[Samba] check_account: Failed to convert SID messages in a log
Jan Gregor
gregor.jan at gmail.com
Fri Dec 10 15:56:13 UTC 2021
Hello,
after installation of security update in debian buster (samba 4.9.5) I
see in a log file messages like
smbd[13923]: check_account: Failed to convert SID
S-1-5-21-654011520-1046832706-1751360447-1143 to a UID
(dom_user[INTERSTAT\is48$])
The messages are logged in domain member that acts as a file server in AD.
SID belongs to client computer that connects to the file server, it seems
like samba wants uidNumber also for SID of domain computers. Of course
uidNumber are setup for all domain users.
Content of smbd.conf in domain member is ...
[global]
netbios name = SRV2
realm = AD.INTERSTAT.CZ
server role = member server
workgroup = INTERSTAT
idmap_ldb:use rfc2307 = yes
username map = /etc/samba/user.map
printing = CUPS
rpc_server:spoolss = external
rpc_daemon:spoolssd = fork
spoolss: architecture = Windows x64
security = ADS
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config INTERSTAT:backend = ad
idmap config INTERSTAT:schema_mode = rfc2307
idmap config INTERSTAT:range = 10000-999999
idmap config INTERSTAT:unix_nss_info = yes
map acl inherit = yes
store dos attributes = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
acl allow execute always = yes
#minumum uid that can be mapped to domain user, should be 0 to map
domain administrator
min domain uid = 0
Best regards,
Jan
More information about the samba
mailing list