Rowland Penny
2023-Aug-01 14:27 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
On 01/08/2023 15:07, Carlos Jesus wrote:> Hi Rowland, thanks for the reply > > > > [global] > >? ? ? ? ? realm = EUROHIDRA.LOCAL > > Is '.local' your real TLD ? > If it is, I suggest you turn off Bonjour and Avahi everywhere > > Unfortunatly it is :(.... > > Bonjour and avahi are stopped and masked everywhere.I wish Microsoft hadn't recommended using '.local', it just means that you cannot use Bonjour and Avahi. Microsoft has now realised this and they no longer recommend using it.> > >? ? ? ? ? workgroup = EUROHIDRA > >? ? ? ? ? netbios name = EHDC1 > >? ? ? ? ? server role = active directory domain controller > > #? ? ? ?interfaces = lo br0 > > #? ? ? ? bind interfaces only = Yes > >? ? ? ? ? idmap_ldb:use rfc2307 = yes > >? ? ? ? ? log level = 1? auth_json_audit:2@/var/log/samba/auth.log > sam:2@ > > /var/log/samba/sam.log > >? ? ? ? ? log file = /var/log/samba/samba.log > > > >? ? ? ? ? server services = -dns > >? ? ? ? ? template shell = /bin/bash > >? ? ? ? ? template homedir = /home/%U > >? ? ? ? ? winbind use default domain = yes > > I suggest you remove the 'winbind use default domain' line, it does > nothing on a DC and, though unlikely, it could have something to do > with > your problem. > > Will do. Will it interfere with PAM authentication?No, all it really does it to remove the DOMAIN from user & group names and then only on Unix domain members. Rowland
Carlos Jesus
2023-Oct-08 14:39 UTC
[Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED
Hi all, I know this is kind of an old thread, but I've got some new "developments". And some questions too. Let's see... So, like I said before, my file server is clogging my logs with ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED Every 2 seconds. Now, I'm using netdata (https://www.netdata.cloud/) to locally monitor my machines, smbd performance including. I'm not into the details, but every 2 seconds, netdata performs a "smbstatus -P" on the file server. Running smbstatus -P does not produce the error, but something else on netdata smbd monitoring does. I'll ask the netdata folks for more info. Anyway, this error shows up even if netdata is not running just not every 2 seconds... Now for my question. Since I (kinda) know where the error comes from, I just want to get rid of it. So, is there a way to filter this specific error in the logs? I know I could redirect the log to an rsyslog facility and filter from there. Any suggestions on a more elegant way? Best regards Rowland Penny via samba <samba at lists.samba.org> escreveu no dia ter?a, 1/08/2023 ?(s) 15:29:> > > On 01/08/2023 15:07, Carlos Jesus wrote: > > Hi Rowland, thanks for the reply > > > > > > > [global] > > > realm = EUROHIDRA.LOCAL > > > > Is '.local' your real TLD ? > > If it is, I suggest you turn off Bonjour and Avahi everywhere > > > > Unfortunatly it is :(.... > > > > Bonjour and avahi are stopped and masked everywhere. > > I wish Microsoft hadn't recommended using '.local', it just means that > you cannot use Bonjour and Avahi. Microsoft has now realised this and > they no longer recommend using it. > > > > > > workgroup = EUROHIDRA > > > netbios name = EHDC1 > > > server role = active directory domain controller > > > # interfaces = lo br0 > > > # bind interfaces only = Yes > > > idmap_ldb:use rfc2307 = yes > > > log level = 1 auth_json_audit:2@/var/log/samba/auth.log > > sam:2@ > > > /var/log/samba/sam.log > > > log file = /var/log/samba/samba.log > > > > > > server services = -dns > > > template shell = /bin/bash > > > template homedir = /home/%U > > > winbind use default domain = yes > > > > I suggest you remove the 'winbind use default domain' line, it does > > nothing on a DC and, though unlikely, it could have something to do > > with > > your problem. > > > > Will do. Will it interfere with PAM authentication? > > No, all it really does it to remove the DOMAIN from user & group names > and then only on Unix domain members. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >