Hi All,
the Synology support is claiming this bug is the reason for the access
problems via hostname (Kerberos):
https://bugzilla.samba.org/show_bug.cgi?id=14213
These log entries in log.wb-ADNAME are given as evidence:
../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14
22:13:42.913399, winbind 3, pid=10150] msrpc_sid_to_name
msrpc_sid_to_name: S-1-18-1 f?r Dom?ne ADNAME
../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14
22:13:42.914370, winbind 2, pid=10150] msrpc_sid_to_name
msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen:
NT_STATUS_INVALID_SID
../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14
22:13:42.914415, winbind 3, pid=10150] msrpc_sid_to_name
msrpc_sid_to_name: S-1-18-1 f?r Dom?ne ADNAME
../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14
22:13:42.915040, winbind 2, pid=10150] msrpc_sid_to_name
msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen:
NT_STATUS_INVALID_SID
("Die Suche nach sids ist fehlgeschlagen" translates "The search
for
sids failed")
They ask me to patch - I think - my DCs.
This only happens on the two Synos which have their interpretation of
Samba 4.15 installed. My member server (4.17.8) works without this
problem. I ask myself, is that a problem in my domain or has this to be
done on the machines which have the problem.
I even created a member server with 4.15 for testing and it works also
without such problems. Also an old Synology DS413 with Samba 4.4.18
(don't laugh) works perfectly, too.
So I would think this patch has to be installed on the machines with the
error.
Maybe someone can shed some light on this bug, so I can react the right
way to this.
Regards
Ingo
https://github.com/WAdama
Ingo Asche via samba schrieb am 24.05.2023 um 09:47:> Hi Travis,
>
> are you still there? ;-)
>
> How are your Synos do? Do have in the mean time installed the actual
> SMBService?
>
> If you have and have with the actual SMBService the same problem as
> before the Beta version there is a workaround:
> In "/usr/local/packages/@appstore/SMBService/usr/lib/samba" you
have
> to change the "libidmap-samba4.so" to the one from the beta
version,
> clear the SMB cache and then it should work again.
>
> Regards
> Ingo
> https://github.com/WAdama
>
> Ingo Asche via samba schrieb am 13.04.2023 um 21:37:
>> Hi Travis,
>>
>> I know, but this is now the released version (4.15.9-0919 beta >
>> 4.15.9-0631), see the history page for SMB-Service:
>>
https://www.synology.com/en-us/releaseNote/SMBService?model=DS918%2B#7_x_series
>>
>>
>> With the beta version it still works. But we can't stay on the beta
>> forever I think.
>>
>> Regards
>> Ingo
>> https://github.com/WAdama
>>
>> Travis Wenks via samba schrieb am 13.04.2023 um 21:29:
>>> The only way I have found to fix that is to enable the beta updates
in
>>> plugins and install the beta version of samba on the Synology.
>>>
>>> Thank you,
>>>
>>>
>>>
>>> Travis Wenks
>>>
>>> Rose City Solutions
>>> Owner
>>> [image: Rose City Skyline Logo]
>>>
>>> * Phone *503.821.7000 <3464881845>
>>>
>>> * Website *rosecitysolutions.com
<https://rosecitysolutions.com>
>>>
>>> * Email * travis at rosecitysolutions.com
>>>
>>>
>>> On Thu, Apr 13, 2023 at 3:42?AM Ingo Asche via samba
>>> <samba at lists.samba.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> to all of you which are using Synology NAS systems.
>>>>
>>>> With SMB-Service 4.15.9-0631 no longer shares are accessible
via
>>>> domain
>>>> group rights from a Samba 4.17.7 domain.
>>>>
>>>> It seems the same error described in the following mail trails:
>>>> "No longer access to shares after upgrade to 4.17.3"
>>>> "File server joined to a samba domain accessed by windows
10-11
>>>> clients,
>>>> works via ip no via dns name"
>>>>
>>>> I've already openend a ticket with Synology.
>>>>
>>>> So be careful before updating the SMB-Service, maybe test it
first
>>>> on a
>>>> not so important system.
>>>>
>>>> Regard
>>>> Ingo
>>>>
>>>> --
>>>> Regards
>>>> Ingo
>>>> https://github.com/WAdama
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read
the
>>>> instructions:? https://lists.samba.org/mailman/options/samba
>>>>
>>
>>
>
>
On 20/06/2023 14:11, Ingo Asche via samba wrote:> Hi All, > > the Synology support is claiming this bug is the reason for the access > problems via hostname (Kerberos): > https://bugzilla.samba.org/show_bug.cgi?id=14213 > > These log entries in log.wb-ADNAME are given as evidence: > > ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14 > 22:13:42.913399, winbind 3, pid=10150] msrpc_sid_to_name > msrpc_sid_to_name: S-1-18-1 f?r Dom?ne ADNAME > ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14 > 22:13:42.914370, winbind 2, pid=10150] msrpc_sid_to_name > msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen: > NT_STATUS_INVALID_SID > ../../source3/winbindd/winbindd_msrpc.c:307: [2023/06/14 > 22:13:42.914415, winbind 3, pid=10150] msrpc_sid_to_name > msrpc_sid_to_name: S-1-18-1 f?r Dom?ne ADNAME > ../../source3/winbindd/winbindd_msrpc.c:319: [2023/06/14 > 22:13:42.915040, winbind 2, pid=10150] msrpc_sid_to_name > msrpc_sid_to_name: Die Suche nach sids ist fehlgeschlagen: > NT_STATUS_INVALID_SID > > ("Die Suche nach sids ist fehlgeschlagen" translates "The search for > sids failed") > > They ask me to patch - I think - my DCs.Patch what, with what ? Do they not specify or provide a patch ? The bug report you provided a link to is still ongoing, it doesn't seem to have come to a conclusion.> > This only happens on the two Synos which have their interpretation of > Samba 4.15 installed. My member server (4.17.8) works without this > problem. I ask myself, is that a problem in my domain or has this to be > done on the machines which have the problem. > > I even created a member server with 4.15 for testing and it works also > without such problems. Also an old Synology DS413 with Samba 4.4.18 > (don't laugh) works perfectly, too.So, it is only the synology machines that have the problem, other machines against your DC's do not have the problem. To me, that sounds like the problem lies on the synology machines, or am I missing something (which wouldn't be the first time).> > So I would think this patch has to be installed on the machines with the > error.Well, it sounds that way to me, but there in lies another possible problem. If you do have to patch the synology machines, this will entail patching and building synology's version of Samba, have they supplied you with the source code ? I personally wouldn't want to patch my DC's to get a synology product to work correctly, if doing so could break the rest of my domain. I could be extremely wrong here, but it makes more sense to me, to fix the 'broken' thing, rather than 'unbroken' things. I would go back to synology and get them to clarify just what they would like you to do and how you should do it. Rowland