Web lists-archives.com

Re: [Samba] Failed to find domain 'NT AUTHORITY'




Aaaargggg.... 

The S-1-5-18 AND sid S-1-5-32-544 did not resolve. 

But sid S-1-5-32-544 first not then later on it works.?
Sorry about the noice, but that one i wanted to point out also. 

I hate it when im almost done with typing and mr Penny comes first.  ;-)  :-p 


Greetz, 

Louis




> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> > Rowland Penny via samba
> > Verzonden: maandag 6 november 2017 16:17
> > Aan: samba@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [Samba] Failed to find domain 'NT AUTHORITY'
> > 
> > On Mon, 6 Nov 2017 15:27:13 +0100
> > Giuseppe Arvati via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> > > Hello,
> > > I recently set up a new software to backup samba share.
> > > This software ( https://github.com/borgbackup/borg ) run on file
> > > server as root cron script during the night and save file 
> > on external
> > > NAS.
> > > 
> > > The problem I have is that for each file copied from
> > > samba share to external NAS, winbindd log an error
> > > such this to samba.log.winbindd and /var/log/messages
> > > 
> > > [2017/11/06 11:05:16.747449,  0] 
> > > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > >    Failed to find domain 'NT AUTHORITY'. Check connection 
> > to trusted 
> > > domains!
> > > 
> > > thousends lines !!! ( 2 lines for each file )
> > > This problem also slow down the backup process.
> > > 
> > > This happen only on share named [utenti] ( home share ) and not
> > > on share [gruppi].
> > > 
> > > this is the winbindd log output at log level 5
> > > 
> > > [2017/11/06 14:58:04.800302,  3] 
> > > 
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
> > >    [27319]: request interface version (version = 28)
> > > [2017/11/06 14:58:04.800377,  3] 
> > > ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
> > >    [27319]: request location of privileged pipe
> > > [2017/11/06 14:58:04.800498,  3] 
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000033
> > > [2017/11/06 14:58:04.815079,  3] 
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000000
> > > [2017/11/06 14:58:04.820655,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid S-1-5-32-544: NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.820845,  3] 
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000002
> > > [2017/11/06 14:58:04.826444,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid S-1-5-18: NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.826582,  3] 
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000008
> > > [2017/11/06 14:58:04.832246,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwuid.c:111(winbindd_getpwuid_recv)
> > >    Could not convert sid
> > > S-1-5-21-1853045328-2428526881-2616184179-512: 
> > NT_STATUS_NO_SUCH_USER
> > > [2017/11/06 14:58:04.832357,  3] 
> > > ../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send)
> > >    getpwuid 3000033
> > > [2017/11/06 14:58:04.838453,  3] 
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000000
> > > [2017/11/06 14:58:04.844045,  3] 
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000002
> > > [2017/11/06 14:58:04.849482,  0] 
> > > ../source3/winbindd/winbindd_group.c:45(fill_grent)
> > >    Failed to find domain 'NT AUTHORITY'. Check connection 
> > to trusted 
> > > domains!
> > > [2017/11/06 14:58:04.849528,  5] 
> > > 
> ../source3/winbindd/winbindd_getgrgid.c:122(winbindd_getgrgid_recv)
> > >    fill_grent failed
> > > [2017/11/06 14:58:04.849641,  3] 
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000008
> > > [2017/11/06 14:58:04.854863,  3] 
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000008
> > > [2017/11/06 14:58:04.860567,  3] 
> > > ../source3/winbindd/winbindd_getgrgid.c:52(winbindd_getgrgid_send)
> > >    getgrgid 3000033
> > > [2017/11/06 14:58:04.866466,  3] 
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000000
> > > [2017/11/06 14:58:04.872322,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.872476,  3] 
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000002
> > > [2017/11/06 14:58:04.878349,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.878500,  3] 
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam 3000008
> > > [2017/11/06 14:58:04.884406,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.884571,  3] 
> > > ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
> > >    getpwnam APAM-AD\134garvati
> > > [2017/11/06 14:58:04.890192,  5] 
> > > 
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.890485,  3] 
> > > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > >    getgrnam BUILTIN\134administrators
> > > [2017/11/06 14:58:04.896378,  5] 
> > > 
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > [2017/11/06 14:58:04.896527,  3] 
> > > ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)
> > >    getgrnam 3000002
> > > [2017/11/06 14:58:04.902694,  5] 
> > > 
> ../source3/winbindd/winbindd_getgrnam.c:157(winbindd_getgrnam_recv)
> > >    Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
> > > 
> > > 
> > > -----------------
> > > Linux version 2.6.32-642.13.1.el6.x86_64
> > > CentOS release 6.8 (Final)
> > > samba 4.6.9 AD DC
> > > -------------------
> > > smb.conf
> > > # Global parameters
> > > [global]
> > >          workgroup = APAM-AD
> > >          realm = apam-ad.apam.it
> > >          netbios name = APAMFS2
> > >          server role = active directory domain controller
> > >          server services = s3fs, rpc, nbt, wrepl, ldap, 
> cldap, kdc, 
> > > drepl, winbind, ntp_signd, kcc, dnsupdate
> > >          idmap_ldb:use rfc2307 = yes
> > >          printing = bsd
> > >          printcap name = /dev/null
> > >          load printers = no
> > >          log file = /usr/local/samba/var/samba.log.%m
> > >          log level = 0
> > >          winbind enum users = yes
> > >          winbind enum groups = yes
> > > 
> > > [netlogon]
> > >          path
> > > = /usr/local/samba/var/locks/sysvol/apam-ad.apam.it/scripts 
> > read only
> > > = No
> > > 
> > > [sysvol]
> > >          path = /usr/local/samba/var/locks/sysvol
> > >          read only = No
> > > 
> > > [utenti]
> > >          path = /dati/utenti
> > >          read only = No
> > >          directory mask = 700
> > >          create mask = 700
> > >          vfs object = recycle
> > >          recycle:repository = /dati/utenti/%U/.recycle
> > >          recycle:keeptree = yes
> > >          recycle:exclude = *.tmp, *.bak, ~*, *#, *.mp3, *.mp4
> > >          recycle:maxsize = 10485760
> > >          recycle:exclude_dir = .recycle
> > > 
> > > [gruppi]
> > >          path = /dati/gruppi
> > >          read only = No
> > >          create mask = 770
> > > 
> > > 
> > > Can someone help me ?
> > > 
> > > thank you
> > > 
> > > giuseppe
> > > 
> > 
> > There is a bug for this:
> > https://bugzilla.samba.org/show_bug.cgi?id=12164
> > 
> > Also just a couple of things about your smb.conf:
> > 
> > I would remove the two 'winbind enum' lines, you DO NOT 
> need them and
> > they slow things down.
> > 
> > You have lines like this 'directory mask = 700'
> > They do not work on a DC, you need to set the permissions 
> from windows
> > or with setfacl.
> > 
> > Rowland
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba