[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

Peter Eriksson pen at lysator.liu.se
Sat Feb 19 00:11:53 UTC 2022


> You can also give every computer in your AD a UID or use the RID backend. But as said in my other post. You can ignore those messages.


Yeah, I figured it was about the computer accounts.


> ..
>> Things _seem_ to work fine for our users and I can patch away the DBG_ERR message but I’m curious if this is an indication to something more problematic?
>> -                       DBG_ERR("Failed to convert SID %s to a UID (dom_user[%s])\n",
>> +                       DBG_DEBUG("Failed to convert SID %s to a UID (dom_user[%s])\n",
> 
> For my setup I definitely prefer this very message to stay at ERROR level.

Yeah, I probably would have ignored them too if it wasn’t for the little problem that they where absolutely bombarding my console with errors - since one of the servers typically have around 1600-2000 computers concurrently connected at any one time during daytime. And with the console on a serial (IPMI) port the amount of errors caused some serial kernel buffers to fill up, and eventually the machine locked up…

(I’ve now changed the syslog config to not send LOG_ERR to the console and will probably add my little patch to the small list of patches I always apply to new Samba releases anyway. Might modify it to print at ERR if non-machine principals though :-)

Adding uidNumbers to all our machine accounts is something we’ve been thinking about doing too but that’ll have to wait for some other day.

- Peter




More information about the samba mailing list