thr3ads.net - samba - [Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..." [Feb 2022]

If this information is useful, please help other people find it:
Share via:

Peter Eriksson

2022-Feb-18 12:32 UTC

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

After upgrading our Sambas to 4.15.5 I?m seeing a _lot_ of errors in the log
files about:

Feb 18 13:30:13 filur01 smbd_audit[17892]: [2022/02/18 13:30:13.204710,  0]
../../source3/auth/auth_util.c:1928(check_account)
Feb 18 13:30:13 filur01 smbd_audit[17892]:   check_account: Failed to convert
SID S-1-5-21-797717765-1715453426-19741283-1903186 to a UID
(dom_user[AD\iei-mvs-z-1$])
Feb 18 13:30:13 filur01 smbd_audit[79414]: [2022/02/18 13:30:13.467554,  0]
../../source3/auth/auth_util.c:1928(check_account)
Feb 18 13:30:13 filur01 smbd_audit[79414]:   check_account: Failed to convert
SID S-1-5-21-797717765-1715453426-19741283-1869510 to a UID
(dom_user[AD\glitner-320$])
Feb 18 13:30:13 filur01 smbd_audit[62522]: [2022/02/18 13:30:13.779434,  0]
../../source3/auth/auth_util.c:1928(check_account)
Feb 18 13:30:13 filur01 smbd_audit[62522]:   check_account: Failed to convert
SID S-1-5-21-797717765-1715453426-19741283-1635176 to a UID
(dom_user[AD\kypc1-102$])
Feb 18 13:30:13 filur01 smbd_audit[62522]: [2022/02/18 13:30:13.784014,  0]
../../source3/auth/auth_util.c:1928(check_account)
Feb 18 13:30:13 filur01 smbd_audit[62522]:   check_account: Failed to convert
SID S-1-5-21-797717765-1715453426-19741283-1635176 to a UID
(dom_user[AD\kypc1-102$])
Feb 18 13:30:13 filur01 smbd_audit[88544]: [2022/02/18 13:30:13.922285,  0]
../../source3/auth/auth_util.c:1928(check_account)
Feb 18 13:30:13 filur01 smbd_audit[88544]:   check_account: Failed to convert
SID S-1-5-21-797717765-1715453426-19741283-1699850 to a UID
(dom_user[AD\win00737$])

Things _seem_ to work fine for our users and I can patch away the DBG_ERR
message but I?m curious if this is an indication to something more problematic?


--- samba-4.15.5/source3/auth/auth_util.c.ORIG  2022-02-18 13:25:58.222947000
+0100
+++ samba-4.15.5/source3/auth/auth_util.c       2022-02-18 13:25:59.976258000
+0100
@@ -1925,7 +1925,7 @@
 
                ok = sid_to_uid(sid, &uid);
                if (!ok) {
-                       DBG_ERR("Failed to convert SID %s to a UID
(dom_user[%s])\n",
+                       DBG_DEBUG("Failed to convert SID %s to a UID
(dom_user[%s])\n",
                                dom_sid_str_buf(sid, &buf), dom_user);
                        return NT_STATUS_NO_SUCH_USER;
                }

- Peter

Michael Tokarev

2022-Feb-18 12:39 UTC

head link

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

18.02.2022 15:32, Peter Eriksson via samba wrote:> After upgrading our Sambas to 4.15.5 I?m seeing a _lot_ of errors in the
log files about:
> 
> Feb 18 13:30:13 filur01 smbd_audit[17892]: [2022/02/18 13:30:13.204710,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[17892]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1903186 to a UID
(dom_user[AD\iei-mvs-z-1$])
This - at least, maybe there are other cases - happens when you have AD,
idmap backend = ad, and idmap schema_mode = rfc2307, where you used
uidNumber for the unix user id (uid), AND uidNumber attribute is missing
in your data.

For this to work, you have to have local users of the same name as the
AD ones. Which, as I've been told here (without any explanation), should
not be done.
..> Things _seem_ to work fine for our users and I can patch away the DBG_ERR
message but I?m curious if this is an indication to something more problematic?
> -                       DBG_ERR("Failed to convert SID %s to a UID
(dom_user[%s])\n",
> +                       DBG_DEBUG("Failed to convert SID %s to a UID
(dom_user[%s])\n",
For my setup I definitely prefer this very message to stay at ERROR level.

Thanks,

/mjt

Christian Naumer

2022-Feb-18 12:52 UTC

head link

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

These are all computer accounts which usually do not have a UID. THis 
message started also for us after a resent update. I think some here 
said they can be ignored. And I at least do this :-)

Regards


Am 18.02.22 um 13:32 schrieb Peter Eriksson via samba:> After upgrading our Sambas to 4.15.5 I?m seeing a _lot_ of errors in the
log files about:
> 
> Feb 18 13:30:13 filur01 smbd_audit[17892]: [2022/02/18 13:30:13.204710,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[17892]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1903186 to a UID
(dom_user[AD\iei-mvs-z-1$])
> Feb 18 13:30:13 filur01 smbd_audit[79414]: [2022/02/18 13:30:13.467554,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[79414]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1869510 to a UID
(dom_user[AD\glitner-320$])
> Feb 18 13:30:13 filur01 smbd_audit[62522]: [2022/02/18 13:30:13.779434,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[62522]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1635176 to a UID
(dom_user[AD\kypc1-102$])
> Feb 18 13:30:13 filur01 smbd_audit[62522]: [2022/02/18 13:30:13.784014,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[62522]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1635176 to a UID
(dom_user[AD\kypc1-102$])
> Feb 18 13:30:13 filur01 smbd_audit[88544]: [2022/02/18 13:30:13.922285,  0]
../../source3/auth/auth_util.c:1928(check_account)
> Feb 18 13:30:13 filur01 smbd_audit[88544]:   check_account: Failed to
convert SID S-1-5-21-797717765-1715453426-19741283-1699850 to a UID
(dom_user[AD\win00737$])
> 
> Things _seem_ to work fine for our users and I can patch away the DBG_ERR
message but I?m curious if this is an indication to something more problematic?
> 
> 
> --- samba-4.15.5/source3/auth/auth_util.c.ORIG  2022-02-18
13:25:58.222947000 +0100
> +++ samba-4.15.5/source3/auth/auth_util.c       2022-02-18
13:25:59.976258000 +0100
> @@ -1925,7 +1925,7 @@
>   
>                  ok = sid_to_uid(sid, &uid);
>                  if (!ok) {
> -                       DBG_ERR("Failed to convert SID %s to a UID
(dom_user[%s])\n",
> +                       DBG_DEBUG("Failed to convert SID %s to a UID
(dom_user[%s])\n",
>                                  dom_sid_str_buf(sid, &buf), dom_user);
>                          return NT_STATUS_NO_SUCH_USER;
>                  }
> 
> - Peter
> 
> 
-- 
Dr. Christian Naumer
Vice President
Unit Head Bioprocess Development

BRAIN Biotech AG
Darmstaedter Str. 34-36, D-64673 Zwingenberg
e-mail cn at brain-biotech.com, homepage www.brain-biotech.com
phone +49-6251-9331-30 / fax +49-6251-9331-11

Sitz der Gesellschaft: Zwingenberg/Bergstrasse
Registergericht AG Darmstadt, HRB 24758
Vorstand: Adriaan Moelker (Vorstandsvorsitzender), 
Lukas Linnig
Aufsichtsratsvorsitzender: Dr. Georg Kellinghusen

samba - Feb 2022 - 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."

[Samba] 4.15.5: Lot's of errors from smbd_audit about "check_account: Failed to convert SID..."