[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED

Norbert Hanke norbert.hanke at gmx.ch
Wed Jul 26 20:00:03 UTC 2023


I have the same issue with "Could not convert SID S-0-0..." on 2 out of
3 DCs. These messages _are_ cluttering syslog: 54 000 such messages with
severity "Warning" in the last 21 1/2 hours .

All 3 DCs are on samba 4.17.9 with identical configurations.

The DC that does not have the problem runs on Debian bullseye, using
bullseye-backports packages. It exists since many months, more or less
since Michael Tokarev provides the bullseye-packport packages, and has
repeatedly been updated since then.

The affected DCs run on Debian bookworm, using regular bookworm
packages. They were freshly joined after their equally named
predecessors had been cleanly demoted, and they had their idmap.ldb
taken from the preexisting DC.

My /etc/samba/smb.conf:

# Global parameters
         netbios name = DC2
         realm = AD.MYDOMAIN.TLD
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
         workgroup = MYDOMAIN
         idmap_ldb:use rfc2307  = yes

logging = syslog at 3
log level = 1
printing = BSD
printcap name = /dev/null
load printers = no
tls ca file = /usr/local/share/ca-certificates/MydomainCA1.crt
username map = /etc/samba/user.map
disable spoolss = yes

         path = /var/lib/samba/sysvol
         read only = No

         path = /var/lib/samba/sysvol/ad.mydomain.tld/scripts
         read only = No

Any clue anyone?


On 25.07.2023 13:21, Peter Eriksson via samba wrote:
> In my never-ending quest of removing clutter from the log files, I notice that we in /var/log/messages get a lot of:
>> Jul 25 13:08:30 filur00 winbindd[88603]: [2023/07/25 13:08:30.756462,  1] ../../source3/winbindd/winbindd_lookupname.c:122(winbindd_lookupname_recv)
>> Jul 25 13:08:30 filur00 winbindd[88603]:   Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
> Seems to happen when our test-user logs in.
> I can just remove that log line in the source code, but I’m curious if there is something else I can do to silence it. I was thinking it was related to directories owned by the ‘root’ user (which doesn’t have a mapping to a Windows user but I’ve tried to get rid of the root-owned directories in the path for the test user but it doesn’t seem to help much. Any ideas?
> Another error in the syslog messages file is:
> Jul 25 13:16:19 filur00 samba-dcerpcd[43617]: [2023/07/25 13:16:19.901490,  1] ../../source3/rpc_client/cli_pipe.c:3014(rpc_pipe_open_ncalrpc)
> Jul 25 13:16:19 filur00 samba-dcerpcd[43617]:   rpc_pipe_open_ncalrpc: connect(/liu/var/samba/ncalrpc/EPMAPPER) failed: No such file or directory
> This only happens once when starting Samba but it still annoys me. There is no EPMAPPER object in that directory, the closest that looks relevant is:
>    /liu/var/samba/ncalrpc/np/epmapper
> Is that supposed to point to the same thing?
> Samba 4.18.5, FreeBSD 13.2
> - Peter

More information about the samba mailing list