[Samba] samba crashes windows explorer (while trying to view file permissions)

Rowland Penny rpenny at samba.org
Sat Nov 19 12:55:11 UTC 2022

On 19/11/2022 11:49, Michael Tokarev via samba wrote:
> 19.11.2022 14:36, Michael Tokarev via samba пишет:
>> Unable to convert second SID 
>> (S-1-5-21-540662649-332824406-1706519170-513) in user token to a GID. 
>> Conversion was returned as type 0, full token:

They are all what is known as the 'Well Known SIDS', see here:


> I found this:
> https://www.spinics.net/lists/samba/msg174381.html
> which shows an issue with idmap.ldb.
> But in my case this is a fresh domain, created with nothing in 
> /var/lib/samba/,
> so I can't restore idmap.ldb from a backup, - because this file has just 
> been
> created (and no, I didn't try to replicate it to another DC yet, to fix the
> uid/gid mismatches there as has been mentioned in another thread).
>  From tdbdump /var/lib/samba/private/idmap.ldb:

Try using ldbedit, it is a lot more readable:

ldbedit -e nano -H /var/lib/samba/private/idmap.ldb

dn: CN=S-1-5-21-627072207-2265849604-124128874-513
cn: S-1-5-21-627072207-2265849604-124128874-513
objectClass: sidMap
objectSid: S-1-5-21-627072207-2265849604-124128874-513
xidNumber: 100
distinguishedName: CN=S-1-5-21-627072207-2265849604-124128874-513

> {
> key(50) = "DN=CN=S-1-5-21-540662649-332824406-1706519170-513\00"
> data(231) = 
> "g\19\01&\05\00\00\00CN=S-1-5-21-540662649-332824406-1706519170-513\00cn\00\01\00\00\00+\00\00\00S-1-5-21-540662649-332824406-1706519170-513\00objectClass\00\01\00\00\00\06\00\00\00sidMap\00objectSid\00\01\00\00\00\1C\00\00\00\01\05\00\00\00\00\00\05\15\00\00\00y\DB9 V\7F\D6\13\82j\B7e\01\02\00\00\00type\00\01\00\00\00\0B\00\00\00ID_TYPE_GID\00xidNumber\00\01\00\00\00\03\00\00\00100\00"
> }
> - which - I think - should match, no?

'100' is the Unix group users, the SID '-513' is for Domain Users, so it 
is mapping Domain Users to the Unix group 'users'.

Samba should not crash, so you need to find out why it is doing so. Is 
it something you are doing somehow ? If not, then a bug report should be 
raised on the Samba bugzilla.


More information about the samba mailing list