[Samba] check_account: Failed to convert SID to a UID
Rowland Penny
rpenny at samba.org
Mon May 9 15:18:27 UTC 2022
On Mon, 2022-05-09 at 14:05 +0000, Sabolowitsch, Stefan via samba
wrote:
> Hi there,
> get this error message when accessing a share.
> # check_account: Failed to find local account with UID 663 for SID S-
> 1-5-21-3855358086-4131983242-2739128174-31637 (dom_user
>
> I have a SLES 15 SP3 with this Samba Config.
> [global]
> workgroup = TEST
> realm = TEST.LOCAL
> security = ADS
> preferred master = no
> encrypt passwords = yes
> log level = 0
> log file = /var/log/samba/%m
> max log size = 100
> max open files = 8000
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind nested groups = Yes
> idmap uid = 600-20000
> idmap gid = 600-20000
> template homedir = /home/%D/%U
> usershare allow guests = No
> winbind refresh tickets = yes
> template shell = /bin/bash
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> username map = /etc/samba/mapfile
>
> client min protocol = SMB2
> client max protocol = SMB3
>
You have quite a few default settings, a couple of un-required lines
(the 'enum' ones) and two deprecated (for many years) lines:
idmap uid = 600-20000
idmap gid = 600-20000
These have been replaced the 'idmap config' lines, at present
everything is going into the default '*' domain, you should have lines
similar to these:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config TEST : backend = rid
idmap config TEST : range = 10000-999999
Though yours may need a different idmap backend for TEST and different
ranges (NOTE: the ranges must be different and not overlap.
What is in the mapfile ?
You may need to add 'min domain uid = 0' to the 'global' part of your
smb.conf
Rowland
More information about the samba
mailing list