Rowland Penny
2023-Aug-01 10:02 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
On 01/08/2023 10:43, Carlos Jesus via samba wrote:> Hi all! > Both my DC's running 4.17.6 on Debian Bullseye (with bullseye-backports) > exhibit the same error: > [2023/08/01 07:45:01.647357, 1] > ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED > About 1/minute > > My smb.conf is minimal (I removed the SHARES section)Trouble is, other than the 'sysvol' and 'netlogon' shares, you shouldn't be using a DC as a fileserver, it isn't recommended by Samba.> [global] > realm = EUROHIDRA.LOCALIs '.local' your real TLD ? If it is, I suggest you turn off Bonjour and Avahi everywhere.> workgroup = EUROHIDRA > netbios name = EHDC1 > server role = active directory domain controller > # interfaces = lo br0 > # bind interfaces only = Yes > idmap_ldb:use rfc2307 = yes > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > /var/log/samba/sam.log > log file = /var/log/samba/samba.log > > server services = -dns > template shell = /bin/bash > template homedir = /home/%U > winbind use default domain = yesI suggest you remove the 'winbind use default domain' line, it does nothing on a DC and, though unlikely, it could have something to do with your problem.> # winbind enum users = yes > # winbind enum groups = yes > > dns zone scavenging = yes > #Disable Printing > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > I've tried with and without winbind enum. DNS scavenging is there as a test > but I don't think is related. Replication gives no errors and the same for > samba-tool dbcheck. Is this just cosmetic?Rowland
Carlos Jesus
2023-Aug-01 14:07 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
Hi Rowland, thanks for the reply Rowland Penny via samba <samba at lists.samba.org> escreveu no dia ter?a, 1/08/2023 ?(s) 11:03:> > > On 01/08/2023 10:43, Carlos Jesus via samba wrote: > > Hi all! > > Both my DC's running 4.17.6 on Debian Bullseye (with bullseye-backports) > > exhibit the same error: > > [2023/08/01 07:45:01.647357, 1] > > ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) > > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED > > About 1/minute > > > > My smb.conf is minimal (I removed the SHARES section) > > Trouble is, other than the 'sysvol' and 'netlogon' shares, you shouldn't > be using a DC as a fileserver, it isn't recommended by Samba. >Yes. The only Shares are indeed sysvol and netlogon. The DC's are NOT fileservers.> > > [global] > > realm = EUROHIDRA.LOCAL > > Is '.local' your real TLD ? > If it is, I suggest you turn off Bonjour and Avahi everywhere. > > Unfortunatly it is :(....Bonjour and avahi are stopped and masked everywhere.> > workgroup = EUROHIDRA > > netbios name = EHDC1 > > server role = active directory domain controller > > # interfaces = lo br0 > > # bind interfaces only = Yes > > idmap_ldb:use rfc2307 = yes > > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > > /var/log/samba/sam.log > > log file = /var/log/samba/samba.log > > > > server services = -dns > > template shell = /bin/bash > > template homedir = /home/%U > > winbind use default domain = yes > > I suggest you remove the 'winbind use default domain' line, it does > nothing on a DC and, though unlikely, it could have something to do with > your problem. > > Will do. Will it interfere with PAM authentication?> > # winbind enum users = yes > > # winbind enum groups = yes > > > > dns zone scavenging = yes > > #Disable Printing > > load printers = no > > printing = bsd > > printcap name = /dev/null > > disable spoolss = yes > > > > I've tried with and without winbind enum. DNS scavenging is there as a > test > > but I don't think is related. Replication gives no errors and the same > for > > samba-tool dbcheck. Is this just cosmetic? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaBest regards