Hello list, since today, I encounter this interesting problem. System: Debian 13 with smb Version 4.22.4-Debian-4.22.4+dfsg-1~deb13u1 I am using the "ad" backend. It works in the sense that the IDs of users can be retrieved: id <username> returns a valid ID and works. However it takes long time for the command to complete. I get something like this # id <myusername> uid=5486(tp18v123) gid=1080 groups=1080,513,8252,103474,8319,103464,102704,1905,103074,8324,100494,10374,5505,9295,7646,10375,6022,8735,5556,8656,9158,5855,2080,8255,2089,6020,102789,104387,8627,9291,8483,7682,10456,6614,8386,10000001(BUILTIN\users) so all the groups vanished and only their group IDs are visible. I can use # getent passwd <username> and some sensible info is retrieved, it seems to recognise the account, but also here, the group memberships are gone and replaced just by their ID. # getent group gives no info at all. If I try to manually mount a share with mount -t cifs //server/share /mnt/temp -o vers=3,user=<myusername>,domain=<domain> it appears that the access is denied. I see in the log files errors check_account: Failed to convert SID S-1-5-21-1442852101-4018948630-3783845812-142435 to a UID and parse_dfs_path_strict: Hostname is not ours. Where should I start looking?
On Wed, 12 Nov 2025 10:29:34 +0100 "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:> Hello list, > since today, I encounter this interesting problem. > > System: Debian 13 with smb Version 4.22.4-Debian-4.22.4+dfsg-1~deb13u1 > I am using the "ad" backend. > > It works in the sense that the IDs of users can be retrieved: > > id <username> returns a valid ID and works. However it takes long > time for the command to complete. > I get something like this > > # id <myusername> > uid=5486(tp18v123) gid=1080 > groups=1080,513,8252,103474,8319,103464,102704,1905,103074,8324,100494,10374,5505,9295,7646,10375,6022,8735,5556,8656,9158,5855,2080,8255,2089,6020,102789,104387,8627,9291,8483,7682,10456,6614,8386,10000001(BUILTIN\users) > > so all the groups vanished and only their group IDs are visible. > > I can use > > # getent passwd <username> > and some sensible info is retrieved, it seems to recognise the > account, but also here, the group memberships are gone and replaced > just by their ID. > > # getent group > > gives no info at all. If I try to manually mount a share with > > mount -t cifs //server/share /mnt/temp -o > vers=3,user=<myusername>,domain=<domain> > > it appears that the access is denied. I see in the log files errors > > check_account: Failed to convert SID > S-1-5-21-1442852101-4018948630-3783845812-142435 to a UID > > and > > parse_dfs_path_strict: Hostname is not ours. > > Where should I start looking?First I suggest you post your smb.conf file. Second, has anything changed ? Have you installed any updates ? Rowland
On 11/12/25 10:29 AM, Pluess, Tobias via samba wrote:> Where should I start looking?winbindd logs and wbinfo commands. But as Rowland said, a lot of things could cause problems like this. Maybe check the Samba wiki for the instructions to setup a member server with idmap ad backend and check all configuration steps are still applied on your system. -slow -- Join us for the 25th sambaXP 2026 conference April 20th & 21th, 2026 at Hotel Freizeit In sponsored by TranquilIT & Microsoft & SerNet Ticketing & more Info at https://sambaxp.org SerNet Samba Team Lead https://sernet.de/ Samba Team PLC https://samba.org/ Support and Development https://samba.plus/services/ SAMBA+ packages https://samba.plus/products/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20251112/71df73c9/OpenPGP_signature.sig>