thr3ads.net - samba - [Samba] Repetitive warnings in our winbindd logs NT_STATUS_NONE

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2025-Mar-10 15:36 UTC

[Samba] Repetitive warnings in our winbindd logs NT_STATUS_NONE_MAPPED

On Mon, 10 Mar 2025 14:32:37 +0000
Kamal Chikh echioukh via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> OS : Rocky Linux 8.10
> Samba AD 4.20.7
> 
> We have a lot of winbindd warnings which mainly concern 3 SIDs that
> winbind can't map to their uid/gid :
> 
>  Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-6652: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-6652: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5173: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5173: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. .
> .
> .
> 
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-5119
> 3000062
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-5173
> 3000213
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-6652
> 3000104
> 
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-5119
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-5119
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-6652
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-6652
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-5173
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-5173
> 
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-5119
> 3000062
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-6652
> 3000104
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-5173
> 3000213
> 
> wbinfo --uid-to-sid=3000104
> S-1-5-21-4033032984-1195938581-1271113577-6652
> [root at antares samba]$  wbinfo --uid-to-sid=3000062
> S-1-5-21-4033032984-1195938581-1271113577-5119
> [root at antares samba]$  wbinfo --uid-to-sid=3000213
> S-1-5-21-4033032984-1195938581-1271113577-5173
> 
> When I try to remove uid to sid mapping in idmap, I get :
> 
> wbinfo
> --remove-uid-mapping=3000062,S-1-5-21-4033032984-1195938581-1271113577-5119
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
> 
> wbinfo
> --remove-uid-mapping=3000104,S-1-5-21-4033032984-1195938581-1271113577-6652
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
> 
>  wbinfo
> --remove-uid-mapping=3000213,S-1-5-21-4033032984-1195938581-1271113577-5173
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
> 
> Same error when removing gid to sid mapping in idmap.
> 
> Can you please help me to solve this problem.
> 
> Running 'net cache flush' on each DC didn't help.
They may just be warnings, but what are the RIDs 5119, 6652 and 5173 ?

Try running this on a DC:

sudo ldbsearch -H /var/lib/samba/private/sam.ldb
'(objectSid=S-1-5-21-4033032984-1195938581-1271113577-5119)'
objectClass name

It should return the AD objects dn, objectclass and name.
Note: you may have to alter the path to sam.ldb if you have compiled
Samba yourself. Run the command for each SID.

Rowland

Kamal Chikh echioukh

2025-Mar-10 16:20 UTC

head link

[Samba] Repetitive warnings in our winbindd logs NT_STATUS_NONE_MAPPED

Hello Rowland,

Thank you for your reply.

The following command :
#ldbsearch -H /var/lib/samba/private/sam.ldb
'(objectSid=S-1-5-21-4033032984-1195938581-1271113577-6652)' objectClass
name

Return an empty output.

Also :

#wbinfo --lookup-rids=5119,6652,5173
winbind_lookup_rids failed: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup RIDs 5119,6652,5173

Best Regards,
__________________________

kamal Chikh Echioukh

________________________________
De : samba <samba-bounces at lists.samba.org> de la part de Rowland Penny
via samba <samba at lists.samba.org>
Envoy? : lundi, 10 mars 2025 16:36
? : samba at lists.samba.org <samba at lists.samba.org>
Cc : Rowland Penny <rpenny at samba.org>
Objet : Re: [Samba] Repetitive warnings in our winbindd logs
NT_STATUS_NONE_MAPPED

On Mon, 10 Mar 2025 14:32:37 +0000
Kamal Chikh echioukh via samba <samba at lists.samba.org> wrote:
> Hello,
>
> OS : Rocky Linux 8.10
> Samba AD 4.20.7
>
> We have a lot of winbindd warnings which mainly concern 3 SIDs that
> winbind can't map to their uid/gid :
>
>  Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-6652: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-6652: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5173: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5173: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. wb_lookupsid_recv failed with
> NT_STATUS_NONE_MAPPED. Failed with NT_STATUS_NONE_MAPPED.
>   Could not convert sid
> S-1-5-21-4033032984-1195938581-1271113577-5119: NT_STATUS_NONE_MAPPED
> Failed with NT_STATUS_NONE_MAPPED. .
> .
> .
>
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-5119
> 3000062
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-5173
> 3000213
> wbinfo -S S-1-5-21-4033032984-1195938581-1271113577-6652
> 3000104
>
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-5119
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-5119
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-6652
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-6652
> wbinfo -s S-1-5-21-4033032984-1195938581-1271113577-5173
> failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not lookup sid S-1-5-21-4033032984-1195938581-1271113577-5173
>
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-5119
> 3000062
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-6652
> 3000104
> wbinfo -Y S-1-5-21-4033032984-1195938581-1271113577-5173
> 3000213
>
> wbinfo --uid-to-sid=3000104
> S-1-5-21-4033032984-1195938581-1271113577-6652
> [root at antares samba]$  wbinfo --uid-to-sid=3000062
> S-1-5-21-4033032984-1195938581-1271113577-5119
> [root at antares samba]$  wbinfo --uid-to-sid=3000213
> S-1-5-21-4033032984-1195938581-1271113577-5173
>
> When I try to remove uid to sid mapping in idmap, I get :
>
> wbinfo
> --remove-uid-mapping=3000062,S-1-5-21-4033032984-1195938581-1271113577-5119
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
>
> wbinfo
> --remove-uid-mapping=3000104,S-1-5-21-4033032984-1195938581-1271113577-6652
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
>
>  wbinfo
> --remove-uid-mapping=3000213,S-1-5-21-4033032984-1195938581-1271113577-5173
> failed to call wbcRemoveUidMapping: WBC_ERR_NOT_IMPLEMENTED Could not
> remove uid to sid mapping
>
> Same error when removing gid to sid mapping in idmap.
>
> Can you please help me to solve this problem.
>
> Running 'net cache flush' on each DC didn't help.
They may just be warnings, but what are the RIDs 5119, 6652 and 5173 ?

Try running this on a DC:

sudo ldbsearch -H /var/lib/samba/private/sam.ldb
'(objectSid=S-1-5-21-4033032984-1195938581-1271113577-5119)'
objectClass name

It should return the AD objects dn, objectclass and name.
Note: you may have to alter the path to sam.ldb if you have compiled
Samba yourself. Run the command for each SID.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

samba - Mar 2025 - Repetitive warnings in our winbindd logs NT_STATUS_NONE_MAPPED

[Samba] Repetitive warnings in our winbindd logs NT_STATUS_NONE_MAPPED

[Samba] Repetitive warnings in our winbindd logs NT_STATUS_NONE_MAPPED