[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED

Carlos Jesus camjesus2 at gmail.com
Tue Aug 1 09:43:32 UTC 2023 

Hi all!
Both my DC's running 4.17.6 on Debian Bullseye (with  bullseye-backports)
exhibit the same error:
[2023/08/01 07:45:01.647357,  1]
../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
 Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
About 1/minute

My smb.conf is minimal (I removed the SHARES section)
[global]
        realm = EUROHIDRA.LOCAL
        workgroup = EUROHIDRA
        netbios name = EHDC1
        server role = active directory domain controller
#       interfaces = lo br0
#        bind interfaces only = Yes
        idmap_ldb:use rfc2307 = yes
        log level = 1  auth_json_audit:2@/var/log/samba/auth.log sam:2@
/var/log/samba/sam.log
        log file = /var/log/samba/samba.log

        server services = -dns
        template shell = /bin/bash
        template homedir = /home/%U
        winbind use default domain = yes
#        winbind enum users = yes
#        winbind enum groups = yes

dns zone scavenging = yes
#Disable Printing
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

I've tried with and without winbind enum. DNS scavenging is there as a test
but I don't think is related. Replication gives no errors and the same for
samba-tool dbcheck. Is this just cosmetic?

best regards

Norbert Hanke via samba <samba at lists.samba.org> escreveu no dia quarta,
26/07/2023 à(s) 21:01:

> Hi,
>
>
> I have the same issue with "Could not convert SID S-0-0..." on 2 out of
> 3 DCs. These messages _are_ cluttering syslog: 54 000 such messages with
> severity "Warning" in the last 21 1/2 hours .
>
> All 3 DCs are on samba 4.17.9 with identical configurations.
>
> The DC that does not have the problem runs on Debian bullseye, using
> bullseye-backports packages. It exists since many months, more or less
> since Michael Tokarev provides the bullseye-packport packages, and has
> repeatedly been updated since then.
>
> The affected DCs run on Debian bookworm, using regular bookworm
> packages. They were freshly joined after their equally named
> predecessors had been cleanly demoted, and they had their idmap.ldb
> taken from the preexisting DC.
>
> My /etc/samba/smb.conf:
>
> # Global parameters
> [global]
>          netbios name = DC2
>          realm = AD.MYDOMAIN.TLD
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          workgroup = MYDOMAIN
>          idmap_ldb:use rfc2307  = yes
>
> logging = syslog at 3
> log level = 1
> printing = BSD
> printcap name = /dev/null
> load printers = no
> tls ca file = /usr/local/share/ca-certificates/MydomainCA1.crt
> username map = /etc/samba/user.map
> disable spoolss = yes
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> [netlogon]
>          path = /var/lib/samba/sysvol/ad.mydomain.tld/scripts
>          read only = No
>
>
> Any clue anyone?
>
> regards,
> Norbert
>
> On 25.07.2023 13:21, Peter Eriksson via samba wrote:
> > In my never-ending quest of removing clutter from the log files, I
> notice that we in /var/log/messages get a lot of:
> >
> >> Jul 25 13:08:30 filur00 winbindd[88603]: [2023/07/25 13:08:30.756462,
> 1]
> ../../source3/winbindd/winbindd_lookupname.c:122(winbindd_lookupname_recv)
> >> Jul 25 13:08:30 filur00 winbindd[88603]:   Could not convert SID S-0-0,
> error is NT_STATUS_NONE_MAPPED
> > Seems to happen when our test-user logs in.
> >
> > I can just remove that log line in the source code, but I’m curious if
> there is something else I can do to silence it. I was thinking it was
> related to directories owned by the ‘root’ user (which doesn’t have a
> mapping to a Windows user but I’ve tried to get rid of the root-owned
> directories in the path for the test user but it doesn’t seem to help much.
> Any ideas?
> >
> >
> > Another error in the syslog messages file is:
> >
> > Jul 25 13:16:19 filur00 samba-dcerpcd[43617]: [2023/07/25
> 13:16:19.901490,  1]
> ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> > Jul 25 13:16:19 filur00 samba-dcerpcd[43617]:   rpc_pipe_open_ncalrpc:
> connect(/liu/var/samba/ncalrpc/EPMAPPER) failed: No such file or directory
> >
> > This only happens once when starting Samba but it still annoys me. There
> is no EPMAPPER object in that directory, the closest that looks relevant is:
> >
> >    /liu/var/samba/ncalrpc/np/epmapper
> >
> > Is that supposed to point to the same thing?
> >
> >
> > Samba 4.18.5, FreeBSD 13.2
> >
> > - Peter
> >
> >
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list