FAiled to convert SID

cthompson

Cadet
Joined
May 18, 2022
Messages
1
Hello,

I installed TrueNAS Core a few weeks back and have slowly been making my way through all it has to offer
TrueNAS-12.0-U8.1
I successfully connected a child pool to our Windows 2016 Domain Controller[DC] and managed to utilize the DC to map the drive to my own user.

Yesterday morning I arrived and the drive did not reconnect on my windows machine. Further investigation lead me to discover that the ACL Share Settings for the child pool were showing what I can only assume to be my UID rather than the name which was originally input as DOMAIN\username.

I've logged into the shell in order to attempt to discover the root of the problem, I've left/joined the domain, reset the unit multiples of times.

From within /var/log/messages I see messages such as: This has been cherry picked to include what I believe is the root of the problem as well as the spammed errors.
Code:
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.109385-03:00 fqdn.domain.com winbindd 7694 - - [2022/05/18 00:48:38.109346,  1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.109428-03:00 fqdn.domain.com winbindd 7694 - -   ldb: Unable to open tdb '/var/db/system/samba4/private/secrets.ldb': No such file or dir
ectory
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.109461-03:00 fqdn.domain.com winbindd 7694 - - [2022/05/18 00:48:38.109443,  1] ../../lib/ldb-samba/ldb_wrap.c:79(ldb_wrap_debug)
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.109486-03:00 fqdn.domain.com winbindd 7694 - -   ldb: Failed to connect to '/var/db/system/samba4/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/db/system/samba4/private/secrets.ldb': No such file or directory
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.963171-03:00 fqdn.domain.com smbd 15994 - - [2022/05/18 00:48:38.962879,  0] ../../source3/auth/auth_util.c:1914(check_account)
May 18 00:48:38 truenas 1 2022-05-18T00:48:38.963229-03:00 fqdn.domain.com smbd 15994 - -   check_account: Failed to convert SID S-1-5-21-419682117-327514257-1137216518-1234 to a UID (dom_user[DOMAIN\user])
May 18 00:48:58 truenas 1 2022-05-18T00:48:58.087523-03:00 fqdn.domain.com smbd 15996 - - [2022/05/18 00:48:58.087285,  0] ../../source3/auth/auth_util.c:1914(check_account)
May 18 00:48:58 truenas 1 2022-05-18T00:48:58.087580-03:00 fqdn.domain.com smbd 15996 - -   check_account: Failed to convert SID S-1-5-21-419682117-327514257-1137216518-1234 to a UID (dom_user[DOMAIN\user])
May 18 00:52:07 truenas 1 2022-05-18T00:52:07.990536-03:00 fqdn.domain.com smbd 16042 - - [2022/05/18 00:52:07.990279,  0] ../../source3/auth/auth_util.c:1914(check_account)
May 18 00:52:07 truenas 1 2022-05-18T00:52:07.990593-03:00 fqdn.domain.com smbd 16042 - -   check_account: Failed to convert SID S-1-5-21-419682117-327514257-1137216518-1234 to a UID (dom_user[DOMAIN\user])


I have not directly modified the permissions for these file but did move one to .BAK in an attempt to resolve this
Code:
[root@truenas /var/db/system/samba4/private]# pwd
/var/db/system/samba4/private
[root@truenas /var/db/system/samba4/private]# ll
total 528
drwx------  3 root  wheel  uarch     16 May 18 12:19 ./
drwxr-xr-x  4 root  wheel  uarch     10 May 18 11:28 ../
drwx------  2 root  wheel  uarch    485 May 18 13:18 msg.sock/
-rw-------  1 root  wheel  uarch  28672 May 18 11:28 netlogon_creds_cli.tdb
-rw-------  1 root  wheel  uarch 421888 May 11 13:47 passdb.tdb
-rw-------  1 root  wheel  uarch   1345 May 18 12:19 samba.keytab
-rwxrwxrwx  1 root  wheel  uarch      0 May 18 11:05 secrets.ldb*
-rw-r--r--  1 root  wheel  uarch      0 May 18 09:31 secrets.ldb.BAK
-rw-------  1 root  wheel  uarch 430080 May 18 11:23 secrets.tdb
-rw-------  1 root  wheel  uarch 430080 May 17 15:06 secrets.tdb.BAK
-rw-------  1 root  wheel  uarch 430080 Apr 26 15:33 secrets.tdb.bak.1650997996
-rw-------  1 root  wheel  uarch 430080 Apr 27 09:14 secrets.tdb.bak.1651061652
-rw-------  1 root  wheel  uarch 430080 May 11 08:28 secrets.tdb.bak.1652268491
-rw-------  1 root  wheel  uarch 430080 May 17 14:07 secrets.tdb.bak.1652807226
-rw-------  1 root  wheel  uarch 430080 May 17 15:04 secrets.tdb.bak.1652810663
-rwxrwxrwx  1 root  wheel  uarch 430080 May 18 11:14 secrets.tdb.bak.1652883263*
[root@truenas /var/db/system/samba4/private]#


This is not a production unit, however I would like to better understand both the root cause as well as the recommended way of resolving this.

Thank-You
 
Top