[Samba] check_account: Failed to convert SID messages in a log
rpenny at samba.org
Fri Dec 10 16:51:44 UTC 2021
On Fri, 2021-12-10 at 17:46 +0100, Jan Gregor wrote:
> On Fri, Dec 10, 2021 at 5:18 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> > On Fri, 2021-12-10 at 16:56 +0100, Jan Gregor via samba wrote:
> > > Hello,
> > > after installation of security update in debian buster (samba
> > > 4.9.5) I
> > > see in a log file messages like
> > >
> > > smbd: check_account: Failed to convert SID
> > > S-1-5-21-654011520-1046832706-1751360447-1143 to a UID
> > > (dom_user[INTERSTAT\is48$])
> > >
> > > The messages are logged in domain member that acts as a file
> > server
> > > in AD.
> > > SID belongs to client computer that connects to the file server,
> > it
> > > seems
> > > like samba wants uidNumber also for SID of domain computers. Of
> > > course
> > > uidNumber are setup for all domain users.
> > It is just telling you that it cannot convert a computer SID to a
> > UID,
> > probably because the computer does not have a uidNumber attribute.
> > A computer object is very similar to a user object, mainly one more
> > objectclass (objectclass: computer) and the primaryGroupID is '515'
> > instead of '513'
> I understand but why is computer uidNumber needed by file server ?
It isn't required.
> Until security update I didn't see such a message and except log file
> full of such messages I see no change in functionality of file
> server. Everything seems to work.
It is probably an unintended artefact of the security updates, possibly
the log level that message is printed at needs raising.
More information about the samba