Joseph Dickson
2016-Apr-11 19:11 UTC
[Samba] failed to find NT AUTHORITY domain log message during backup windows
Greetings! I'm running domain member fileservers on Samba 4.3.6.. During my backup window (backups are performed via Bacula, running on the fileserver) I tend to receive spurts of the following log message: Apr 10 16:55:18 smbfs1 winbindd[2376]: [2016/04/10 16:55:18.111192, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) Apr 10 16:55:18 smbfs1 winbindd[2376]: Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains! Nothing seems to be working incorrectly, other than I get quite a lot of these log messages during my backups.. I've done some googling around and couldn't find something that seemed to fit, though this message has been discussed several places.. Through experimentation, I have found that I can cause this error in the log by issuing the following: # getent group 'NT AUTHORITY\Authenticated Users' The getent doesn't return anything, and if I look in the logs I'll have this error message.. Can anyone suggest what might be going on, and where I might look? Thanks! -- *Joseph Dickson*
Jonathan Hunter
2016-Apr-11 22:10 UTC
[Samba] failed to find NT AUTHORITY domain log message during backup windows
It sounds as though there are files on your servers owned by a UID or GID (most probably a GID) that is not in /etc/group, and is being looked up and "reverse resolved" to 'NT AUTHORITY\Authenticated Users', but this somehow doesn't map back the other way, i.e. from a name to a GID. Can you narrow it down and perhaps use the 'find' command to see what UID/GID this is? On 11 April 2016 at 20:11, Joseph Dickson <jdickson at evolvetsi.com> wrote:> Greetings! > > I'm running domain member fileservers on Samba 4.3.6.. During my backup > window (backups are performed via Bacula, running on the fileserver) I tend > to receive spurts of the following log message: > > Apr 10 16:55:18 smbfs1 winbindd[2376]: [2016/04/10 16:55:18.111192, 0] > ../source3/winbindd/winbindd_group.c:45(fill_grent) > Apr 10 16:55:18 smbfs1 winbindd[2376]: Failed to find domain 'NT > AUTHORITY'. Check connection to trusted domains! > > Nothing seems to be working incorrectly, other than I get quite a lot of > these log messages during my backups.. I've done some googling around and > couldn't find something that seemed to fit, though this message has been > discussed several places.. > > Through experimentation, I have found that I can cause this error in the > log by issuing the following: > > # getent group 'NT AUTHORITY\Authenticated Users' > > The getent doesn't return anything, and if I look in the logs I'll have > this error message.. Can anyone suggest what might be going on, and where > I might look? > > Thanks! > > -- > *Joseph Dickson* > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- "If we knew what it was we were doing, it would not be called research, would it?" - Albert Einstein
Joseph Dickson
2016-Apr-12 14:17 UTC
[Samba] failed to find NT AUTHORITY domain log message during backup windows
On Mon, Apr 11, 2016 at 6:10 PM, Jonathan Hunter <jmhunter1 at gmail.com> wrote:> It sounds as though there are files on your servers owned by a UID or GID > (most probably a GID) that is not in /etc/group, and is being looked up and > "reverse resolved" to 'NT AUTHORITY\Authenticated Users', but this somehow > doesn't map back the other way, i.e. from a name to a GID. > > Can you narrow it down and perhaps use the 'find' command to see what > UID/GID this is?On a hunch, I tried a getfacl on a directory and triggered the error that way. Here is the result of the getfacl: # getfacl . # file: . # owner: root # group: EVOLVETSI\134domain\040users user::rwx user:root:rwx user:EVOLVETSI\134domain\040admins:rwx group::--- group:5004:r-x group:EVOLVETSI\134domain\040admins:rwx group:EVOLVETSI\134domain\040users:--- mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:EVOLVETSI\134domain\040admins:rwx default:group::--- default:group:EVOLVETSI\134domain\040admins:rwx default:group:EVOLVETSI\134domain\040users:--- default:mask::rwx default:other::--- It looks like the group:5004:r-x permission is the one causing the issue.. Some more getent digging: # getent group 5001 BUILTIN\users:x:5001: # getent group 5002 # getent group 5003 # getent group 5004 # getent group 5005 and the relevant idmap lines from my config: idmap config * : backend = tdb idmap config * : range = 5000-25000 idmap config EVOLVETSI : backend = rid idmap config EVOLVETSI : range = 1000000 - 1999999 Any idea where I should look next? Thank you! -- *Joseph Dickson*
Possibly Parallel Threads
- failed to find NT AUTHORITY domain log message during backup windows
- Samba 4 with sssd - primary Windows group membership not honored
- failed to find NT AUTHORITY domain log message during backup windows
- Samba 4 with sssd - primary Windows group membership not honored
- cannot set filesystem permissions on shares