Francesco Malvezzi
2018-Feb-21 14:46 UTC
[Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
hi all,
I can't figure out why winbind can't find ad users with wbinfo calls.
It happens on a member server, Debian GNU/Linux stretch, samba is 4.7.5
from Louis repository:
[global]
security = ADS
workgroup = EXAMPLEAD
realm = EXAMPLE.ORG
idmap config * : backend = tdb
idmap config * : range = 1000000-3000000
idmap config EXAMPLEAD:backend = ad
idmap config EXAMPLEAD:schema_mode = rfc2307
idmap config EXAMPLEAD:range = 1005-999999
template shell = /bin/mosh
template homedir = /homel/%U
max log size = 1000
log level = 10
panic action = /usr/share/samba/panic-action %d
server role = member server
[share]
comment = Share
path = /srv/share
writeable = yes
valid users = %S
browseable = no
this works:
$ sudo net lookup name malvezzi
S-1-5-21-3239498231-402109693-3067992304-72680 1 (User) EXAMPLEAD\malvezzi
(kind of: does the 1 after the sid mean there is an error?)
the following issues a long error, see bottom:
$ wbinfo -i EXAMPLEAD\\malvezzi
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user EXAMPLEAD\malvezzi
As you can see from the level 10 debug, the directory info of the users
are shown.
I can't understand what "Could not convert sid:
NT_STATUS_NO_SUCH_USER"
actually means,
thank you for the help,
Francesco
[2018/02/21 15:33:41.451157, 5, pid=21519, effective(0, 0), real(0, 0)]
../lib/util/debug.c:744(debug_dump_status)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter server role = member server
[2018/02/21 15:33:41.454020, 4, pid=21519, effective(0, 0), real(0, 0)]
../source3/param/loadparm.c:3902(lp_load_ex)
pm_process() returned Yes
[2018/02/21 15:33:41.454135, 7, pid=21519, effective(0, 0), real(0, 0)]
../source3/param/loadparm.c:4221(lp_servicenumber)
lp_servicenumber: couldn't find homes
[2018/02/21 15:33:41.455066, 2, pid=21519, effective(0, 0), real(0, 0)]
../source3/lib/interface.c:345(add_interface)
added interface ens160 ip=155.185.3.12 bcast=155.185.3.255
netmask=255.255.255.0
[2018/02/21 15:33:41.455507, 6, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:931(winbind_client_request_read)
closing socket 28, client exited
[2018/02/21 15:33:44.918611, 6, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:882(new_connection)
accepted socket 25
[2018/02/21 15:33:44.919060, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
process_request: request fn INTERFACE_VERSION
[2018/02/21 15:33:44.919127, 3, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
[21802]: request interface version (version = 29)
[2018/02/21 15:33:44.919204, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:827(winbind_client_response_written)
winbind_client_response_written[21802:INTERFACE_VERSION]: delivered
response to client
[2018/02/21 15:33:44.919493, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2018/02/21 15:33:44.919553, 3, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
[21802]: request location of privileged pipe
[2018/02/21 15:33:44.919637, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:827(winbind_client_response_written)
winbind_client_response_written[21802:WINBINDD_PRIV_PIPE_DIR]:
delivered response to client
[2018/02/21 15:33:44.919942, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:697(process_request)
process_request: Handling async request 21802:GETPWNAM
[2018/02/21 15:33:44.920005, 3, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
getpwnam EXAMPLEAD\malvezzi
[2018/02/21 15:33:44.920063, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
in: struct wbint_LookupName
domain : *
domain : 'EXAMPLEAD'
name : *
name : 'MALVEZZI'
flags : 0x00000008 (8)
[2018/02/21 15:33:44.920277, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_LookupName: struct wbint_LookupName
out: struct wbint_LookupName
type : *
type : SID_NAME_USER (1)
sid : *
sid :
S-1-5-21-3239498231-402109693-3067992304-72680
result : NT_STATUS_OK
[2018/02/21 15:33:44.920405, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
SID 0: S-1-5-21-3239498231-402109693-3067992304-72680
[2018/02/21 15:33:44.920476, 10, pid=21519, effective(0, 0), real(0, 0)]
../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
value=[41312:U]
[2018/02/21 15:33:44.920513, 10, pid=21519, effective(0, 0), real(0, 0)]
../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
id=[41312], endptr=[:U]
[2018/02/21 15:33:44.920560, 10, pid=21519, effective(0, 0), real(0, 0)]
../source3/libsmb/samlogon_cache.c:242(netsamlogon_cache_get)
netsamlogon_cache_get: SID
[S-1-5-21-3239498231-402109693-3067992304-72680]
[2018/02/21 15:33:44.920605, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:1020(find_lookup_domain_from_sid)
find_lookup_domain_from_sid: SID
[S-1-5-21-3239498231-402109693-3067992304-72680]
[2018/02/21 15:33:44.920650, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_util.c:1049(find_lookup_domain_from_sid)
calling find_our_domain
[2018/02/21 15:33:44.920689, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
in: struct wbint_LookupSid
sid : *
sid :
S-1-5-21-3239498231-402109693-3067992304-72680
[2018/02/21 15:33:44.920809, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_LookupSid: struct wbint_LookupSid
out: struct wbint_LookupSid
type : *
type : SID_NAME_USER (1)
domain : *
domain : *
domain : 'EXAMPLEAD'
name : *
name : *
name : 'malvezzi'
result : NT_STATUS_OK
[2018/02/21 15:33:44.920967, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_GetNssInfo: struct wbint_GetNssInfo
in: struct wbint_GetNssInfo
info : *
info: struct wbint_userinfo
domain_name : *
domain_name : 'EXAMPLEAD'
acct_name : *
acct_name : 'malvezzi'
full_name : NULL
homedir : *
homedir : '/homel/%U'
shell : *
shell : '/bin/mosh'
uid : 0x000000000000a160 (41312)
primary_gid : 0x00000000ffffffff
(4294967295)
primary_group_name : NULL
user_sid :
S-1-5-21-3239498231-402109693-3067992304-72680
group_sid :
S-1-5-21-3239498231-402109693-3067992304-513
[2018/02/21 15:33:44.922632, 1, pid=21519, effective(0, 0), real(0, 0)]
../librpc/ndr/ndr.c:468(ndr_print_function_debug)
wbint_GetNssInfo: struct wbint_GetNssInfo
out: struct wbint_GetNssInfo
info : *
info: struct wbint_userinfo
domain_name : *
domain_name : 'EXAMPLEAD'
acct_name : *
acct_name : 'malvezzi'
full_name : NULL
homedir : *
homedir : '/homel/%U'
shell : *
shell : '/bin/mosh'
uid : 0x000000000000a160 (41312)
primary_gid : 0x00000000ffffffff
(4294967295)
primary_group_name : NULL
user_sid :
S-1-5-21-3239498231-402109693-3067992304-72680
group_sid :
S-1-5-21-3239498231-402109693-3067992304-513
result : NT_STATUS_OK
[2018/02/21 15:33:44.926167, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
SID 0: S-1-5-21-3239498231-402109693-3067992304-513
[2018/02/21 15:33:44.926561, 10, pid=21519, effective(0, 0), real(0, 0)]
../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]: value=[-1:N]
[2018/02/21 15:33:44.926970, 10, pid=21519, effective(0, 0), real(0, 0)]
../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
Parsing value for key
[IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]:
id=[4294967295], endptr=[:N]
[2018/02/21 15:33:44.927206, 5, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
Could not convert sid S-1-5-21-3239498231-402109693-3067992304-72680:
NT_STATUS_NO_SUCH_USER
[2018/02/21 15:33:44.927554, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind] ../source3/winbindd/winbindd.c:759(wb_request_done)
wb_request_done[21802:GETPWNAM]: NT_STATUS_NO_SUCH_USER
[2018/02/21 15:33:44.927701, 10, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:827(winbind_client_response_written)
winbind_client_response_written[21802:GETPWNAM]: delivered response to
client
[2018/02/21 15:33:44.929762, 6, pid=21519, effective(0, 0), real(0, 0),
class=winbind]
../source3/winbindd/winbindd.c:931(winbind_client_request_read)
closing socket 25, client exited
L.P.H. van Belle
2018-Feb-21 15:20 UTC
[Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
Hai,
Thank you for having trust in my packages.. :-)
Now if you use my package, i suggest, do read the howto's also...
All you need for a good setup on debian stretch is there.
if anyone find/see's improvements, please tell me... Or change it on github,
thats why its there.
First is this an upgraded domain? Or a new domain?
What does `getent passwd username` tell you.
Same for `id username`
I would try the following.
Run: net cache flush and try again, if that does not work then check then next..
Review your config base on this member howto.
https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.2-samba-member-fileserver.txt
That is a 100% working setup for stretch, if you did use it, then you missed
something.
.. You are missing some things in your smb.conf..
Like (optional)
idmap config NTDOM : unix_nss_info = yes
# set this one and run net cache flush again.
And
# User Administrator workaround, without it you are unable to set privileges
# !Note: When using the AD ID mapping back end, do not set the uidNumber
attribute for the domain administrator account.
# If the account has the attribute set, the value overrides the local UID 0 of
the root user and thus the mapping fails.
username map = /etc/samba/samba_usermapping
Ps.
I'm bit absence, sorry, lots of work todo before i am on ski holiday, next
comming week.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Francesco Malvezzi via samba
> Verzonden: woensdag 21 februari 2018 15:46
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
>
> hi all,
>
> I can't figure out why winbind can't find ad users with wbinfo
calls.
>
> It happens on a member server, Debian GNU/Linux stretch,
> samba is 4.7.5
> from Louis repository:
>
> [global]
> security = ADS
> workgroup = EXAMPLEAD
> realm = EXAMPLE.ORG
> idmap config * : backend = tdb
> idmap config * : range = 1000000-3000000
> idmap config EXAMPLEAD:backend = ad
> idmap config EXAMPLEAD:schema_mode = rfc2307
> idmap config EXAMPLEAD:range = 1005-999999
> template shell = /bin/mosh
> template homedir = /homel/%U
> max log size = 1000
> log level = 10
> panic action = /usr/share/samba/panic-action %d
> server role = member server
> [share]
> comment = Share
> path = /srv/share
> writeable = yes
> valid users = %S
> browseable = no
>
> this works:
> $ sudo net lookup name malvezzi
> S-1-5-21-3239498231-402109693-3067992304-72680 1 (User)
> EXAMPLEAD\malvezzi
>
> (kind of: does the 1 after the sid mean there is an error?)
>
> the following issues a long error, see bottom:
>
> $ wbinfo -i EXAMPLEAD\\malvezzi
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user EXAMPLEAD\malvezzi
>
> As you can see from the level 10 debug, the directory info of
> the users
> are shown.
