Web lists-archives.com

Re: [Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER




Hai, 

Thank you for having trust in my packages.. :-) 
Now if you use my package, i suggest, do read the howto's also... 
All you need for a good setup on debian stretch is there.
if anyone find/see's improvements, please tell me... Or change it on github, thats why its there.

First is this an upgraded domain? Or a new domain?

What does `getent passwd username` tell you. 
Same for `id username`

I would try the following. 
Run: net cache flush and try again, if that does not work then check then next..



Review your config base on this member howto. 
https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.2-samba-member-fileserver.txt 
That is a 100% working setup for stretch, if you did use it, then you missed something. 
.. You are missing some things in your smb.conf.. 

Like (optional)
    	idmap config NTDOM : unix_nss_info = yes
	
	# set this one and run net cache flush again. 

And 
	# User Administrator workaround, without it you are unable to set privileges
	# !Note: When using the AD ID mapping back end, do not set the uidNumber attribute for the domain administrator account. 
	# If the account has the attribute set, the value overrides the local UID 0 of the root user and thus the mapping fails.
	username map = /etc/samba/samba_usermapping


Ps. 
I'm bit absence, sorry, lots of work todo before i am on ski holiday, next comming week. 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Francesco Malvezzi via samba
> Verzonden: woensdag 21 februari 2018 15:46
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] Could not convert sid: NT_STATUS_NO_SUCH_USER
> 
> hi all,
> 
> I can't figure out why winbind can't find ad users with wbinfo calls.
> 
> It happens on a member server, Debian GNU/Linux stretch, 
> samba is 4.7.5
> from Louis repository:
> 
> [global]
>    security = ADS
>    workgroup = EXAMPLEAD
>    realm = EXAMPLE.ORG
>    idmap config * : backend = tdb
>    idmap config * : range = 1000000-3000000
>    idmap config EXAMPLEAD:backend = ad
>    idmap config EXAMPLEAD:schema_mode = rfc2307
>    idmap config EXAMPLEAD:range = 1005-999999
>    template shell = /bin/mosh
>    template homedir = /homel/%U
>    max log size = 1000
>    log level = 10
>    panic action = /usr/share/samba/panic-action %d
>    server role = member server
> [share]
>      comment = Share
>      path = /srv/share
>      writeable = yes
>      valid users = %S
>      browseable = no
> 
> this works:
> $ sudo net lookup name malvezzi
> S-1-5-21-3239498231-402109693-3067992304-72680 1 (User) 
> EXAMPLEAD\malvezzi
> 
> (kind of: does the 1 after the sid mean there is an error?)
> 
> the following issues a long error, see bottom:
> 
> $ wbinfo -i EXAMPLEAD\\malvezzi
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user EXAMPLEAD\malvezzi
> 
> As you can see from the level 10 debug, the directory info of 
> the users
> are shown.
> 
> I can't understand what "Could not convert sid: 
> NT_STATUS_NO_SUCH_USER"
> actually means,
> 
> thank you for the help,
> 
> Francesco
> 
> 
> [2018/02/21 15:33:41.451157,  5, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../lib/util/debug.c:744(debug_dump_status)
>   INFO: Current debug levels:
>     all: 10
>     tdb: 10
>     printdrivers: 10
>     lanman: 10
>     smb: 10
>     rpc_parse: 10
>     rpc_srv: 10
>     rpc_cli: 10
>     passdb: 10
>     sam: 10
>     auth: 10
>     winbind: 10
>     vfs: 10
>     idmap: 10
>     quota: 10
>     acls: 10
>     locking: 10
>     msdfs: 10
>     dmapi: 10
>     registry: 10
>     scavenger: 10
>     dns: 10
>     ldb: 10
>     tevent: 10
>     auth_audit: 10
>     auth_json_audit: 10
>     kerberos: 10
>     drs_repl: 10
>   doing parameter panic action = /usr/share/samba/panic-action %d
>   doing parameter server role = member server
> [2018/02/21 15:33:41.454020,  4, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/param/loadparm.c:3902(lp_load_ex)
>   pm_process() returned Yes
> [2018/02/21 15:33:41.454135,  7, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/param/loadparm.c:4221(lp_servicenumber)
>   lp_servicenumber: couldn't find homes
> [2018/02/21 15:33:41.455066,  2, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/lib/interface.c:345(add_interface)
