[Samba] check_account: Failed to convert SID messages in a log

Jan Gregor gregor.jan at gmail.com
Fri Dec 10 15:56:13 UTC 2021

  after installation of security update in debian buster (samba 4.9.5) I
see in a log file messages like

 smbd[13923]:   check_account: Failed to convert SID
S-1-5-21-654011520-1046832706-1751360447-1143 to a UID

 The messages are logged in domain member that acts as a file server in AD.
SID belongs to client computer that connects to the file server, it seems
like samba wants uidNumber also for SID of domain computers. Of course
uidNumber are setup for all domain users.

 Content of smbd.conf in domain member is ...

        netbios name = SRV2
        realm = AD.INTERSTAT.CZ
        server role = member server
        workgroup = INTERSTAT
        idmap_ldb:use rfc2307 = yes

        username map = /etc/samba/user.map

        printing = CUPS
        rpc_server:spoolss = external
        rpc_daemon:spoolssd = fork
        spoolss: architecture = Windows x64

        security = ADS

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999

        idmap config INTERSTAT:backend = ad
        idmap config INTERSTAT:schema_mode = rfc2307
        idmap config INTERSTAT:range = 10000-999999
        idmap config INTERSTAT:unix_nss_info = yes

        map acl inherit = yes
        store dos attributes = yes

        winbind enum users = yes
        winbind enum groups = yes
        winbind use default domain = yes

        acl allow execute always = yes

        #minumum uid that can be mapped to domain user, should be 0 to map
domain administrator
        min domain uid = 0

Best regards,

More information about the samba mailing list