[Samba] check_account: Failed to find local account with UID" issue / The university of Chicago
Himanshi Yadav
hyadav at uchicago.edu
Fri Jul 28 16:35:55 UTC 2023
Hi Experts,
We encountered a weird issue after restarting the server. Seems everything working fine on the configuration side but the user’s not able to authenticate with the Samba server. Can you please help to investigate the issue?
Our setup details and configuration file + error logs + service status.
Samba:- 4.18.3-0
CentOS Linux release 8.4.2105
Authentication mechanism is SSSD
[root at midway3-dm1 samba]# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "encrypt passwords" option is deprecated
Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
# Global parameters
[global]
clustering = Yes
idmap cache time = 1
idmap negative cache time = 1
kerberos method = system keytab
log file = /var/log/samba/log.%m
max log size = 50
netbios name = DMCIFS
realm = AD.UCHICAGO.EDU
security = ADS
server min protocol = SMB3_02
server string = Samba Server Version %v
winbind cache time = 1
workgroup = AD
fruit:delete_empty_adfiles = yes
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:veto_appledouble = no
fruit:posix_rename = yes
fruit:model = MacSamba
fruit:metadata = stream
fileid:algorithm = fsname
idmap config ad : range = 1401-2147483647
idmap config ad : backend = sss
idmap config * : range = 2147483648-3000000000
idmap config * : backend = tdb2
hosts allow = 127. 128.135.0.0/255.255.0.0 205.208.0.0/255.255.128.0 10.0.0.0/255.0.0.0 192.170.192.0/255.255.224.0
invalid users = root bin daemon adm lp sync shutdown halt mail operator games ftp nobody dbus systemd-coredump systemd-resolve tss polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser gnome-initial-setup sshd pesign avahi rngd tcpdump munge
kernel oplocks = Yes
vfs objects = gpfs fileid catia fruit streams_xattr
[root at midway3-dm1 samba]# wbinfo -D ADLOCAL
Name : ADLOCAL
Alt_Name : ad.local
SID : S-1-5-21-1644491937-1604221776-725345543
Active Directory : Yes
Native : Yes
Primary : No
Error file /////
[2023/07/28 10:57:18.459537, 0] ../../source3/auth/auth_util.c:1936(check_account)
check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
[2023/07/28 10:57:20.478287, 0] ../../source3/auth/auth_util.c:1936(check_account)
check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
[2023/07/28 10:57:20.484230, 0] ../../source3/auth/auth_util.c:1936(check_account)
check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
[root at midway3-dm1 samba]# wbinfo -s S-1-5-21-1644491937-1604221776-725345543-304562
ADLOCAL\dgmartin 1
[root at midway3-dm1 samba]# id dgmartin
uid=2088466063(dgmartin) gid=2088466063(dgmartin) groups=2088466063(dgmartin),10008(rcc),10741(pi-vitelli)
[root at midway3-dm1 samba]# smbstatus
Samba version 4.18.3
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
No locked files
[root at midway3-dm1 samba]# systemctl status smb.service
● smb.service - Samba SMB Daemon
Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-07-28 09:33:17 CDT; 1h 25min ago
Docs: man:smbd(8)
man:samba(7)
man:smb.conf(5)
Main PID: 1084106 (smbd)
Status: "smbd: ready to serve connections..."
Tasks: 4 (limit: 1233751)
Memory: 7.3M
CGroup: /system.slice/smb.service
├─1084106 /usr/sbin/smbd --foreground --no-process-group
├─1084110 /usr/sbin/smbd --foreground --no-process-group
├─1084111 /usr/sbin/smbd --foreground --no-process-group
└─1246399 /usr/sbin/smbd --foreground --no-process-group
Jul 28 10:58:39 midway3-dm1.rcc.local smbd[1246399]: [2023/07/28 10:58:39.579270, 0] ../../source3/auth/auth_util.c:1936(check_account)
Jul 28 10:58:39 midway3-dm1.rcc.local smbd[1246399]: check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
Jul 28 10:58:41 midway3-dm1.rcc.local smbd[1246399]: [2023/07/28 10:58:41.590064, 0] ../../source3/auth/auth_util.c:1936(check_account)
Jul 28 10:58:41 midway3-dm1.rcc.local smbd[1246399]: check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
Jul 28 10:58:41 midway3-dm1.rcc.local smbd[1246399]: [2023/07/28 10:58:41.595463, 0] ../../source3/auth/auth_util.c:1936(check_account)
Jul 28 10:58:41 midway3-dm1.rcc.local smbd[1246399]: check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
Jul 28 10:58:43 midway3-dm1.rcc.local smbd[1246399]: [2023/07/28 10:58:43.605547, 0] ../../source3/auth/auth_util.c:1936(check_account)
Jul 28 10:58:43 midway3-dm1.rcc.local smbd[1246399]: check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
Jul 28 10:58:43 midway3-dm1.rcc.local smbd[1246399]: [2023/07/28 10:58:43.611198, 0] ../../source3/auth/auth_util.c:1936(check_account)
Jul 28 10:58:43 midway3-dm1.rcc.local smbd[1246399]: check_account: Failed to find local account with UID 2147483648 for SID S-1-5-21-1644491937-1604221776-725345543-304562 (dom_user[ADLOCAL\dgmartin])
More information about the samba
mailing list