Failed to find domain 'NT AUTHORITY'

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
Hello,
I recently set up a new software to backup samba share.
This software ( https://github.com/borgbackup/borg ) run on file server as
root cron script during the night and save file on external NAS.

The problem I have is that for each file copied from
samba share to external NAS, winbindd log an error
such this to samba.log.winbindd and /var/log/messages

[2017/11/06 11:05:16.747449,  0]
../source3/winbindd/winbindd_group.c:45(fill_grent)
   Failed to find domain 'NT AUTHORITY'. Check connection to trusted
domains!

thousends lines !!! ( 2 lines for each file )
This problem also slow down the backup process.

This happen only on share named [utenti] ( home share ) and not
on share [gruppi].

this is the winbindd log output at log level 5

[2017/11/06 14:58:04.800302,  3]
../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
   [27319]: request interface version (version = 28)
[2017/11/06 14:58:04.800377,  3]
../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
   [27319]: request location of privileged pipe
[2017/11/06 14:58:04.800498,  3]
../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
   getpwuid 3000033
[2017/11/06 14:58:04.815079,  3]
../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
   getpwuid 3000000
[2017/11/06 14:58:04.820655,  5]
../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
   Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
[2017/11/06 14:58:04.820845,  3]
../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
   getpwuid 3000002
[2017/11/06 14:58:04.826444,  5]
../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
   Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
[2017/11/06 14:58:04.826582,  3]
../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
   getpwuid 3000008
[2017/11/06 14:58:04.832246,  5]
../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
   Could not convert sid S-1-5-21-1853045328-2428526881-2616184179-512:
NT_STATUS_NO_SUCH_USER
[2017/11/06 14:58:04.832357,  3]
../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
   getpwuid 3000033
[2017/11/06 14:58:04.838453,  3]
../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
   getgrgid 3000000
[2017/11/06 14:58:04.844045,  3]
../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
   getgrgid 3000002
[2017/11/06 14:58:04.849482,  0]
../source3/winbindd/winbindd_group.c:45(fill_grent)
   Failed to find domain 'NT AUTHORITY'. Check connection to trusted
domains!
[2017/11/06 14:58:04.849528,  5]
../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
   fill_grent failed
[2017/11/06 14:58:04.849641,  3]
../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
   getgrgid 3000008
[2017/11/06 14:58:04.854863,  3]
../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
   getgrgid 3000008
[2017/11/06 14:58:04.860567,  3]
../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
   getgrgid 3000033
[2017/11/06 14:58:04.866466,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
   getpwnam 3000000
[2017/11/06 14:58:04.872322,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2017/11/06 14:58:04.872476,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
   getpwnam 3000002
[2017/11/06 14:58:04.878349,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2017/11/06 14:58:04.878500,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
   getpwnam 3000008
[2017/11/06 14:58:04.884406,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2017/11/06 14:58:04.884571,  3]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
   getpwnam APAM-AD\134garvati
[2017/11/06 14:58:04.890192,  5]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2017/11/06 14:58:04.890485,  3]
../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
   getgrnam BUILTIN\134administrators
[2017/11/06 14:58:04.896378,  5]
../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
[2017/11/06 14:58:04.896527,  3]
../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
   getgrnam 3000002
[2017/11/06 14:58:04.902694,  5]
../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
   Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED


-----------------
Linux version 2.6.32-642.13.1.el6.x86_64
CentOS release 6.8 (Final)
samba 4.6.9 AD DC
-------------------
smb.conf
# Global parameters
[global]
         workgroup = APAM-AD
         realm = apam-ad.apam.it
         netbios name = APAMFS2
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes
         printing = bsd
         printcap name = /dev/null
         load printers = no
         log file = /usr/local/samba/var/samba.log.%m
         log level = 0
         winbind enum users = yes
         winbind enum groups = yes

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No

[utenti]
         path = /dati/utenti
         read only = No
         directory mask = 700
         create mask = 700
         vfs object = recycle
         recycle:repository = /dati/utenti/%U/.recycle
         recycle:keeptree = yes
         recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
         recycle:maxsize = 10485760
         recycle:exclude_dir = .recycle

[gruppi]
         path = /dati/gruppi
         read only = No
         create mask = 770


Can someone help me ?

thank you

giuseppe

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
On Mon, 6 Nov 2017 15:27:13 +0100
Giuseppe Arvati via samba <[hidden email]> wrote:

