[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."
Michael Tokarev
mjt at tls.msk.ru
Fri Feb 18 12:39:47 UTC 2022
18.02.2022 15:32, Peter Eriksson via samba wrote:
> After upgrading our Sambas to 4.15.5 I’m seeing a _lot_ of errors in the log files about:
>
> Feb 18 13:30:13 filur01 smbd_audit[17892]: [2022/02/18 13:30:13.204710, 0] ../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[17892]: check_account: Failed to convert SID S-1-5-21-797717765-1715453426-19741283-1903186 to a UID (dom_user[AD\iei-mvs-z-1$])
This - at least, maybe there are other cases - happens when you have AD,
idmap backend = ad, and idmap schema_mode = rfc2307, where you used
uidNumber for the unix user id (uid), AND uidNumber attribute is missing
in your data.
For this to work, you have to have local users of the same name as the
AD ones. Which, as I've been told here (without any explanation), should
not be done.
..
> Things _seem_ to work fine for our users and I can patch away the DBG_ERR message but I’m curious if this is an indication to something more problematic?
> - DBG_ERR("Failed to convert SID %s to a UID (dom_user[%s])\n",
> + DBG_DEBUG("Failed to convert SID %s to a UID (dom_user[%s])\n",
For my setup I definitely prefer this very message to stay at ERROR level.
Thanks,
/mjt
More information about the samba
mailing list