[Samba] Contingency server permission error

Luis Peromarta lperoma at icloud.com
Sat Dec 10 10:52:32 UTC 2022 

Dear all,

I have a file server (domain member) running Version 4.9.5-Debian for a good few year now. 3 DCs running samba 4.17. No issues whatsoever except for these errors in logs: (192.168.0.9.log)

[2022/12/10 11:17:06.937222,  0] ../source3/auth/auth_util.c:1897(check_account)
  check_account: Failed to convert SID S-1-5-21-2152908145-95474353-1514027631-6608 to a UID (dom_user[MAD\itpc01$])

System seems to just work fine.

If you try

#wbinfo --sid-to-uid S-1-5-21-2152908145-95474353-1514027631-6608
failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-2152908145-95474353-1514027631-6608 to uid


I am not sure if this is very important or not. All is working just fine.

smb.conf is:

[global]
       security = ADS
       workgroup = MAD
       realm = MAD.MATER.INT
       netbios name = SERVER
       log file = /var/log/samba/%m.log

# To enable Group Policy application in winbind,
	apply group policies = yes

# Configure Samba to Work Better with Mac OS X
	min protocol = SMB2
	ea support = yes
	vfs objects = fruit streams_xattr
	fruit:aapl = yes
	fruit:metadata = stream
	fruit:model = RackMac
	fruit:posix_rename = yes
	fruit:veto_appledouble = yes
	fruit:wipe_intentionally_left_blank_rfork = yes
	fruit:delete_empty_adfiles = yes

       # Default ID mapping configuration for local BUILTIN accounts

	idmap config * : backend = tdb
	idmap config * : range = 3000-7999

	# idmap config for the MAD domain

	idmap config MAD:backend = ad
	idmap config MAD:schema_mode = rfc2307
	idmap config MAD:range = 10000-999999

	# winbind config:

	winbind nss info = rfc2307
	winbind use default domain = yes
#	winbind enum users = yes
#	winbind enum groups = yes

	# renew the kerberos ticket

	winbind refresh tickets = Yes
	dedicated keytab file = /etc/krb5.keytab
	kerberos method = secrets and keytab
#	username map = /etc/samba/user.map

	# To configure shares using extended access control lists (ACL)
	vfs objects = acl_xattr
	map acl inherit = yes
	store dos attributes = yes

	# Veto Files
        veto files = /Thumbs.db/.DS_Store/._.DS_Store/.com.apple*/.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/$
        delete veto files = yes

[personales]
	path = /home/users/
	read only = no
	hide unreadable = yes
	hide unwriteable files = yes
#	browseable = no

[shares]
	path = /home2/shares/
	read only = no
	hide unreadable = yes
	hide unwriteable files = yes



Any ideas on why this errors are showing up ?

Thanks,


LP

More information about the samba mailing list