> Hello,
> I recently set up a new software to backup samba share.
> This software ( https://github.com/borgbackup/borg ) run on file
> server as root cron script during the night and save file on external
> NAS.
>
> The problem I have is that for each file copied from
> samba share to external NAS, winbindd log an error
> such this to samba.log.winbindd and /var/log/messages
>
> [2017/11/06 11:05:16.747449,  0]
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
>    Failed to find domain 'NT AUTHORITY'. Check connection to trusted
> domains!
>
> thousends lines !!! ( 2 lines for each file )
> This problem also slow down the backup process.
>
> This happen only on share named [utenti] ( home share ) and not
> on share [gruppi].
>
> this is the winbindd log output at log level 5
>
> [2017/11/06 14:58:04.800302,  3]
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
>    [27319]: request interface version (version = 28)
> [2017/11/06 14:58:04.800377,  3]
> ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
>    [27319]: request location of privileged pipe
> [2017/11/06 14:58:04.800498,  3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000033
> [2017/11/06 14:58:04.815079,  3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000000
> [2017/11/06 14:58:04.820655,  5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.820845,  3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000002
> [2017/11/06 14:58:04.826444,  5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.826582,  3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000008
> [2017/11/06 14:58:04.832246,  5]
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>    Could not convert sid
> S-1-5-21-1853045328-2428526881-2616184179-512: NT_STATUS_NO_SUCH_USER
> [2017/11/06 14:58:04.832357,  3]
> ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
>    getpwuid 3000033
> [2017/11/06 14:58:04.838453,  3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000000
> [2017/11/06 14:58:04.844045,  3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000002
> [2017/11/06 14:58:04.849482,  0]
> ../source3/winbindd/winbindd_group.c:45(fill_grent)
>    Failed to find domain 'NT AUTHORITY'. Check connection to trusted
> domains!
> [2017/11/06 14:58:04.849528,  5]
> ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
>    fill_grent failed
> [2017/11/06 14:58:04.849641,  3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000008
> [2017/11/06 14:58:04.854863,  3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000008
> [2017/11/06 14:58:04.860567,  3]
> ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
>    getgrgid 3000033
> [2017/11/06 14:58:04.866466,  3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000000
> [2017/11/06 14:58:04.872322,  5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.872476,  3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000002
> [2017/11/06 14:58:04.878349,  5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.878500,  3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam 3000008
> [2017/11/06 14:58:04.884406,  5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.884571,  3]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>    getpwnam APAM-AD\134garvati
> [2017/11/06 14:58:04.890192,  5]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.890485,  3]
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
>    getgrnam BUILTIN\134administrators
> [2017/11/06 14:58:04.896378,  5]
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> [2017/11/06 14:58:04.896527,  3]
> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
>    getgrnam 3000002
> [2017/11/06 14:58:04.902694,  5]
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
>    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
>
>
> -----------------
> Linux version 2.6.32-642.13.1.el6.x86_64
> CentOS release 6.8 (Final)
> samba 4.6.9 AD DC
> -------------------
> smb.conf
> # Global parameters
> [global]
>          workgroup = APAM-AD
>          realm = apam-ad.apam.it
>          netbios name = APAMFS2
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          printing = bsd
>          printcap name = /dev/null
>          load printers = no
>          log file = /usr/local/samba/var/samba.log.%m
>          log level = 0
>          winbind enum users = yes
>          winbind enum groups = yes
>
> [netlogon]
>          path
> = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts read only
> = No
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [utenti]
>          path = /dati/utenti
>          read only = No
>          directory mask = 700
>          create mask = 700
>          vfs object = recycle
>          recycle:repository = /dati/utenti/%U/.recycle
>          recycle:keeptree = yes
>          recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
>          recycle:maxsize = 10485760
>          recycle:exclude_dir = .recycle
>
> [gruppi]
>          path = /dati/gruppi
>          read only = No
>          create mask = 770
>
>
> Can someone help me ?
>
> thank you
>
> giuseppe
>

There is a bug for this:
https://bugzilla.samba.org/show_bug.cgi?id=12164

Also just a couple of things about your smb.conf:

I would remove the two 'winbind enum' lines, you DO NOT need them and
they slow things down.

