[Samba] Contingency server permission error
Luis Peromarta
lperoma at icloud.com
Sat Dec 10 14:24:33 UTC 2022
Cheers Rowland. Always learning something.
All the best.
Sent from my iPhone
> On 10 Dec 2022, at 12:05, Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>
>
>> On 10/12/2022 10:52, Luis Peromarta via samba wrote:
>> Dear all,
>> I have a file server (domain member) running Version 4.9.5-Debian for a good few year now. 3 DCs running samba 4.17. No issues whatsoever except for these errors in logs: (192.168.0.9.log)
>> [2022/12/10 11:17:06.937222, 0] ../source3/auth/auth_util.c:1897(check_account)
>> check_account: Failed to convert SID S-1-5-21-2152908145-95474353-1514027631-6608 to a UID (dom_user[MAD\itpc01$])
>> System seems to just work fine.
>> If you try
>> #wbinfo --sid-to-uid S-1-5-21-2152908145-95474353-1514027631-6608
>> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not convert sid S-1-5-21-2152908145-95474353-1514027631-6608 to uid
>> I am not sure if this is very important or not. All is working just fine.
>> smb.conf is:
>> [global]
>> security = ADS
>> workgroup = MAD
>> realm = MAD.MATER.INT
>> netbios name = SERVER
>> log file = /var/log/samba/%m.log
>> # To enable Group Policy application in winbind,
>> apply group policies = yes
>> # Configure Samba to Work Better with Mac OS X
>> min protocol = SMB2
>> ea support = yes
>> vfs objects = fruit streams_xattr
>> fruit:aapl = yes
>> fruit:metadata = stream
>> fruit:model = RackMac
>> fruit:posix_rename = yes
>> fruit:veto_appledouble = yes
>> fruit:wipe_intentionally_left_blank_rfork = yes
>> fruit:delete_empty_adfiles = yes
>> # Default ID mapping configuration for local BUILTIN accounts
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> # idmap config for the MAD domain
>> idmap config MAD:backend = ad
>> idmap config MAD:schema_mode = rfc2307
>> idmap config MAD:range = 10000-999999
>> # winbind config:
>> winbind nss info = rfc2307
>> winbind use default domain = yes
>> # winbind enum users = yes
>> # winbind enum groups = yes
>> # renew the kerberos ticket
>> winbind refresh tickets = Yes
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> # username map = /etc/samba/user.map
>> # To configure shares using extended access control lists (ACL)
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>> # Veto Files
>> veto files = /Thumbs.db/.DS_Store/._.DS_Store/.com.apple*/.AppleDB/.AppleDouble/.AppleDesktop/:2eDS_Store/Network Trash Folder/Temporary Items/TheVolumeSettingsFolder/. at __thumb/. at __desc/:2e*/$
>> delete veto files = yes
>> [personales]
>> path = /home/users/
>> read only = no
>> hide unreadable = yes
>> hide unwriteable files = yes
>> # browseable = no
>> [shares]
>> path = /home2/shares/
>> read only = no
>> hide unreadable = yes
>> hide unwriteable files = yes
>> Any ideas on why this errors are showing up ?
>
> Yes.
>
> Oh, you mean, 'will someone explain why this is happening' :-D
>
> You are using the 'ad' backend and your user 'itpc01$' is a special user, this is because it is a computer (the only real difference between a user and a computer in AD, is one objectclass 'objectclass=computer'). You cannot get a UID for various reasons, the most obvious one is that you probably haven't given your computers a uidNumber attribute.
>
> There is nothing to worry about.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list