Windows error: No Mapping between account names and security IDs was done

cronsloth

Cadet
Joined
Jul 26, 2017
Messages
9
First post on here, sorry if this has already been answered. We have a Windows env and SMB shares through our network. On one of those shares, using a Windows 10 machine, I added a FreeNAS user to have full permissions on a folder. Despite them showing up in the 'Security' tab as having full access, the folder doesn't appear on the share when they are logged in.

When using the 'Effective Access' to test their ability to see the file, I get the error "No Mapping between account names and security IDs was done" in Windows. Now I seem to get this error with everyone, even the owner of the folder. So it may be a red-herring. But I can't seem to work out why the new user can't access anything.

On FreeNAS doing a 'getfacl -d' on the shared folder, their name appears with full control permissions. I am stumped. I have also tried restarting the computer and reconnecting to FreeNAS post reboot and the result continues to be the same. All other users (who were added to have full control to the share before yesterday) can still access and browse, read and write to the same share.

Any ideas?
 

Maelstrom

Cadet
Joined
Jul 3, 2014
Messages
2
Monkey -- great video ( others finding this post, please note, the link above is no longer working with the new forums, use https://www.ixsystems.com/community/resources/freenas-and-samba-smb-permissions-video.8/ instead).

One thing, though, the video does not address the issue cronsloth brought up, that of the windows error #80070534 ""No Mapping between account names and security IDs was done".

My accounts, groups, SMB shares, etc are all good and have been working for some time (NOTE to newcomers to FreeNAS, BE SURE WHEN CREATING SMB USERS FOR WINDOWS TO USE THE OPTION 'MICROSOFT ACCOUNT' ON THE USER SCREEN), but when using the tool for effective access for a particular user, this error is still occurring on Freenas 11.2 and Windows 10.

I'm just starting to look for a proper solution on the site (after reading and re-reading the latest FreeNAS docs) so am unsure if there are any other discussions on the matter where the issue has been solved. If I find one, I'll be sure to cross post it here (since this post is showing up at the top when searching for this error)

Cheers!
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
This appears to be a samba issue. What Windows is complaining about is that the FreeNAS local account "user" was not mapped to an ID, S-<etc>, and so it can't check for effective permissions.

That is a red herring, access will still work.

That video or https://www.ixsystems.com/community/threads/methods-for-fine-tuning-samba-permissions.50739/ should get you where you need to go, @elkmaster, with regards to setting up shares. Simpler is, as always, easier to troubleshoot. In my case I don't use ACLs at all, because access can be handled on the group level.
 

charlesnw

Cadet
Joined
Mar 26, 2020
Messages
1
@Yorick Except access doesn't actually work (from a windows PC). Well it partially doesn't work. You can copy it to a client PC. However you can't utilize it on the share. However if I browse the share from an ipad, it works.
 

Yorick

Wizard
Joined
Nov 4, 2018
Messages
1,912
@charlesnw You can set an SMB aux of "log level = 2 auth_audit:5", restart SMB, try your access, and see what's in /var/log/samba4/log.smbd. That should give you a good idea of why it's failing, and which user is being used to authenticate. Then do the work of looking through permissions - see earlier link - to give the user access.
 
Top