[Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Rowland Penny
rpenny at samba.org
Wed Mar 21 18:06:07 UTC 2018
On Wed, 21 Mar 2018 18:50:08 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
> In chel di` si favelave...
>
>
> > > The trouble came from 'root' or groups '3000002' and '3000003'?
> > No and very very probably no & no ;-)
>
>
> > > How can i fix them? Thanks.
> > Fix what? The owner has to be 'root', and you can find out just who
> > '3000002' & '3000003' are by
> > opening /var/lib/samba/private/idmap.ldb with ldbedit and searching
> > for them.
>
> # record 48
> dn: CN=S-1-5-18
> cn: S-1-5-18
> objectClass: sidMap
> objectSid: S-1-5-18
> type: ID_TYPE_BOTH
> xidNumber: 3000002
> distinguishedName: CN=S-1-5-18
>
> # record 6
> dn: CN=S-1-5-11
> cn: S-1-5-11
> objectClass: sidMap
> objectSid: S-1-5-11
> type: ID_TYPE_BOTH
> xidNumber: 3000003
> distinguishedName: CN=S-1-5-11
>
>
> > The 'cn' will contain the windows SID and if you look here:
> > https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
> > You will be able to see who there are.
>
> OK, 'Local System' and 'Authenticated Users'. Now?
I thought that would be who they were.
>
> I've to add an explicit map? How?
No, just because they are showing up as numbers is not a problem.
>
> On a DC, i suppose all SID get mapped, via xidNumber... becasue these
> are missing?
>
That is what what the xidNumber attributes on a DC are for, the DC
knows who they are, but the OS doesn't need to.
As long as everything is working okay, I wouldn't worry about it.
Rowland
More information about the samba
mailing list