[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED

Carlos Jesus camjesus2 at gmail.com
Tue Aug 1 14:07:53 UTC 2023 

Hi Rowland, thanks for the reply

Rowland Penny via samba <samba at lists.samba.org> escreveu no dia terça,
1/08/2023 à(s) 11:03:

>
>
> On 01/08/2023 10:43, Carlos Jesus via samba wrote:
> > Hi all!
> > Both my DC's running 4.17.6 on Debian Bullseye (with  bullseye-backports)
> > exhibit the same error:
> > [2023/08/01 07:45:01.647357,  1]
> > ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv)
> >   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > About 1/minute
> >
> > My smb.conf is minimal (I removed the SHARES section)
>
> Trouble is, other than the 'sysvol' and 'netlogon' shares, you shouldn't
> be using a DC as a fileserver, it isn't recommended by Samba.
>

Yes. The only Shares are indeed sysvol and netlogon.  The DC's are NOT
fileservers.

>
> > [global]
> >          realm = EUROHIDRA.LOCAL
>
> Is '.local' your real TLD ?
> If it is, I suggest you turn off Bonjour and Avahi everywhere.
>
> Unfortunatly it is :(....

Bonjour and avahi are stopped and masked everywhere.


> >          workgroup = EUROHIDRA
> >          netbios name = EHDC1
> >          server role = active directory domain controller
> > #       interfaces = lo br0
> > #        bind interfaces only = Yes
> >          idmap_ldb:use rfc2307 = yes
> >          log level = 1  auth_json_audit:2@/var/log/samba/auth.log sam:2@
> > /var/log/samba/sam.log
> >          log file = /var/log/samba/samba.log
> >
> >          server services = -dns
> >          template shell = /bin/bash
> >          template homedir = /home/%U
> >          winbind use default domain = yes
>
> I suggest you remove the 'winbind use default domain' line, it does
> nothing on a DC and, though unlikely, it could have something to do with
> your problem.
>
> Will do. Will it interfere with PAM authentication?


> > #        winbind enum users = yes
> > #        winbind enum groups = yes
> >
> > dns zone scavenging = yes
> > #Disable Printing
> >          load printers = no
> >          printing = bsd
> >          printcap name = /dev/null
> >          disable spoolss = yes
> >
> > I've tried with and without winbind enum. DNS scavenging is there as a
> test
> > but I don't think is related. Replication gives no errors and the same
> for
> > samba-tool dbcheck. Is this just cosmetic?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


Best regards

More information about the samba mailing list