Corrado Ravinetto
2023-Feb-27 11:35 UTC
[Samba] R: check_account: Failed to convert SID S-1-5-21-822543001-694776171-4236178688-132794 to a UID
Hi Rowland RID '132795' is a computer account and this a migration from an old samba 3 pdc installation. This is only a warning or should i do something before have trouble ?? -----Messaggio originale----- Da: samba <samba-bounces at lists.samba.org> Per conto di Rowland Penny via samba Inviato: luned? 27 febbraio 2023 12:28 A: samba at lists.samba.org Cc: Rowland Penny <rpenny at samba.org> Oggetto: Re: [Samba] check_account: Failed to convert SID S-1-5-21-822543001-694776171-4236178688-132794 to a UID On 27/02/2023 11:02, Corrado Ravinetto via samba wrote:> Hallo all > Why this warning if i have > > idmap config * : backend = tdb > idmap config * : range = 100000-107999 > idmap config mydom : backend = ad > idmap config mydom : range = 500-999999 > > in my smb.conf ?? >Two possible reasons, one your ranges overlap, 100000-107999 is inside 500-999999, the other possible reason is that the RID '132795' is for a computer and it doesn't have a uidNumber attribute. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Corrado Ravinetto Sistemi informativi corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com> T: +39 015 3591283 [Lanificio F.lli CERRUTI] Lanificio F.lli Cerruti S.p.A. Via Cernaia 40, 13900 - Biella (BI) Italy www.lanificiocerruti.com <http://www.lanificiocerruti.com/> [Twitter] <https://twitter.com/Lan_Cerruti> [Facebook] <https://www.facebook.com/LanificioCerruti> [Instagram] <https://www.instagram.com/lanificiocerruti/> Rispetta l'ambiente, non stampare questa mail se non necessario Respect the environment, don't print unless necessary [Unesco]
Rowland Penny
2023-Feb-27 11:50 UTC
[Samba] R: check_account: Failed to convert SID S-1-5-21-822543001-694776171-4236178688-132794 to a UID
On 27/02/2023 11:35, Corrado Ravinetto via samba wrote:> Hi Rowland > RID '132795' is a computer account and this a migration from an old samba 3 pdc installation. > This is only a warning or should i do something before have trouble ??You can safely ignore the warning, but you really should fix the ranges, they must not overlap and yours do not just overlap, one is totally inside the other. Your setup is one reason why I think it is probably better to set up a new AD domain, rather than upgrading an NT4-style domain. As you have uidNumbers that start at '500' (I take it that they do start at 500) and you have set the end range to '999999', you are going to have to start the default '*' range well above that, say '2000000-2002000'. You will still be unable to have any local Unix users (the ones in /etc/passwd), so you will have to enable root. Rowland