[Samba] check_account: Failed to convert SID to a UID

Dermot paikkos at googlemail.com
Tue Jan 18 11:57:10 UTC 2022


*smdb, winbindd Version 4.13.14-Ubuntu 20.4.3 LTS *

I am struggling to get a newly installed AD member server to allow access
to its shares. I am seeing this error in the connecting hosts log file:
"check_account: Failed to convert SID
to a UID (dom_user[MYDOM\auser])"

The log.winbindd-idmap file has this error:
Error allocating a new GID
Fatal Error: GID range full!! (max: 7999)

`wbinfo -u` returns a list of users. However `wbinfo -i` gives the
following warning:

Name              :  MYDOM
Alt_Name          : mydom.local
SID               : S-1-5-21-4119587049-2642091325-2419064500
Active Directory  : Yes
Native            : Yes
Primary           : Yes
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user auser

Another worrying sign is that `getent passwd auser` returns nothing.

I thought I'd set-up the server correctly following
instructions but perhaps I've missed something.

Can anyone offer any suggestions?
Thanks in advance,

Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed

# Global parameters
        load printers = No
        log file = /var/log/samba/log.%m
        logging = file
        map to guest = Bad User
        max log size = 1000
        obey pam restrictions = Yes
        panic action = /usr/share/samba/panic-action %d
        realm = MYDOM.LOCAL
        security = ADS
        server role = member server
        server string = %h server (Samba,  Server)
        template shell = /bin/bash
        unix extensions = No
        usershare allow guests = Yes
        winbind use default domain = Yes
        wins server =
        workgroup = MYDOM
        idmap config MYDOM.local : range = 100000-999999
        idmap config MYDOM.local : backend = tdb
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        printing = bsd

More information about the samba mailing list