Hello Roland thank for you support Il 06/11/2017 17:31, Rowland Penny via samba ha scritto:>>> There is a bug for this: >>> https://bugzilla.samba.org/show_bug.cgi?id=12164 >> are there some workarounds ? >> > Yes, do not use the DC as a fileserver;-) > If you must, don't run a backup system that relies on IDs > > A DC has no concept of 'NT AUTHORITY': > > root at dc1:~# wbinfo --sid-to-name S-1-5-18 > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup sid S-1-5-18 > root at dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM' > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup name NT Authority\SYSTEM >my DC works different [root at apamfs2 ~]# wbinfo --sid-to-name S-1-5-18 NT AUTHORITY\SYSTEM 5 [root at apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM' failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority\SYSTEM [root at apamfs2 ~]# ???> But a Unix domain member does: > > rowland at devstation:~$ wbinfo --sid-to-name S-1-5-18 > NT Authority\SYSTEM 5 > wbinfo --name-to-sid=NT Authority\\SYSTEM 5 > rowland at devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM' > S-1-5-18 SID_WKN_GROUP (5) > > You could try running the backup on the DC by compressing whatever it > is you are trying to back up into a tarball and copy this to the NAS. > > Rowland
On Mon, 6 Nov 2017 17:45:07 +0100 Giuseppe Arvati <giuseppe.arvati at gmail.com> wrote:> Hello Roland > > thank for you support > > Il 06/11/2017 17:31, Rowland Penny via samba ha scritto: > >>> There is a bug for this: > >>> https://bugzilla.samba.org/show_bug.cgi?id=12164 > >> are there some workarounds ? > >> > > Yes, do not use the DC as a fileserver;-) > > If you must, don't run a backup system that relies on IDs > > > > A DC has no concept of 'NT AUTHORITY': > > > > root at dc1:~# wbinfo --sid-to-name S-1-5-18 > > failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND > > Could not lookup sid S-1-5-18 > > root at dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM' > > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND > > Could not lookup name NT Authority\SYSTEM > > > > my DC works different > > [root at apamfs2 ~]# wbinfo --sid-to-name S-1-5-18 > NT AUTHORITY\SYSTEM 5 > [root at apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM' > failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND > Could not lookup name NT Authority\SYSTEM > [root at apamfs2 ~]# > > ??? >Do you have libnss_winbind & PAM set up correctly ? Rowland
Il 06/11/2017 17:50, Rowland Penny via samba ha scritto:>>> Yes, do not use the DC as a fileserver;-) >>> If you must, don't run a backup system that relies on IDs >>> >>> A DC has no concept of 'NT AUTHORITY': >>> >>> root at dc1:~# wbinfo --sid-to-name S-1-5-18 >>> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND >>> Could not lookup sid S-1-5-18 >>> root at dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM' >>> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND >>> Could not lookup name NT Authority\SYSTEM >>> >> my DC works different >> >> [root at apamfs2 ~]# wbinfo --sid-to-name S-1-5-18 >> NT AUTHORITY\SYSTEM 5 >> [root at apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM' >> failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND >> Could not lookup name NT Authority\SYSTEM >> [root at apamfs2 ~]# >> >> ??? >> > Do you have libnss_winbind & PAM set up correctly ?Hello, I review the samba wiki about libnss_winbind & PAM and libnss_winbind looks ok [root at apamfs2 ~]# ll /usr/local/samba/lib/*winbind* lrwxrwxrwx. 1 root root 19 Apr 16 2014 /usr/local/samba/lib/libnss_winbind.so -> libnss_winbind.so.2 -rwxr-xr-x 1 root root 18288 Oct 29 19:35 /usr/local/samba/lib/libnss_winbind.so.2 -rwxr-xr-x 1 root root 12717 Oct 29 19:35 /usr/local/samba/lib/winbind_krb5_locator.so [root at apamfs2 ~]# ll /lib64/*winb* lrwxrwxrwx 1 root root 26 Feb 23 2017 /lib64/libnss_winbind.so -> /lib64/libnss_winbind.so.2 lrwxrwxrwx 1 root root 40 Feb 23 2017 /lib64/libnss_winbind.so.2 -> /usr/local/samba/lib/libnss_winbind.so.2 but /etc/pam.d/password-auth-ac isn't compliant to https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM I understand that's time to upgrade my system and split AD from fileserver. In another post Rowland suggest me to upgrade bind. So the time is come. I'll return to ask for a better way to split my AD&FS in AD+FS. thank you all giuseppe