Marco Gaiarin
2018-Mar-21 17:50 UTC
[Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Mandi! Rowland Penny via samba In chel di` si favelave...> > The trouble came from 'root' or groups '3000002' and '3000003'? > No and very very probably no & no ;-)> > How can i fix them? Thanks. > Fix what? The owner has to be 'root', and you can find out just who > '3000002' & '3000003' are by opening /var/lib/samba/private/idmap.ldb > with ldbedit and searching for them.# record 48 dn: CN=S-1-5-18 cn: S-1-5-18 objectClass: sidMap objectSid: S-1-5-18 type: ID_TYPE_BOTH xidNumber: 3000002 distinguishedName: CN=S-1-5-18 # record 6 dn: CN=S-1-5-11 cn: S-1-5-11 objectClass: sidMap objectSid: S-1-5-11 type: ID_TYPE_BOTH xidNumber: 3000003 distinguishedName: CN=S-1-5-11> The 'cn' will contain the windows SID and if you look here: > https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems > You will be able to see who there are.OK, 'Local System' and 'Authenticated Users'. Now? I've to add an explicit map? How? On a DC, i suppose all SID get mapped, via xidNumber... becasue these are missing? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2018-Mar-21 18:06 UTC
[Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
On Wed, 21 Mar 2018 18:50:08 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > > The trouble came from 'root' or groups '3000002' and '3000003'? > > No and very very probably no & no ;-) > > > > > How can i fix them? Thanks. > > Fix what? The owner has to be 'root', and you can find out just who > > '3000002' & '3000003' are by > > opening /var/lib/samba/private/idmap.ldb with ldbedit and searching > > for them. > > # record 48 > dn: CN=S-1-5-18 > cn: S-1-5-18 > objectClass: sidMap > objectSid: S-1-5-18 > type: ID_TYPE_BOTH > xidNumber: 3000002 > distinguishedName: CN=S-1-5-18 > > # record 6 > dn: CN=S-1-5-11 > cn: S-1-5-11 > objectClass: sidMap > objectSid: S-1-5-11 > type: ID_TYPE_BOTH > xidNumber: 3000003 > distinguishedName: CN=S-1-5-11 > > > > The 'cn' will contain the windows SID and if you look here: > > https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems > > You will be able to see who there are. > > OK, 'Local System' and 'Authenticated Users'. Now?I thought that would be who they were.> > I've to add an explicit map? How?No, just because they are showing up as numbers is not a problem.> > On a DC, i suppose all SID get mapped, via xidNumber... becasue these > are missing? >That is what what the xidNumber attributes on a DC are for, the DC knows who they are, but the OS doesn't need to. As long as everything is working okay, I wouldn't worry about it. Rowland
Marco Gaiarin
2018-Mar-22 10:33 UTC
[Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
Mandi! Rowland Penny via samba In chel di` si favelave...> As long as everything is working okay, I wouldn't worry about it.OK. But why samba complain in logs?! How can i prevent this? Saying differently, there's something i can do apart setting syslog = 0 in smb.conf?! ;-) -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Reasonably Related Threads
- Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
- Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'
- [OT?] Strangeness on clients migrating NT -> AD...
- [OT?] Strangeness on clients migrating NT -> AD...
- Samba, AD and devices compatibility...