[Samba] string_to_sid: SID @www is not in a valid format
Rowland Penny
rpenny at samba.org
Fri Jan 10 10:14:41 UTC 2025
On Thu, 9 Jan 2025 16:55:27 -0600
E R via samba <samba at lists.samba.org> wrote:
> While reviewing a single problem report about one of Samba servers I
> noticed these entries in the log files that are created by Samba. I
> tend to think they are just informational and not a symptom of an
> issue in my setup which has not changed in many months. But I found a
> few of posts here over the years with a similar message but no
> conclusive info on what they may mean or if action is needed. Do
> others with a similar setup as mine see these messages in your logs?
> (The @www in my case is for a group that I use to control access to a
> www server, but I have other groups that also appear in the logs.
> Your group name would be different. I populate the Linux group with
> AD account names for those who should have access and Winbind does its
> magic.)
>
> The documentation for smb.conf's "valid users" indicates that when you
> use the @ sign it is interpreted as NIS netgroup first and then as
> UNIX group. I am thinking this log entry MIGHT mean that it did not
> find an NIS group?
>
> Source Reference from Error:
> … ../../libcli/security/dom_sid.c:216(dom_sid_parse_endp)
It might help if you post the log fragment around that error.
However, the reference to line 216 means you are running an older
version of Samba.
>
> Line 216 in the dom_sid.c file appears to have a function that checks
> to see if the SID isdigit and when it is not, it calls the
> format_error function. In my case the group name is "www" so that
> would not be a digit like most SIDs are.
>
> format_error:
> DEBUG(3, ("string_to_sid: SID %s is not in a valid format\n",
> sidstr)); return false;
>
> Share:
> [www]
> comment = Samba share for www
> create mask = 0664
> directory mask = 0775
> force user = www
> path = /export/home/www/htdocs
> read only = No
> valid users = @www
> write list = @www
>
That is the 'old' way of doing things, you would be better off reading
this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Also if the path means what it possibly could i.e. you are sharing an
NFS mount, then I suggest you stop doing this, it really isn't a good
idea.
> Other tidbits:
> Security = ADS
> Backend is autorid
> Winbind used (sssd packages removed before installing Samba)
>
Just posting the share isn't enough, it would help if we can see
'global' as well.
Rowland
More information about the samba
mailing list