You have lines like this 'directory mask = 700'
They do not work on a DC, you need to set the permissions from windows
or with setfacl.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
Hai Giuseppe,

( and +What Rowland said.. )

Samba4 ADDC (you name it file server?)
Nas with the storage. ( and is this one domain joined? If yes, post the smb.conf also from this one. )

Burg run the cron script on the Samba server over which protocol? Ssh, then your in trouble.

This one is also not resolved, so we need more info about the setup.
> > [2017/11/06 14:58:04.826444,  5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> >    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USE

wbinfo --sid-to-name S-1-5-32-544  
BUILTIN\Administrators 4

Then more below in the logs.
> > [2017/11/06 14:58:04.890485,  3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> >    getgrnam BUILTIN\134administrators

It somehow did resolve.

I cant make any if it.  (sorry)

Greetz,

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:[hidden email]] Namens
> Rowland Penny via samba
> Verzonden: maandag 6 november 2017 16:17
> Aan: [hidden email]
> Onderwerp: Re: [Samba] Failed to find domain 'NT AUTHORITY'
>
> On Mon, 6 Nov 2017 15:27:13 +0100
> Giuseppe Arvati via samba <[hidden email]> wrote:
>
> > Hello,
> > I recently set up a new software to backup samba share.
> > This software ( https://github.com/borgbackup/borg ) run on file
> > server as root cron script during the night and save file
> on external
> > NAS.
> >
> > The problem I have is that for each file copied from
> > samba share to external NAS, winbindd log an error
> > such this to samba.log.winbindd and /var/log/messages
> >
> > [2017/11/06 11:05:16.747449,  0]
> > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> >    Failed to find domain 'NT AUTHORITY'. Check connection
> to trusted
> > domains!
> >
> > thousends lines !!! ( 2 lines for each file )
> > This problem also slow down the backup process.
> >
> > This happen only on share named [utenti] ( home share ) and not
> > on share [gruppi].
> >
> > this is the winbindd log output at log level 5
> >
> > [2017/11/06 14:58:04.800302,  3]
> > ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> >    [27319]: request interface version (version = 28)
> > [2017/11/06 14:58:04.800377,  3]
> > ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> >    [27319]: request location of privileged pipe
> > [2017/11/06 14:58:04.800498,  3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> >    getpwuid 3000033
> > [2017/11/06 14:58:04.815079,  3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> >    getpwuid 3000000
> > [2017/11/06 14:58:04.820655,  5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> >    Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.820845,  3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> >    getpwuid 3000002
> > [2017/11/06 14:58:04.826444,  5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> >    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.826582,  3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> >    getpwuid 3000008
> > [2017/11/06 14:58:04.832246,  5]
> > ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> >    Could not convert sid
> > S-1-5-21-1853045328-2428526881-2616184179-512:
> NT_STATUS_NO_SUCH_USER
> > [2017/11/06 14:58:04.832357,  3]
> > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> >    getpwuid 3000033
> > [2017/11/06 14:58:04.838453,  3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> >    getgrgid 3000000
> > [2017/11/06 14:58:04.844045,  3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> >    getgrgid 3000002
> > [2017/11/06 14:58:04.849482,  0]
> > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> >    Failed to find domain 'NT AUTHORITY'. Check connection
> to trusted
> > domains!
> > [2017/11/06 14:58:04.849528,  5]
> > ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
> >    fill_grent failed
> > [2017/11/06 14:58:04.849641,  3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> >    getgrgid 3000008
> > [2017/11/06 14:58:04.854863,  3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> >    getgrgid 3000008
> > [2017/11/06 14:58:04.860567,  3]
> > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> >    getgrgid 3000033
> > [2017/11/06 14:58:04.866466,  3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> >    getpwnam 3000000
> > [2017/11/06 14:58:04.872322,  5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.872476,  3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> >    getpwnam 3000002
> > [2017/11/06 14:58:04.878349,  5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.878500,  3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> >    getpwnam 3000008
> > [2017/11/06 14:58:04.884406,  5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.884571,  3]
> > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> >    getpwnam APAM-AD\134garvati
> > [2017/11/06 14:58:04.890192,  5]
> > ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.890485,  3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> >    getgrnam BUILTIN\134administrators
> > [2017/11/06 14:58:04.896378,  5]
> > ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > [2017/11/06 14:58:04.896527,  3]
> > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> >    getgrnam 3000002
> > [2017/11/06 14:58:04.902694,  5]
> > ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> >
> >
> > -----------------
> > Linux version 2.6.32-642.13.1.el6.x86_64
> > CentOS release 6.8 (Final)
> > samba 4.6.9 AD DC
> > -------------------
> > smb.conf
> > # Global parameters
> > [global]
> >          workgroup = APAM-AD
> >          realm = apam-ad.apam.it
> >          netbios name = APAMFS2
> >          server role = active directory domain controller
> >          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbind, ntp_signd, kcc, dnsupdate
> >          idmap_ldb:use rfc2307 = yes
> >          printing = bsd
> >          printcap name = /dev/null
> >          load printers = no
> >          log file = /usr/local/samba/var/samba.log.%m
> >          log level = 0
> >          winbind enum users = yes
> >          winbind enum groups = yes
> >
> > [netlogon]
> >          path
> > = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts
> read only
> > = No
> >
> > [sysvol]
> >          path = /usr/local/samba/var/locks/sysvol
> >          read only = No
> >
> > [utenti]
> >          path = /dati/utenti
> >          read only = No
> >          directory mask = 700
> >          create mask = 700
> >          vfs object = recycle
> >          recycle:repository = /dati/utenti/%U/.recycle
> >          recycle:keeptree = yes
> >          recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
> >          recycle:maxsize = 10485760
> >          recycle:exclude_dir = .recycle
> >
> > [gruppi]
> >          path = /dati/gruppi
> >          read only = No
> >          create mask = 770
> >
> >
> > Can someone help me ?
> >
> > thank you
> >
> > giuseppe
> >
>
> There is a bug for this:
> https://bugzilla.samba.org/show_bug.cgi?id=12164
>
> Also just a couple of things about your smb.conf:
>
> I would remove the two 'winbind enum' lines, you DO NOT need them and
> they slow things down.
>
> You have lines like this 'directory mask = 700'
> They do not work on a DC, you need to set the permissions from windows
> or with setfacl.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
Aaaargggg....