>
> I can't understand what "Could not convert sid:
> NT_STATUS_NO_SUCH_USER"
> actually means,
>
> thank you for the help,
>
> Francesco
>
>
> [2018/02/21 15:33:41.451157, 5, pid=21519, effective(0, 0),
> real(0, 0)]
> ../lib/util/debug.c:744(debug_dump_status)
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> tevent: 10
> auth_audit: 10
> auth_json_audit: 10
> kerberos: 10
> drs_repl: 10
> doing parameter panic action = /usr/share/samba/panic-action %d
> doing parameter server role = member server
> [2018/02/21 15:33:41.454020, 4, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/param/loadparm.c:3902(lp_load_ex)
> pm_process() returned Yes
> [2018/02/21 15:33:41.454135, 7, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/param/loadparm.c:4221(lp_servicenumber)
> lp_servicenumber: couldn't find homes
> [2018/02/21 15:33:41.455066, 2, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/lib/interface.c:345(add_interface)
> added interface ens160 ip=155.185.3.12 bcast=155.185.3.255
> netmask=255.255.255.0
> [2018/02/21 15:33:41.455507, 6, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:931(winbind_client_request_read)
> closing socket 28, client exited
> [2018/02/21 15:33:44.918611, 6, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:882(new_connection)
> accepted socket 25
> [2018/02/21 15:33:44.919060, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
> process_request: request fn INTERFACE_VERSION
> [2018/02/21 15:33:44.919127, 3, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> [21802]: request interface version (version = 29)
> [2018/02/21 15:33:44.919204, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
> winbind_client_response_written[21802:INTERFACE_VERSION]: delivered
> response to client
> [2018/02/21 15:33:44.919493, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
> process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2018/02/21 15:33:44.919553, 3, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> [21802]: request location of privileged pipe
> [2018/02/21 15:33:44.919637, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
> winbind_client_response_written[21802:WINBINDD_PRIV_PIPE_DIR]:
> delivered response to client
> [2018/02/21 15:33:44.919942, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:697(process_request)
> process_request: Handling async request 21802:GETPWNAM
> [2018/02/21 15:33:44.920005, 3, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> getpwnam EXAMPLEAD\malvezzi
> [2018/02/21 15:33:44.920063, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_LookupName: struct wbint_LookupName
> in: struct wbint_LookupName
> domain : *
> domain : 'EXAMPLEAD'
> name : *
> name : 'MALVEZZI'
> flags : 0x00000008 (8)
> [2018/02/21 15:33:44.920277, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_LookupName: struct wbint_LookupName
> out: struct wbint_LookupName
> type : *
> type : SID_NAME_USER (1)
> sid : *
> sid :
> S-1-5-21-3239498231-402109693-3067992304-72680
> result : NT_STATUS_OK
> [2018/02/21 15:33:44.920405, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
> SID 0: S-1-5-21-3239498231-402109693-3067992304-72680
> [2018/02/21 15:33:44.920476, 10, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
> value=[41312:U]
> [2018/02/21 15:33:44.920513, 10, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
> id=[41312], endptr=[:U]
> [2018/02/21 15:33:44.920560, 10, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/libsmb/samlogon_cache.c:242(netsamlogon_cache_get)
> netsamlogon_cache_get: SID
> [S-1-5-21-3239498231-402109693-3067992304-72680]
> [2018/02/21 15:33:44.920605, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:1020(find_lookup_domain_from_sid)
> find_lookup_domain_from_sid: SID
> [S-1-5-21-3239498231-402109693-3067992304-72680]
> [2018/02/21 15:33:44.920650, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:1049(find_lookup_domain_from_sid)
> calling find_our_domain
> [2018/02/21 15:33:44.920689, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> in: struct wbint_LookupSid
> sid : *
> sid :
> S-1-5-21-3239498231-402109693-3067992304-72680
> [2018/02/21 15:33:44.920809, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_LookupSid: struct wbint_LookupSid
> out: struct wbint_LookupSid
> type : *
> type : SID_NAME_USER (1)
> domain : *
> domain : *
> domain : 'EXAMPLEAD'
> name : *
> name : *
> name : 'malvezzi'
> result : NT_STATUS_OK
> [2018/02/21 15:33:44.920967, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_GetNssInfo: struct wbint_GetNssInfo
