[Samba] "Failed to convert SID" Errors for Some Users on UNRAID with Windows AD Domain.
Rowland Penny
rpenny at samba.org
Sun Jul 24 19:11:38 UTC 2022
On Sun, 2022-07-24 at 18:42 +0000, Geoff Bland via samba wrote:
> I have an UNRAID server, UNRAID allows shares with Samba via Windows
> AD access rights.
>
> I have recently upgraded to the latest UNRAID server version, 6.10.2
> and now several of my Windows users cannot connect to any shares on
> UNRAID - most can however.
>
> I am not the only UNRAID user affected - the same issue has been
> reported several times on the UNRAID forum with users upgrading to
> the same version. Unfortunately none of us are Samba experts.
>
> We have had no solution to this yet but it was suggested that we
> should try asking on the Samba forums to see if anyone there has any
> idea.
> For my setup (other UNRAID users have different setups but the same
> issues) I have 2 Windows Server 2022 boxes running as domain
> controllers. Both also run DNS and DHCP. Both have static IP
> addresses. The UNRAID box has the 2 Windows Server for DNS and is
> "joined" to this domain.
> The syslog is continually spitting out this error “Jul 15 21:58:49
> UNRAID01 smbd[****]: check_account: Failed to convert SID S-1-5-21-
> XXXXXXXX-XXXXXXXX-XXXXXXXX-1105 to a UID (dom_user[DOMAIN\username)”
> for all users with the issue.
>
> I can do a "wbinfo -n" and that works OK but a "wbinfo -i" fails with
> WBC_ERR_DOMAIN_NOT_FOUND.
>
> root at UNRAID01:~# wbinfo -n "DOMAIN\\user"
>
> S-1-5-21- XXXXXXXX-XXXXXXXX-XXXXXXXX-1105 SID_USER (1)
>
> root at UNRAID01:~# wbinfo -i " DOMAIN\\username"
>
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
>
> Could not get info for user DOMAIN\username
>
> As far as I can tell the Samba service is connected to the AD domain
> and the idmap mappings are set correctly, I think these are the
> relevant samba.conf settings and they all look correct to me(?):
> ntlm auth = Yes
> workgroup = SHORTDOMAINNAME
> realm = FQDOMAINNAME
> idmap config * : backend = hash
I take it that UNRAID creates the smb.conf and if they did, did they
not read 'man idmap_hash' ? If they did, they would have found at the
top:
NAME
idmap_hash - DO NOT USE THIS BACKEND
And a little bit further down:
DESCRIPTION
DO NOT USE THIS PLUGIN
Need I say more ?
Rowland
More information about the samba
mailing list