The S-1-5-18 AND sid S-1-5-32-544 did not resolve.

But sid S-1-5-32-544 first not then later on it works.?
Sorry about the noice, but that one i wanted to point out also.

I hate it when im almost done with typing and mr Penny comes first.  ;-)  :-p


Greetz,

Louis




>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:[hidden email]] Namens
> > Rowland Penny via samba
> > Verzonden: maandag 6 november 2017 16:17
> > Aan: [hidden email]
> > Onderwerp: Re: [Samba] Failed to find domain 'NT AUTHORITY'
> >
> > On Mon, 6 Nov 2017 15:27:13 +0100
> > Giuseppe Arvati via samba <[hidden email]> wrote:
> >
> > > Hello,
> > > I recently set up a new software to backup samba share.
> > > This software ( https://github.com/borgbackup/borg ) run on file
> > > server as root cron script during the night and save file
> > on external
> > > NAS.
> > >
> > > The problem I have is that for each file copied from
> > > samba share to external NAS, winbindd log an error
> > > such this to samba.log.winbindd and /var/log/messages
> > >
> > > [2017/11/06 11:05:16.747449,  0]
> > > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > >    Failed to find domain 'NT AUTHORITY'. Check connection
> > to trusted
> > > domains!
> > >
> > > thousends lines !!! ( 2 lines for each file )
> > > This problem also slow down the backup process.
> > >
> > > This happen only on share named [utenti] ( home share ) and not
> > > on share [gruppi].
> > >
> > > this is the winbindd log output at log level 5
> > >
> > > [2017/11/06 14:58:04.800302,  3]
> > >
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> > >    [27319]: request interface version (version = 28)
> > > [2017/11/06 14:58:04.800377,  3]
> > > ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> > >    [27319]: request location of privileged pipe
> > > [2017/11/06 14:58:04.800498,  3]
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000033
> > > [2017/11/06 14:58:04.815079,  3]
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000000
> > > [2017/11/06 14:58:04.820655,  5]
> > >
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.820845,  3]
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000002
> > > [2017/11/06 14:58:04.826444,  5]
> > >
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.826582,  3]
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000008
> > > [2017/11/06 14:58:04.832246,  5]
> > >
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid
> > > S-1-5-21-1853045328-2428526881-2616184179-512:
> > NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.832357,  3]
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000033
> > > [2017/11/06 14:58:04.838453,  3]
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000000
> > > [2017/11/06 14:58:04.844045,  3]
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000002
> > > [2017/11/06 14:58:04.849482,  0]
> > > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > >    Failed to find domain 'NT AUTHORITY'. Check connection
> > to trusted
> > > domains!
> > > [2017/11/06 14:58:04.849528,  5]
> > >
> ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
> > >    fill_grent failed
> > > [2017/11/06 14:58:04.849641,  3]
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000008
> > > [2017/11/06 14:58:04.854863,  3]
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000008
> > > [2017/11/06 14:58:04.860567,  3]
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000033
> > > [2017/11/06 14:58:04.866466,  3]
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000000
> > > [2017/11/06 14:58:04.872322,  5]
> > >
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.872476,  3]
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000002
> > > [2017/11/06 14:58:04.878349,  5]
> > >
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.878500,  3]
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000008
> > > [2017/11/06 14:58:04.884406,  5]
> > >
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.884571,  3]
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam APAM-AD\134garvati
> > > [2017/11/06 14:58:04.890192,  5]
> > >
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.890485,  3]
> > > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > >    getgrnam BUILTIN\134administrators
> > > [2017/11/06 14:58:04.896378,  5]
> > >
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.896527,  3]
> > > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > >    getgrnam 3000002
> > > [2017/11/06 14:58:04.902694,  5]
> > >
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > >
> > >
> > > -----------------
> > > Linux version 2.6.32-642.13.1.el6.x86_64
> > > CentOS release 6.8 (Final)
> > > samba 4.6.9 AD DC
> > > -------------------
> > > smb.conf
> > > # Global parameters
> > > [global]
> > >          workgroup = APAM-AD
> > >          realm = apam-ad.apam.it
> > >          netbios name = APAMFS2
> > >          server role = active directory domain controller
> > >          server services = s3fs, rpc, nbt, wrepl, ldap,
> cldap, kdc,
> > > drepl, winbind, ntp_signd, kcc, dnsupdate
> > >          idmap_ldb:use rfc2307 = yes
> > >          printing = bsd
> > >          printcap name = /dev/null
> > >          load printers = no
> > >          log file = /usr/local/samba/var/samba.log.%m
> > >          log level = 0
> > >          winbind enum users = yes
> > >          winbind enum groups = yes
> > >
> > > [netlogon]
> > >          path
> > > = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts
> > read only
> > > = No
> > >
> > > [sysvol]
> > >          path = /usr/local/samba/var/locks/sysvol
> > >          read only = No
> > >
> > > [utenti]
> > >          path = /dati/utenti
> > >          read only = No
> > >          directory mask = 700
> > >          create mask = 700
> > >          vfs object = recycle
> > >          recycle:repository = /dati/utenti/%U/.recycle
> > >          recycle:keeptree = yes
> > >          recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
> > >          recycle:maxsize = 10485760
> > >          recycle:exclude_dir = .recycle
> > >
> > > [gruppi]
> > >          path = /dati/gruppi
> > >          read only = No
> > >          create mask = 770
> > >
> > >
> > > Can someone help me ?
> > >
> > > thank you
> > >
> > > giuseppe
> > >
> >
> > There is a bug for this:
> > https://bugzilla.samba.org/show_bug.cgi?id=12164
> >
> > Also just a couple of things about your smb.conf:
> >
> > I would remove the two 'winbind enum' lines, you DO NOT
> need them and
> > they slow things down.
> >
> > You have lines like this 'directory mask = 700'
> > They do not work on a DC, you need to set the permissions
> from windows
> > or with setfacl.
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
In reply to this post by Samba - General mailing list
Il 06/11/2017 16:23, L.P.H. van Belle via samba ha scritto:
> Hai Giuseppe,
>
> ( and +What Rowland said.. )
>
> Samba4 ADDC (you name it file server?)
yes. I know it's not recommended to use ADDC as fileserver

> Nas with the storage. ( and is this one domain joined? If yes, post the smb.conf also from this one. )
no join. NAS is linked via NSF
>
> Burg run the cron script on the Samba server over which protocol? Ssh, then your in trouble.
>
Borg it is a python program who read files from a path and save to a
repository on a differnt machine ( NAS ). It is local to samba server
it not need a communication protocol

> This one is also not resolved, so we need more info about the setup.
>>> [2017/11/06 14:58:04.826444,  5]
>>> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
>>>     Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USE
>
> wbinfo --sid-to-name S-1-5-32-544
> BUILTIN\Administrators 4

[root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-32-544
BUILTIN\Administrators 4

>
> Then more below in the logs.
>>> [2017/11/06 14:58:04.890485,  3]
>>> ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
>>>     getgrnam BUILTIN\134administrators
>
> It somehow did resolve.
>

getent groups
BUILTIN\administrators:x:3000000:
BUILTIN\users:x:3000009:
BUILTIN\guests:x:3000015:
BUILTIN\account operators:x:3000278:
BUILTIN\server operators:x:3000001:
BUILTIN\print operators:x:3000279:
BUILTIN\backup operators:x:3000280:
BUILTIN\replicator:x:3000281:
...

