> ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
> fill_grent failed
> [2017/11/06 14:58:04.849641, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 3000008
> [2017/11/06 14:58:04.854863, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 3000008
> [2017/11/06 14:58:04.860567, 3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> getgrgid 3000033
> [2017/11/06 14:58:04.866466, 3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam 3000000
> [2017/11/06 14:58:04.872322, 5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.872476, 3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam 3000002
> [2017/11/06 14:58:04.878349, 5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.878500, 3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam 3000008
> [2017/11/06 14:58:04.884406, 5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.884571, 3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam APAM-AD\134garvati
> [2017/11/06 14:58:04.890192, 5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.890485, 3]
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> getgrnam BUILTIN\134administrators
> [2017/11/06 14:58:04.896378, 5]
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.896527, 3]
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> getgrnam 3000002
> [2017/11/06 14:58:04.902694, 5]
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>
>
> -----------------
> Linux version 2.6.32-642.13.1.el6.x86_64
> CentOS release 6.8 (Final)
> samba 4.6.9 AD DC
> -------------------
> smb.conf
> # Global parameters
> [global]
> workgroup = APAM-AD
> realm = apam-ad.apam.it
> netbios name = APAMFS2
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> printing = bsd
> printcap name = /dev/null
> load printers = no
> log file = /usr/local/samba/var/samba.log.%m
> log level = 0
> winbind enum users = yes
> winbind enum groups = yes
>
> [netlogon]
> path
> = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts read only
> = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [utenti]
> path = /dati/utenti
> read only = No
> directory mask = 700
> create mask = 700
> vfs object = recycle
> recycle:repository = /dati/utenti/%U/.recycle
> recycle:keeptree = yes
> recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
> recycle:maxsize = 10485760
> recycle:exclude_dir = .recycle
>
> [gruppi]
> path = /dati/gruppi
> read only = No
> create mask = 770
>
>
> Can someone help me ?
>
> thank you
>
> giuseppe
>
There is a bug for this:
https://bugzilla.samba.org/show_bug.cgi?id=12164
Also just a couple of things about your smb.conf:
I would remove the two 'winbind enum' lines, you DO NOT need them and
they slow things down.
You have lines like this 'directory mask = 700'
They do not work on a DC, you need to set the permissions from windows
or with setfacl.
Rowland
More information about the samba
mailing list