Web lists-archives.com

Re: [Samba] Again 'Failed to find domain 'NT AUTHORITY'. Check connection to trusted domains!'




On Wed, 21 Mar 2018 18:50:08 +0100
Marco Gaiarin via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Mandi! Rowland Penny via samba
>   In chel di` si favelave...
> 
> 
> > > The trouble came from 'root' or groups '3000002' and '3000003'?
> > No and very very probably no & no ;-)
> 
> 
> > > How can i fix them? Thanks.
> > Fix what? The owner has to be 'root', and you can find out just who
> > '3000002' & '3000003' are by
> > opening /var/lib/samba/private/idmap.ldb with ldbedit and searching
> > for them.
> 
>  # record 48
>  dn: CN=S-1-5-18   
>  cn: S-1-5-18
>  objectClass: sidMap
>  objectSid: S-1-5-18
>  type: ID_TYPE_BOTH
>  xidNumber: 3000002
>  distinguishedName: CN=S-1-5-18
>  
>  # record 6
>  dn: CN=S-1-5-11   
>  cn: S-1-5-11
>  objectClass: sidMap
>  objectSid: S-1-5-11
>  type: ID_TYPE_BOTH
>  xidNumber: 3000003
>  distinguishedName: CN=S-1-5-11
> 
> 
> > The 'cn' will contain the windows SID and if you look here:
> > https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
> > You will be able to see who there are.
> 
> OK, 'Local System' and 'Authenticated Users'. Now?

I thought that would be who they were.

> 
> I've to add an explicit map? How?

No, just because they are showing up as numbers is not a problem.

> 
> On a DC, i suppose all SID get mapped, via xidNumber... becasue these
> are missing?
> 

That is what what the xidNumber attributes on a DC are for, the DC
knows who they are, but the OS doesn't need to.

As long as everything is working okay, I wouldn't worry about it.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba