[Samba] samba crashes windows explorer (while trying to view file permissions)

Ingo Asche foren at asche-rz.de
Mon Nov 21 08:10:57 UTC 2022 

Hi Rowland,

in my case the DCs are only DCs and the not working shares are located 
on a Synology NAS. The standard shares of the DCs are working as expected...

By the way Michael, I have similar error messages in my log. I'm 
wondering about the "Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED".

What well-known SID is that. I can't remember such an SID.

Regards
Ingo
https://github.com/WAdama

Rowland Penny via samba schrieb am 21.11.2022 um 08:25:
>
>
> On 21/11/2022 06:26, Michael Tokarev via samba wrote:
>> 19.11.2022 18:57, Michael Tokarev via samba wrote:
>> ..
>>> I *think* this is "winbind nss info = rfc2307" setting.   With this 
>>> one,
>>> I *have* to configure gidNumbers for every group in the AD. But these
>>> groups are *not* propagated into winbindd even after multiple 
>>> reload-config and
>>> net cache flush, some *time* have to pass...
>>
>> So, the problem was with winbind nss info = rfc2307.  And commenting 
>> it out
>> in smb.conf and doing 'smbcontrol all reload-config' does not change 
>> things,
>> this is why it took so long to find out.  After restarting whole 
>> thing, the
>> changes do take effect and becomes visible.
>>
>> It looks like quite some things needs to be changed here.
>>
>> And it looks like DC mode is significantly different from other 
>> modes, where
>> many parameters described in the man page work differently, does not 
>> work at
>> all, or just break other things.
>>
>> All these little discrepancies, while not bad when is faced 
>> independently, when
>> happens all together, makes samba to look like very unreliable thing.
>>
>> /mjt
>>
>
> There are numerous problems with using a Samba AD DC as a fileserver, 
> one of which is that it uses a totally different idmapping system than 
> any other Samba machine. This means that you cannot use any of the 
> parameters that you would use on a Unix domain member. I have seen 
> users attempt to use the 'idmap config' lines, but they usually have 
> no effect, I cannot remember the use of 'winbind nss info' before, but 
> again, the winbind  lines mostly have no effect.
>
> The top and bottom of it is, do not use a Samba AD DC as a fileserver, 
> but if you do, do not attempt to set it up like a Unix domain member.
>
> I suggest you read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Using_the_Domain_Controller_as_a_File_Server_.28Optional.29 
>
>
> Rowland
>

More information about the samba mailing list