[Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'

[Rowland Penny]

On Wed, 21 Mar 2018 17:55:17 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:

> 
> I've hitted the error in subject trying  a backup of my sysvol.
> 
>  Mar 21 11:13:31 vdcsv1 winbindd[3494]: [2018/03/21 11:13:31.234373,
> 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) Mar 21
> 11:13:31 vdcsv1 winbindd[3494]:   Failed to find domain 'NT
> AUTHORITY'. Check connection to trusted domains!
> 
> 
> Looking on internet/list archive leadme to recent post (november 2017)
> and this bug:
> 	https://bugzilla.samba.org/show_bug.cgi?id=12164
> 
> But i've not understood how is related.
> 
> The ACLs of my sysvol are:
> 
>  root at vdcsv1:~# getfacl /var/lib/samba/sysvol/
>  getfacl: Removing leading '/' from absolute path names
>  # file: var/lib/samba/sysvol/
>  # owner: root
>  # group: BUILTIN\134administrators
>  user::rwx
>  user:root:rwx
>  user:BUILTIN\134administrators:rwx
>  group::rwx
>  group:BUILTIN\134administrators:rwx
>  group:BUILTIN\134server\040operators:r-x
>  group:3000002:rwx
>  group:3000003:r-x
>  mask::rwx
>  other::---
>  default:user::rwx
>  default:user:root:rwx
>  default:user:BUILTIN\134administrators:rwx
>  default:group::---
>  default:group:BUILTIN\134administrators:rwx
>  default:group:BUILTIN\134server\040operators:r-x
>  default:group:3000002:rwx
>  default:group:3000003:r-x
>  default:mask::rwx
>  default:other::---
> 
> The trouble came from 'root' or groups '3000002' and '3000003'?

No and very very probably no & no ;-)

> 
> How can i fix them? Thanks.

Fix what? The owner has to be 'root', and you can find out just who
'3000002' & '3000003' are by opening /var/lib/samba/private/idmap.ldb
with ldbedit and searching for them. The 'cn' will contain the windows
SID and if you look here:

https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems

You will be able to see who there are.

Rowland