[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

Michael Tokarev mjt at tls.msk.ru
Sat Feb 19 16:59:38 UTC 2022

18.02.2022 16:07, Rowland Penny via samba wrote:
> I thought I had explained why you cannot have a local user and a domain
> user with the same name, but here goes, lets try again.

Nope you did not.

> If you do have a user in /etc/passwd and AD with the same name, then
> depending on how /etc/nsswitch is configured, locally one will be used
> and one will be ignored. Samba will always attempt to use the one from
> AD, but if the AD user is unknown to the OS, you will get 'denied'
> errors. Even if the same username is used locally and in AD, they willbe different users.

Samba *deliberately* (or due to a bug) makes the "two" users
(one listed in /etc/passwd and one listed in AD) to be different,
and only when doing uid->SID mapping. And the question why it
does that is not answered.



More information about the samba mailing list