[Samba] check_account: Failed to convert SID to a UID
Dermot
paikkos at googlemail.com
Tue Jan 18 13:19:17 UTC 2022
On Tue, 18 Jan 2022 at 12:18, Rowland Penny via samba <samba at lists.samba.org>
wrote:
> On Tue, 2022-01-18 at 11:57 +0000, Dermot via samba wrote:
> > Hi
> >
> >
> > *smdb, winbindd Version 4.13.14-Ubuntu 20.4.3 LTS *
> >
> >
> >
> > Name : MYDOM
> > Alt_Name : mydom.local
> > SID : S-1-5-21-4119587049-2642091325-2419064500
> > Active Directory : Yes
> > Native : Yes
> > Primary : Yes
> > failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not get info for user auser
> >
> > Another worrying sign is that `getent passwd auser` returns nothing.
> >
> > I thought I'd set-up the server correctly following
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> > instructions but perhaps I've missed something.
>
>
> > ==========
> > Load smb config files from /etc/samba/smb.conf
> > Loaded services file OK.
> > Weak crypto is allowed
> > Server role: ROLE_DOMAIN_MEMBER
> >
> > # Global parameters
> > [global]
> > load printers = No
> > log file = /var/log/samba/log.%m
> > logging = file
> > map to guest = Bad User
> > max log size = 1000
> > obey pam restrictions = Yes
> > panic action = /usr/share/samba/panic-action %d
> > realm = MYDOM.LOCAL
> > security = ADS
> > server role = member server
> > server string = %h server (Samba, Server)
> > template shell = /bin/bash
> > unix extensions = No
> > usershare allow guests = Yes
> > winbind use default domain = Yes
> > wins server = 192.168.0.134
> > workgroup = MYDOM
> > idmap config MYDOM.local : range = 100000-999999
> > idmap config MYDOM.local : backend = tdb
>
> Where, on the page you linked to, does it say to use the REALM and
> 'tdb' for the main domain ?
>
On this page https://wiki.samba.org/index.php/Idmap_config_rid
I think* the problem was with whitespace in the config file. The file
looked like this:
..
idmap config * : backend = tdb
idmap config * : range = 3001-7999
idmap config MYDOM : backend = rid
idmap config MYDOM : range = 100000-999999
template shell = /bin/bash
template homedir = /home/%U
Once I remove the excess space and `smbcontol all reload-config &&
testparam /etc/samba/smb.conf`, the output looked like this:
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
panic action = /usr/share/samba/panic-action %d
realm = SCIENCEPHOTO.LOCAL
security = ADS
server role = member server
server string = %h server (Samba, Image Server)
template homedir = /home/%U
template shell = /bin/bash
unix extensions = No
usershare allow guests = Yes
winbind use default domain = Yes
wins server = 192.168.0.134
workgroup = SCIENCEPHOTO
idmap config sciencephoto : range = 100000-999999
idmap config sciencephoto : backend = rid
idmap config * : range = 3001-7999
idmap config * : backend = tdb
printing = bsd
> > idmap config * : range = 3000-7999
>
> Guess where all you users and groups are ?
>
> The other question is, you are showing '.local' as your TLD, if this
> isn't sanitisation, then why ?
>
.local' is the TLD for the AD server. It has an cname/alias when the domain
was set-up decades ago. It was given that TLD as it required one and wanted
to be authoritative for that domain. We didn't want it being authoritative
for our '.com' TLD.
> Set your domain lines like this:
>
> idmap config MYDOM : range = 100000-999999
> idmap config MYDOM : backend = rid
>
> Rowland
>
>
I'm getting a slightly different error message now:
check_account: Failed to find local account with UID 101187 for SID
S-1-5-21-4119587049-2642091325-2419064500-1187 (dom_user[MYDOM\auser])
Thanks,
Dermot
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list