samba - Mar 2018 - Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'

Mandi! Rowland Penny via samba
  In chel di` si favelave...

> > The trouble came from 'root' or groups '3000002' and
'3000003'?
> No and very very probably no & no ;-)
> > How can i fix them? Thanks.
> Fix what? The owner has to be 'root', and you can find out just who
> '3000002' & '3000003' are by opening
/var/lib/samba/private/idmap.ldb
> with ldbedit and searching for them.
 # record 48
 dn: CN=S-1-5-18   
 cn: S-1-5-18
 objectClass: sidMap
 objectSid: S-1-5-18
 type: ID_TYPE_BOTH
 xidNumber: 3000002
 distinguishedName: CN=S-1-5-18
 
 # record 6
 dn: CN=S-1-5-11   
 cn: S-1-5-11
 objectClass: sidMap
 objectSid: S-1-5-11
 type: ID_TYPE_BOTH
 xidNumber: 3000003
 distinguishedName: CN=S-1-5-11

> The 'cn' will contain the windows SID and if you look here:
>
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
> You will be able to see who there are.
OK, 'Local System' and 'Authenticated Users'. Now?

I've to add an explicit map? How?

On a DC, i suppose all SID get mapped, via xidNumber... becasue these
are missing?

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Wed, 21 Mar 2018 18:50:08 +0100
Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> 
> > > The trouble came from 'root' or groups '3000002'
and '3000003'?
> > No and very very probably no & no ;-)
> 
> 
> > > How can i fix them? Thanks.
> > Fix what? The owner has to be 'root', and you can find out
just who
> > '3000002' & '3000003' are by
> > opening /var/lib/samba/private/idmap.ldb with ldbedit and searching
> > for them.
> 
>  # record 48
>  dn: CN=S-1-5-18   
>  cn: S-1-5-18
>  objectClass: sidMap
>  objectSid: S-1-5-18
>  type: ID_TYPE_BOTH
>  xidNumber: 3000002
>  distinguishedName: CN=S-1-5-18
>  
>  # record 6
>  dn: CN=S-1-5-11   
>  cn: S-1-5-11
>  objectClass: sidMap
>  objectSid: S-1-5-11
>  type: ID_TYPE_BOTH
>  xidNumber: 3000003
>  distinguishedName: CN=S-1-5-11
> 
> 
> > The 'cn' will contain the windows SID and if you look here:
> >
https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
> > You will be able to see who there are.
> 
> OK, 'Local System' and 'Authenticated Users'. Now?
I thought that would be who they were.
> 
> I've to add an explicit map? How?
No, just because they are showing up as numbers is not a problem.
> 
> On a DC, i suppose all SID get mapped, via xidNumber... becasue these
> are missing?
> 
That is what what the xidNumber attributes on a DC are for, the DC
knows who they are, but the OS doesn't need to.

As long as everything is working okay, I wouldn't worry about it.

Rowland

Mandi! Rowland Penny via samba
  In chel di` si favelave...
> As long as everything is working okay, I wouldn't worry about it.
OK. But why samba complain in logs?! How can i prevent this?


Saying differently, there's something i can do apart setting

	syslog = 0

in smb.conf?! ;-)

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)