Carlos Jesus
2023-Aug-01 14:07 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
Hi Rowland, thanks for the reply Rowland Penny via samba <samba at lists.samba.org> escreveu no dia ter?a, 1/08/2023 ?(s) 11:03:> > > On 01/08/2023 10:43, Carlos Jesus via samba wrote: > > Hi all! > > Both my DC's running 4.17.6 on Debian Bullseye (with bullseye-backports) > > exhibit the same error: > > [2023/08/01 07:45:01.647357, 1] > > ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) > > Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED > > About 1/minute > > > > My smb.conf is minimal (I removed the SHARES section) > > Trouble is, other than the 'sysvol' and 'netlogon' shares, you shouldn't > be using a DC as a fileserver, it isn't recommended by Samba. >Yes. The only Shares are indeed sysvol and netlogon. The DC's are NOT fileservers.> > > [global] > > realm = EUROHIDRA.LOCAL > > Is '.local' your real TLD ? > If it is, I suggest you turn off Bonjour and Avahi everywhere. > > Unfortunatly it is :(....Bonjour and avahi are stopped and masked everywhere.> > workgroup = EUROHIDRA > > netbios name = EHDC1 > > server role = active directory domain controller > > # interfaces = lo br0 > > # bind interfaces only = Yes > > idmap_ldb:use rfc2307 = yes > > log level = 1 auth_json_audit:2@/var/log/samba/auth.log sam:2@ > > /var/log/samba/sam.log > > log file = /var/log/samba/samba.log > > > > server services = -dns > > template shell = /bin/bash > > template homedir = /home/%U > > winbind use default domain = yes > > I suggest you remove the 'winbind use default domain' line, it does > nothing on a DC and, though unlikely, it could have something to do with > your problem. > > Will do. Will it interfere with PAM authentication?> > # winbind enum users = yes > > # winbind enum groups = yes > > > > dns zone scavenging = yes > > #Disable Printing > > load printers = no > > printing = bsd > > printcap name = /dev/null > > disable spoolss = yes > > > > I've tried with and without winbind enum. DNS scavenging is there as a > test > > but I don't think is related. Replication gives no errors and the same > for > > samba-tool dbcheck. Is this just cosmetic? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaBest regards
Rowland Penny
2023-Aug-01 14:27 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
On 01/08/2023 15:07, Carlos Jesus wrote:> Hi Rowland, thanks for the reply > > > > [global] > >? ? ? ? ? realm = EUROHIDRA.LOCAL > > Is '.local' your real TLD ? > If it is, I suggest you turn off Bonjour and Avahi everywhere > > Unfortunatly it is :(.... > > Bonjour and avahi are stopped and masked everywhere.I wish Microsoft hadn't recommended using '.local', it just means that you cannot use Bonjour and Avahi. Microsoft has now realised this and they no longer recommend using it.> > >? ? ? ? ? workgroup = EUROHIDRA > >? ? ? ? ? netbios name = EHDC1 > >? ? ? ? ? server role = active directory domain controller > > #? ? ? ?interfaces = lo br0 > > #? ? ? ? bind interfaces only = Yes > >? ? ? ? ? idmap_ldb:use rfc2307 = yes > >? ? ? ? ? log level = 1? auth_json_audit:2@/var/log/samba/auth.log > sam:2@ > > /var/log/samba/sam.log > >? ? ? ? ? log file = /var/log/samba/samba.log > > > >? ? ? ? ? server services = -dns > >? ? ? ? ? template shell = /bin/bash > >? ? ? ? ? template homedir = /home/%U > >? ? ? ? ? winbind use default domain = yes > > I suggest you remove the 'winbind use default domain' line, it does > nothing on a DC and, though unlikely, it could have something to do > with > your problem. > > Will do. Will it interfere with PAM authentication?No, all it really does it to remove the DOMAIN from user & group names and then only on Unix domain members. Rowland