Il 06/11/2017 16:17, Rowland Penny via samba ha scritto:> On Mon, 6 Nov 2017 15:27:13 +0100 > Giuseppe Arvati via samba <samba at lists.samba.org> wrote: > >> Hello, >> I recently set up a new software to backup samba share. >> This software ( https://github.com/borgbackup/borg ) run on file >> server as root cron script during the night and save file on external >> NAS. >> >> The problem I have is that for each file copied from >> samba share to external NAS, winbindd log an error >> such this to samba.log.winbindd and /var/log/messages >> >> [2017/11/06 11:05:16.747449, 0] >> ../source3/winbindd/winbindd_group.c:45(fill_grent) >> Failed to find domain 'NT AUTHORITY'. Check connection to trusted >> domains! >>> > There is a bug for this: > https://bugzilla.samba.org/show_bug.cgi?id=12164are there some workarounds ?> Also just a couple of things about your smb.conf:> I would remove the two 'winbind enum' lines, you DO NOT need them and > they slow things down. > > You have lines like this 'directory mask = 700' > They do not work on a DC, you need to set the permissions from windows > or with setfacl. > > Rowland
On Mon, 6 Nov 2017 17:15:48 +0100 Giuseppe Arvati <giuseppe.arvati at gmail.com> wrote:> Il 06/11/2017 16:17, Rowland Penny via samba ha scritto: > > On Mon, 6 Nov 2017 15:27:13 +0100 > > Giuseppe Arvati via samba <samba at lists.samba.org> wrote: > > > >> Hello, > >> I recently set up a new software to backup samba share. > >> This software ( https://github.com/borgbackup/borg ) run on file > >> server as root cron script during the night and save file on > >> external NAS. > >> > >> The problem I have is that for each file copied from > >> samba share to external NAS, winbindd log an error > >> such this to samba.log.winbindd and /var/log/messages > >> > >> [2017/11/06 11:05:16.747449, 0] > >> ../source3/winbindd/winbindd_group.c:45(fill_grent) > >> Failed to find domain 'NT AUTHORITY'. Check connection to > >> trusted domains! > >> > > > > > There is a bug for this: > > https://bugzilla.samba.org/show_bug.cgi?id=12164 > > are there some workarounds ? >Yes, do not use the DC as a fileserver ;-) If you must, don't run a backup system that relies on IDs A DC has no concept of 'NT AUTHORITY': root at dc1:~# wbinfo --sid-to-name S-1-5-18 failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup sid S-1-5-18 root at dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM' failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority\SYSTEM But a Unix domain member does: rowland at devstation:~$ wbinfo --sid-to-name S-1-5-18 NT Authority\SYSTEM 5 wbinfo --name-to-sid=NT Authority\\SYSTEM 5 rowland at devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM' S-1-5-18 SID_WKN_GROUP (5) You could try running the backup on the DC by compressing whatever it is you are trying to back up into a tarball and copy this to the NAS. Rowland
Hello Roland thank for you support Il 06/11/2017 17:31, Rowland Penny via samba ha scritto:>>> There is a bug for this: >>> https://bugzilla.samba.org/show_bug.cgi?id=12164 >> are there some workarounds ? >> > Yes, do not use the DC as a fileserver;-) > If you must, don't run a backup system that relies on IDs > > A DC has no concept of 'NT AUTHORITY': > > root at dc1:~# wbinfo --sid-to-name S-1-5-18 > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup sid S-1-5-18 > root at dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM' > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup name NT Authority\SYSTEM >my DC works different [root at apamfs2 ~]# wbinfo --sid-to-name S-1-5-18 NT AUTHORITY\SYSTEM 5 [root at apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM' failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority\SYSTEM [root at apamfs2 ~]# ???> But a Unix domain member does: > > rowland at devstation:~$ wbinfo --sid-to-name S-1-5-18 > NT Authority\SYSTEM 5 > wbinfo --name-to-sid=NT Authority\\SYSTEM 5 > rowland at devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM' > S-1-5-18 SID_WKN_GROUP (5) > > You could try running the backup on the DC by compressing whatever it > is you are trying to back up into a tarball and copy this to the NAS. > > Rowland