> I cant make any if it.  (sorry)
>
> Greetz,
>
> Louis
>
Thank you


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
In reply to this post by Samba - General mailing list
Il 06/11/2017 16:17, Rowland Penny via samba ha scritto:

> On Mon, 6 Nov 2017 15:27:13 +0100
> Giuseppe Arvati via samba <[hidden email]> wrote:
>
>> Hello,
>> I recently set up a new software to backup samba share.
>> This software ( https://github.com/borgbackup/borg ) run on file
>> server as root cron script during the night and save file on external
>> NAS.
>>
>> The problem I have is that for each file copied from
>> samba share to external NAS, winbindd log an error
>> such this to samba.log.winbindd and /var/log/messages
>>
>> [2017/11/06 11:05:16.747449,  0]
>> ../source3/winbindd/winbindd_group.c:45(fill_grent)
>>     Failed to find domain 'NT AUTHORITY'. Check connection to trusted
>> domains!
>>

>
> There is a bug for this:
> https://bugzilla.samba.org/show_bug.cgi?id=12164

are there some workarounds ?

> Also just a couple of things about your smb.conf:

> I would remove the two 'winbind enum' lines, you DO NOT need them and
> they slow things down.
>
> You have lines like this 'directory mask = 700'
> They do not work on a DC, you need to set the permissions from windows
> or with setfacl.
>
> Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
In reply to this post by Samba - General mailing list
Il 06/11/2017 16:35, L.P.H. van Belle via samba ha scritto:
> Aaaargggg....
>
> The S-1-5-18 AND sid S-1-5-32-544 did not resolve.
>

[root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-18
NT AUTHORITY\SYSTEM 5
[root@apamfs2 ~]#

[root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-32-544
BUILTIN\Administrators 4
[root@apamfs2 ~]#

> But sid S-1-5-32-544 first not then later on it works.?
> Sorry about the noice, but that one i wanted to point out also.
>
> I hate it when im almost done with typing and mr Penny comes first.  ;-)  :-p
>
>
> Greetz,
>
> Louis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Mon, 6 Nov 2017 17:15:48 +0100
Giuseppe Arvati <[hidden email]> wrote:

> Il 06/11/2017 16:17, Rowland Penny via samba ha scritto:
> > On Mon, 6 Nov 2017 15:27:13 +0100
> > Giuseppe Arvati via samba <[hidden email]> wrote:
> >
> >> Hello,
> >> I recently set up a new software to backup samba share.
> >> This software ( https://github.com/borgbackup/borg ) run on file
> >> server as root cron script during the night and save file on
> >> external NAS.
> >>
> >> The problem I have is that for each file copied from
> >> samba share to external NAS, winbindd log an error
> >> such this to samba.log.winbindd and /var/log/messages
> >>
> >> [2017/11/06 11:05:16.747449,  0]
> >> ../source3/winbindd/winbindd_group.c:45(fill_grent)
> >>     Failed to find domain 'NT AUTHORITY'. Check connection to
> >> trusted domains!
> >>
>
> >
> > There is a bug for this:
> > https://bugzilla.samba.org/show_bug.cgi?id=12164
>
> are there some workarounds ?
>

Yes, do not use the DC as a fileserver ;-)
If you must, don't run a backup system that relies on IDs

A DC has no concept of 'NT AUTHORITY':

root@dc1:~# wbinfo --sid-to-name S-1-5-18
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18
root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority\SYSTEM

But a Unix domain member does:

rowland@devstation:~$ wbinfo --sid-to-name S-1-5-18
NT Authority\SYSTEM 5
wbinfo --name-to-sid=NT Authority\\SYSTEM 5
rowland@devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM'
S-1-5-18 SID_WKN_GROUP (5)

You could try running the backup on the DC by compressing whatever it
is you are trying to back up into a tarball and copy this to the NAS.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
Hello Roland

thank for you support

Il 06/11/2017 17:31, Rowland Penny via samba ha scritto:

