Web lists-archives.com

Re: [Samba] Failed to find domain 'NT AUTHORITY'




On Mon, 6 Nov 2017 17:15:48 +0100
Giuseppe Arvati <giuseppe.arvati@xxxxxxxxx> wrote:

> Il 06/11/2017 16:17, Rowland Penny via samba ha scritto:
> > On Mon, 6 Nov 2017 15:27:13 +0100
> > Giuseppe Arvati via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > 
> >> Hello,
> >> I recently set up a new software to backup samba share.
> >> This software ( https://github.com/borgbackup/borg ) run on file
> >> server as root cron script during the night and save file on
> >> external NAS.
> >>
> >> The problem I have is that for each file copied from
> >> samba share to external NAS, winbindd log an error
> >> such this to samba.log.winbindd and /var/log/messages
> >>
> >> [2017/11/06 11:05:16.747449,  0]
> >> ../source3/winbindd/winbindd_group.c:45(fill_grent)
> >>     Failed to find domain 'NT AUTHORITY'. Check connection to
> >> trusted domains!
> >>
> 
> > 
> > There is a bug for this:
> > https://bugzilla.samba.org/show_bug.cgi?id=12164
> 
> are there some workarounds ?
> 

Yes, do not use the DC as a fileserver ;-)
If you must, don't run a backup system that relies on IDs

A DC has no concept of 'NT AUTHORITY':

root@dc1:~# wbinfo --sid-to-name S-1-5-18
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18
root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority\SYSTEM

But a Unix domain member does:

rowland@devstation:~$ wbinfo --sid-to-name S-1-5-18
NT Authority\SYSTEM 5
wbinfo --name-to-sid=NT Authority\\SYSTEM 5
rowland@devstation:~$ wbinfo --name-to-sid='NT Authority\SYSTEM'
S-1-5-18 SID_WKN_GROUP (5)

You could try running the backup on the DC by compressing whatever it
is you are trying to back up into a tarball and copy this to the NAS.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba