[Samba] Failed to find domain 'NT AUTHORITY'
L.P.H. van Belle
belle at bazuin.nl
Mon Nov 6 15:23:03 UTC 2017
Hai Giuseppe,
( and +What Rowland said.. )
Samba4 ADDC (you name it file server?)
Nas with the storage. ( and is this one domain joined? If yes, post the smb.conf also from this one. )
Burg run the cron script on the Samba server over which protocol? Ssh, then your in trouble.
This one is also not resolved, so we need more info about the setup.
> > [2017/11/06 14:58:04.826444, 5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USE
wbinfo --sid-to-name S-1-5-32-544
BUILTIN\Administrators 4
Then more below in the logs.
> > [2017/11/06 14:58:04.890485, 3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > getgrnam BUILTIN\134administrators
It somehow did resolve.
I cant make any if it. (sorry)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: maandag 6 november 2017 16:17
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Failed to find domain 'NT AUTHORITY'
>
> On Mon, 6 Nov 2017 15:27:13 +0100
> Giuseppe Arvati via samba <samba at lists.samba.org> wrote:
>
> > Hello,
> > I recently set up a new software to backup samba share.
> > This software ( https://github.com/borgbackup/borg ) run on file
> > server as root cron script during the night and save file
> on external
> > NAS.
> >
> > The problem I have is that for each file copied from
> > samba share to external NAS, winbindd log an error
> > such this to samba.log.winbindd and /var/log/messages
> >
> > [2017/11/06 11:05:16.747449, 0]
> > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > Failed to find domain 'NT AUTHORITY'. Check connection
> to trusted
> > domains!
> >
> > thousends lines !!! ( 2 lines for each file )
> > This problem also slow down the backup process.
> >
> > This happen only on share named [utenti] ( home share ) and not
> > on share [gruppi].
> >
> > this is the winbindd log output at log level 5
> >
> > [2017/11/06 14:58:04.800302, 3]
> > ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> > [27319]: request interface version (version = 28)
> > [2017/11/06 14:58:04.800377, 3]
> > ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> > [27319]: request location of privileged pipe
> > [2017/11/06 14:58:04.800498, 3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > getpwuid 3000033
> > [2017/11/06 14:58:04.815079, 3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > getpwuid 3000000
> > [2017/11/06 14:58:04.820655, 5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.820845, 3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > getpwuid 3000002
> > [2017/11/06 14:58:04.826444, 5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.826582, 3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > getpwuid 3000008
> > [2017/11/06 14:58:04.832246, 5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > Could not convert sid
> > S-1-5-21-1853045328-2428526881-2616184179-512:
> NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.832357, 3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > getpwuid 3000033
> > [2017/11/06 14:58:04.838453, 3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > getgrgid 3000000
> > [2017/11/06 14:58:04.844045, 3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > getgrgid 3000002
> > [2017/11/06 14:58:04.849482, 0]
> > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > Failed to find domain 'NT AUTHORITY'. Check connection
> to trusted
> > domains!
> > [2017/11/06 14:58:04.849528, 5]
> > ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
> > fill_grent failed
> > [2017/11/06 14:58:04.849641, 3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > getgrgid 3000008
> > [2017/11/06 14:58:04.854863, 3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > getgrgid 3000008
> > [2017/11/06 14:58:04.860567, 3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > getgrgid 3000033
> > [2017/11/06 14:58:04.866466, 3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > getpwnam 3000000
> > [2017/11/06 14:58:04.872322, 5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.872476, 3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > getpwnam 3000002
> > [2017/11/06 14:58:04.878349, 5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.878500, 3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > getpwnam 3000008
> > [2017/11/06 14:58:04.884406, 5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.884571, 3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > getpwnam APAM-AD\134garvati
> > [2017/11/06 14:58:04.890192, 5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.890485, 3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > getgrnam BUILTIN\134administrators
> > [2017/11/06 14:58:04.896378, 5]
> > ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.896527, 3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > getgrnam 3000002
> > [2017/11/06 14:58:04.902694, 5]
> > ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> >
> >
> > -----------------
> > Linux version 2.6.32-642.13.1.el6.x86_64
> > CentOS release 6.8 (Final)
> > samba 4.6.9 AD DC
> > -------------------
> > smb.conf
> > # Global parameters
> > [global]
> > workgroup = APAM-AD
> > realm = apam-ad.apam.it
> > netbios name = APAMFS2
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbind, ntp_signd, kcc, dnsupdate
> > idmap_ldb:use rfc2307 = yes
> > printing = bsd
> > printcap name = /dev/null
> > load printers = no
> > log file = /usr/local/samba/var/samba.log.%m
> > log level = 0
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > [netlogon]
> > path
> > = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts
> read only
> > = No
> >
> > [sysvol]
> > path = /usr/local/samba/var/locks/sysvol
> > read only = No
> >
> > [utenti]
> > path = /dati/utenti
> > read only = No
> > directory mask = 700
> > create mask = 700
> > vfs object = recycle
> > recycle:repository = /dati/utenti/%U/.recycle
> > recycle:keeptree = yes
> > recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
> > recycle:maxsize = 10485760
> > recycle:exclude_dir = .recycle
> >
> > [gruppi]
> > path = /dati/gruppi
> > read only = No
> > create mask = 770
> >
> >
> > Can someone help me ?
> >
> > thank you
> >
> > giuseppe
> >
>
> There is a bug for this:
> https://bugzilla.samba.org/show_bug.cgi?id=12164
>
> Also just a couple of things about your smb.conf:
>
> I would remove the two 'winbind enum' lines, you DO NOT need them and
> they slow things down.
>
> You have lines like this 'directory mask = 700'
> They do not work on a DC, you need to set the permissions from windows
> or with setfacl.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list