>>> There is a bug for this:
>>> https://bugzilla.samba.org/show_bug.cgi?id=12164
>> are there some workarounds ?
>>
> Yes, do not use the DC as a fileserver;-)
> If you must, don't run a backup system that relies on IDs
>
> A DC has no concept of 'NT AUTHORITY':
>
> root@dc1:~# wbinfo --sid-to-name S-1-5-18
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-18
> root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup name NT Authority\SYSTEM
>

my DC works different

[root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-18
NT AUTHORITY\SYSTEM 5
[root@apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority\SYSTEM
[root@apamfs2 ~]#

???

> But a Unix domain member does:
>
> rowland@devstation:~$ wbinfo --sid-to-name S-1-5-18
> NT Authority\SYSTEM 5
> wbinfo --name-to-sid=NT Authority\\SYSTEM 5
> rowland@devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM'
> S-1-5-18 SID_WKN_GROUP (5)
>
> You could try running the backup on the DC by compressing whatever it
> is you are trying to back up into a tarball and copy this to the NAS.
>
> Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
On Mon, 6 Nov 2017 17:45:07 +0100
Giuseppe Arvati <[hidden email]> wrote:

> Hello Roland
>
> thank for you support
>
> Il 06/11/2017 17:31, Rowland Penny via samba ha scritto:
> >>> There is a bug for this:
> >>> https://bugzilla.samba.org/show_bug.cgi?id=12164
> >> are there some workarounds ?
> >>
> > Yes, do not use the DC as a fileserver;-)
> > If you must, don't run a backup system that relies on IDs
> >
> > A DC has no concept of 'NT AUTHORITY':
> >
> > root@dc1:~# wbinfo --sid-to-name S-1-5-18
> > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup sid S-1-5-18
> > root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
> > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
> > Could not lookup name NT Authority\SYSTEM
> >
>
> my DC works different
>
> [root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-18
> NT AUTHORITY\SYSTEM 5
> [root@apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM'
> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup name NT Authority\SYSTEM
> [root@apamfs2 ~]#
>
> ???
>

Do you have libnss_winbind & PAM set up correctly ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Failed to find domain 'NT AUTHORITY'

Samba - General mailing list
Il 06/11/2017 17:50, Rowland Penny via samba ha scritto:

>>> Yes, do not use the DC as a fileserver;-)
>>> If you must, don't run a backup system that relies on IDs
>>>
>>> A DC has no concept of 'NT AUTHORITY':
>>>
>>> root@dc1:~# wbinfo --sid-to-name S-1-5-18
>>> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not lookup sid S-1-5-18
>>> root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
>>> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
>>> Could not lookup name NT Authority\SYSTEM
>>>
>> my DC works different
>>
>> [root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-18
>> NT AUTHORITY\SYSTEM 5
>> [root@apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM'
>> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
>> Could not lookup name NT Authority\SYSTEM
>> [root@apamfs2 ~]#
>>
>> ???
>>
> Do you have libnss_winbind & PAM set up correctly ?
Hello,
I review the samba wiki about libnss_winbind & PAM
and libnss_winbind looks ok
[root@apamfs2 ~]# ll /usr/local/samba/lib/*winbind*
lrwxrwxrwx. 1 root root    19 Apr 16  2014
/usr/local/samba/lib/libnss_winbind.so -> libnss_winbind.so.2
-rwxr-xr-x  1 root root 18288 Oct 29 19:35
/usr/local/samba/lib/libnss_winbind.so.2
-rwxr-xr-x  1 root root 12717 Oct 29 19:35
/usr/local/samba/lib/winbind_krb5_locator.so
[root@apamfs2 ~]# ll /lib64/*winb*
lrwxrwxrwx 1 root root 26 Feb 23  2017 /lib64/libnss_winbind.so ->
/lib64/libnss_winbind.so.2
lrwxrwxrwx 1 root root 40 Feb 23  2017 /lib64/libnss_winbind.so.2 ->
/usr/local/samba/lib/libnss_winbind.so.2

but /etc/pam.d/password-auth-ac isn't
compliant to
https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM

I understand that's time to upgrade my system
and split AD from fileserver. In another post
Rowland suggest me to upgrade bind. So the time
is come.

I'll return to ask for a better way to
split my AD&FS in AD+FS.

thank you all
giuseppe

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba