[Samba] check_account: Failed to convert SID messages in a log

Andrew Bartlett abartlet at samba.org
Fri Dec 10 17:53:04 UTC 2021

On Fri, 2021-12-10 at 16:56 +0100, Jan Gregor via samba wrote:
> Hello,
>   after installation of security update in debian buster (samba
> 4.9.5) I
> see in a log file messages like
>  smbd[13923]:   check_account: Failed to convert SID
> S-1-5-21-654011520-1046832706-1751360447-1143 to a UID
> (dom_user[INTERSTAT\is48$])
>  The messages are logged in domain member that acts as a file server
> in AD.
> SID belongs to client computer that connects to the file server, it
> seems
> like samba wants uidNumber also for SID of domain computers. Of
> course
> uidNumber are setup for all domain users.

Computers, particularly those running Virus Scanners need to access
file servers.  The security update changed the name resolution order,
and if you were not running nss_winbindd previously or did not have a
valid ID mapping for these computer accounts (needed for nss_winbind to
provide an entry for the computer) then the errors would have changed
from a 'no such user' to this. 

Andrew Bartlett

Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba mailing list