[Samba] Upgrade from 4.7 and Idmap check

Edson Tadeu Almeida da Silveira edson.tadeu at gmail.com
Thu Feb 6 10:32:48 UTC 2025 

Good morning everybody.

I searched the list here but I haven't found anything close to my problem
yet.

I'm using 2 DCs Samba 4.7 and now planning to upgrade to 4.21.

At some point I used the winbind configuration in smb.conf but, if I
understand correctly, it seems that in newer versions, this configuration
is not necessary in DC, so, i removed in this upgrade process:

  idmap_ldb:use rfc2307=yes
  idmap config *:backend = tdb
  idmap config *:range = 70001-80000
  idmap config MYDOM:backend = ad
  idmap config MYDOM:schema_mode = rfc2307
  idmap config MYDOM:range = 3000000-4000000
  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users = yes
  winbind enum groups = yes
  winbind max clients = 4000

Then. I simulated an inplace upgrade of samba from 4.7 to 4.21.
Apparently everything went well in the test environment until now, but I
noticed some details that I would like to know if this could be a problem
and, if so, how I could solve it.

1 -  In the log.winbindd:

 [2025/02/06 06:55:04.483261, 1, traceid=3]
../../source3/winbindd/winbindd_getpwnam.c:146(winbindd_getpwnam_recv_
    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
  [2025/02/06 06:57:17.530873, 1, traceid=7]
../../source3/winbindd/winbindd_getgroups.c:262(winbindd_getgroup_recv_
    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
  [2025/02/06 06:58:47.110201, 1, traceid=13]
../../source3/winbindd/winbindd_getpwnam.c:146(winbindd_getpwnam_recv_
    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED

2- I the log.smbd:

  [2025/02/06 06:55:04.483261, 1, traceid=3]

3 - When issue the command: 'samba-tool ntacl sysvolcheck' i receive:

  ERROR(<class 'OSError'>): Could not access
/usr/local/samba/var/locks/sysvol/mydom.local: No data avaiable - [Errno
61] No data avaiable:  '/usr/local/samba/var/locks/sysvol/mydom.local'

However, this directory does exist on the system:

  /usr/local/samba/var/locks/sysvol:
  drwxrwx---+  3 3000008 MYDOM\domain admins    4096 Mar  9  2017 sysvol

  /usr/local/samba/var/locks/sysvol/mydom.local:
  drwxrwx---+ 4 root    BUILTIN\administrators 4096 Nov 21  2017
mydom.local.local

4 - When issue the command: 'samba-tool ntacl sysvolreset' i receive:

  idmap range not specified for domain '*'
  idmap range not specified for domain '*'
  idmap range not specified for domain '*'
  idmap range not specified for domain '*'
  idmap range not specified for domain '*'


I did some tests:

# wbinfo -i user
 MYDOM\user:*:3020070:100::/home/MYDOM/user:/bin/false

# wbinfo --name-to-sid=1833600
 S-1-5-21-1058002876-845724780-2777320708-32541 SID_USER (1)

# wbinfo --uid-to-sid=3020070
 S-1-5-21-1058002876-845724780-2777320708-32541

# wbinfo -a user%MYPASS
 plaintext password authentication succeeded
 challenge/response password authentication succeeded



Thanks!

More information about the samba mailing list