[Samba] samba domain member: local account for a domain user is required??

Michael Tokarev mjt at tls.msk.ru
Mon Oct 31 12:28:28 UTC 2022

While setting up a new samba domain member server and failing to setup
winbind configuration properly, I found the following lines in smbd.log:

[2022/10/31 15:23:58.372900,  0] ../../source3/auth/auth_util.c:1933(check_account)
   check_account: Failed to find local account with UID 1006 for SID S-1-5-21-411424318-379842365-2075518510-1010 (dom_user[TLS\mjt])

(repeated many times).

Yes, nss lookup (getpwuid) fails due to mistake in my config.  Which is
really easy to make, btw.

But this error message strongly suggest to create a local account for
this very user, with userid 1006. And it is too easy to conclude that
local account are *required* for domain users!

Is it not the right conclusion? If it is not, I guess this error message
must be changed to something more accurate.

But why do samba *ever* wants to perform getpwuid() lookup to begin with?



More information about the samba mailing list