> in: struct wbint_GetNssInfo
> info : *
> info: struct wbint_userinfo
> domain_name : *
> domain_name : 'EXAMPLEAD'
> acct_name : *
> acct_name : 'malvezzi'
> full_name : NULL
> homedir : *
> homedir : '/homel/%U'
> shell : *
> shell : '/bin/mosh'
> uid :
> 0x000000000000a160 (41312)
> primary_gid : 0x00000000ffffffff
> (4294967295)
> primary_group_name : NULL
> user_sid :
> S-1-5-21-3239498231-402109693-3067992304-72680
> group_sid :
> S-1-5-21-3239498231-402109693-3067992304-513
> [2018/02/21 15:33:44.922632, 1, pid=21519, effective(0, 0),
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
> wbint_GetNssInfo: struct wbint_GetNssInfo
> out: struct wbint_GetNssInfo
> info : *
> info: struct wbint_userinfo
> domain_name : *
> domain_name : 'EXAMPLEAD'
> acct_name : *
> acct_name : 'malvezzi'
> full_name : NULL
> homedir : *
> homedir : '/homel/%U'
> shell : *
> shell : '/bin/mosh'
> uid :
> 0x000000000000a160 (41312)
> primary_gid : 0x00000000ffffffff
> (4294967295)
> primary_group_name : NULL
> user_sid :
> S-1-5-21-3239498231-402109693-3067992304-72680
> group_sid :
> S-1-5-21-3239498231-402109693-3067992304-513
> result : NT_STATUS_OK
> [2018/02/21 15:33:44.926167, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
> SID 0: S-1-5-21-3239498231-402109693-3067992304-513
> [2018/02/21 15:33:44.926561, 10, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]:
> value=[-1:N]
> [2018/02/21 15:33:44.926970, 10, pid=21519, effective(0, 0),
> real(0, 0)]
> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
> Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]:
> id=[4294967295], endptr=[:N]
> [2018/02/21 15:33:44.927206, 5, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> Could not convert sid
> S-1-5-21-3239498231-402109693-3067992304-72680:
> NT_STATUS_NO_SUCH_USER
> [2018/02/21 15:33:44.927554, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:759(wb_request_done)
> wb_request_done[21802:GETPWNAM]: NT_STATUS_NO_SUCH_USER
> [2018/02/21 15:33:44.927701, 10, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
> winbind_client_response_written[21802:GETPWNAM]: delivered
> response to
> client
> [2018/02/21 15:33:44.929762, 6, pid=21519, effective(0, 0),
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:931(winbind_client_request_read)
> closing socket 25, client exited
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
Francesco Malvezzi
2018-Apr-03 08:51 UTC
[Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
Il 21/02/18 16:20, L.P.H. van Belle ha scritto:> Hai, > > Thank you for having trust in my packages.. :-) > Now if you use my package, i suggest, do read the howto's also... > All you need for a good setup on debian stretch is there. > if anyone find/see's improvements, please tell me... Or change it on github, thats why its there. > > First is this an upgraded domain? Or a new domain? > > What does `getent passwd username` tell you. > Same for `id username` > > I would try the following. > Run: net cache flush and try again, if that does not work then check then next.. > > > > Review your config base on this member howto. > https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.2-samba-member-fileserver.txt > That is a 100% working setup for stretch, if you did use it, then you missed something. > .. You are missing some things in your smb.conf.. > > Like (optional) > idmap config NTDOM : unix_nss_info = yes > > # set this one and run net cache flush again. > > And > # User Administrator workaround, without it you are unable to set privileges > # !Note: When using the AD ID mapping back end, do not set the uidNumber attribute for the domain administrator account. > # If the account has the attribute set, the value overrides the local UID 0 of the root user and thus the mapping fails. > username map = /etc/samba/samba_usermappingwell, I have been working on this issue quite a bit, lately. The working recipe for me was: 1) configure sssd to fetch users from ad; 2) configure winbind to fetch sid/uid and sid/gid mappings from nss (with idmap_nss); 3) provide group 'domain users' with a valid gidNumber: it looks the prescription from idmap_ad "Winbind will only map users that have a uidNumber and whose primary group have a gidNumber attribute set." holds for idmap_nss as well. If you plan to use sssd on Debian, beware of: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772695 (workaround: compile samba by your own). ciao, Francesco