>   added interface ens160 ip=155.185.3.12 bcast=155.185.3.255
> netmask=255.255.255.0
> [2018/02/21 15:33:41.455507,  6, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:931(winbind_client_request_read)
>   closing socket 28, client exited
> [2018/02/21 15:33:44.918611,  6, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:882(new_connection)
>   accepted socket 25
> [2018/02/21 15:33:44.919060, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
>   process_request: request fn INTERFACE_VERSION
> [2018/02/21 15:33:44.919127,  3, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_misc.c:395(winbindd_interface_version)
>   [21802]: request interface version (version = 29)
> [2018/02/21 15:33:44.919204, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
>   winbind_client_response_written[21802:INTERFACE_VERSION]: delivered
> response to client
> [2018/02/21 15:33:44.919493, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:724(process_request)
>   process_request: request fn WINBINDD_PRIV_PIPE_DIR
> [2018/02/21 15:33:44.919553,  3, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_misc.c:428(winbindd_priv_pipe_dir)
>   [21802]: request location of privileged pipe
> [2018/02/21 15:33:44.919637, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
>   winbind_client_response_written[21802:WINBINDD_PRIV_PIPE_DIR]:
> delivered response to client
> [2018/02/21 15:33:44.919942, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:697(process_request)
>   process_request: Handling async request 21802:GETPWNAM
> [2018/02/21 15:33:44.920005,  3, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>   getpwnam EXAMPLEAD\malvezzi
> [2018/02/21 15:33:44.920063,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_LookupName: struct wbint_LookupName
>           in: struct wbint_LookupName
>               domain                   : *
>                   domain                   : 'EXAMPLEAD'
>               name                     : *
>                   name                     : 'MALVEZZI'
>               flags                    : 0x00000008 (8)
> [2018/02/21 15:33:44.920277,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_LookupName: struct wbint_LookupName
>           out: struct wbint_LookupName
>               type                     : *
>                   type                     : SID_NAME_USER (1)
>               sid                      : *
>                   sid                      :
> S-1-5-21-3239498231-402109693-3067992304-72680
>               result                   : NT_STATUS_OK
> [2018/02/21 15:33:44.920405, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] 
> ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
>   SID 0: S-1-5-21-3239498231-402109693-3067992304-72680
> [2018/02/21 15:33:44.920476, 10, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
>   Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
> value=[41312:U]
> [2018/02/21 15:33:44.920513, 10, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
>   Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-72680]:
> id=[41312], endptr=[:U]
> [2018/02/21 15:33:44.920560, 10, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/libsmb/samlogon_cache.c:242(netsamlogon_cache_get)
>   netsamlogon_cache_get: SID
> [S-1-5-21-3239498231-402109693-3067992304-72680]
> [2018/02/21 15:33:44.920605, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:1020(find_lookup_domain_from_sid)
>   find_lookup_domain_from_sid: SID
> [S-1-5-21-3239498231-402109693-3067992304-72680]
> [2018/02/21 15:33:44.920650, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_util.c:1049(find_lookup_domain_from_sid)
>   calling find_our_domain
> [2018/02/21 15:33:44.920689,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_LookupSid: struct wbint_LookupSid
>           in: struct wbint_LookupSid
>               sid                      : *
>                   sid                      :
> S-1-5-21-3239498231-402109693-3067992304-72680
> [2018/02/21 15:33:44.920809,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_LookupSid: struct wbint_LookupSid
>           out: struct wbint_LookupSid
>               type                     : *
>                   type                     : SID_NAME_USER (1)
>               domain                   : *
>                   domain                   : *
>                       domain                   : 'EXAMPLEAD'
>               name                     : *
>                   name                     : *
>                       name                     : 'malvezzi'
>               result                   : NT_STATUS_OK
> [2018/02/21 15:33:44.920967,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_GetNssInfo: struct wbint_GetNssInfo
>           in: struct wbint_GetNssInfo
>               info                     : *
>                   info: struct wbint_userinfo
>                       domain_name              : *
>                           domain_name              : 'EXAMPLEAD'
>                       acct_name                : *
>                           acct_name                : 'malvezzi'
>                       full_name                : NULL
>                       homedir                  : *
>                           homedir                  : '/homel/%U'
>                       shell                    : *
>                           shell                    : '/bin/mosh'
>                       uid                      : 
> 0x000000000000a160 (41312)
>                       primary_gid              : 0x00000000ffffffff
> (4294967295)
>                       primary_group_name       : NULL
>                       user_sid                 :
> S-1-5-21-3239498231-402109693-3067992304-72680
>                       group_sid                :
> S-1-5-21-3239498231-402109693-3067992304-513
> [2018/02/21 15:33:44.922632,  1, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../librpc/ndr/ndr.c:468(ndr_print_function_debug)
>        wbint_GetNssInfo: struct wbint_GetNssInfo
>           out: struct wbint_GetNssInfo
>               info                     : *
>                   info: struct wbint_userinfo
>                       domain_name              : *
>                           domain_name              : 'EXAMPLEAD'
>                       acct_name                : *
>                           acct_name                : 'malvezzi'
>                       full_name                : NULL
>                       homedir                  : *
>                           homedir                  : '/homel/%U'
>                       shell                    : *
>                           shell                    : '/bin/mosh'
>                       uid                      : 
> 0x000000000000a160 (41312)
>                       primary_gid              : 0x00000000ffffffff
> (4294967295)
>                       primary_group_name       : NULL
>                       user_sid                 :
> S-1-5-21-3239498231-402109693-3067992304-72680
>                       group_sid                :
> S-1-5-21-3239498231-402109693-3067992304-513
>               result                   : NT_STATUS_OK
> [2018/02/21 15:33:44.926167, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] 
> ../source3/winbindd/wb_sids2xids.c:113(wb_sids2xids_send)
>   SID 0: S-1-5-21-3239498231-402109693-3067992304-513
> [2018/02/21 15:33:44.926561, 10, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/lib/idmap_cache.c:56(idmap_cache_find_sid2unixid)
>   Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]: 
> value=[-1:N]
> [2018/02/21 15:33:44.926970, 10, pid=21519, effective(0, 0), 
> real(0, 0)]
> ../source3/lib/idmap_cache.c:75(idmap_cache_find_sid2unixid)
>   Parsing value for key
> [IDMAP/SID2XID/S-1-5-21-3239498231-402109693-3067992304-513]:
> id=[4294967295], endptr=[:N]
> [2018/02/21 15:33:44.927206,  5, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>   Could not convert sid 
> S-1-5-21-3239498231-402109693-3067992304-72680:
> NT_STATUS_NO_SUCH_USER
> [2018/02/21 15:33:44.927554, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind] ../source3/winbindd/winbindd.c:759(wb_request_done)
>   wb_request_done[21802:GETPWNAM]: NT_STATUS_NO_SUCH_USER
> [2018/02/21 15:33:44.927701, 10, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:827(winbind_client_response_written)
>   winbind_client_response_written[21802:GETPWNAM]: delivered 
> response to
> client
> [2018/02/21 15:33:44.929762,  6, pid=21519, effective(0, 0), 
> real(0, 0),
> class=winbind]
> ../source3/winbindd/winbindd.c:931(winbind_client_request_read)
>   closing socket 25, client exited
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba