Error Could not find domain

it.damapel · April 23, 2025, 12:50pm

NethServer Version: Nethserver 8
Module: Samba 2.5.0

Hello everybody.

I was analyzing the samba logs and I came across these errors that appear constantly:

Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for pdc.local
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/smbd: load_usershare_service: stat of /var/lib/samba/usershares failed. No such file or directory

Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for pdc.local
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/smbd: load_usershare_service: stat of /var/lib/samba/usershares failed. No such file or directory

Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for pdc.local
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
Apr 23 09:29:18 nethserver8 samba-dc[600192]: /usr/sbin/smbd: load_usershare_service: stat of /var/lib/samba/usershares failed. No such file or directory

My domain is not pdc.local, but ad.pdc.local. Could it be that when I migrated from NS7 to NS8, some information was incomplete?
Does anyone know which files I should be reviewing to check if I find this “pdc.local” and change it to the correct domain?

mrmarkuz · April 23, 2025, 4:39pm

The following should give an idea which files to check. Please create a backup/snapshot before changing config files.

Login as samba1 app instance user:

runagent -m samba1

Check NBDOMAIN and REALM variables in the environment file:

[samba3@ns8rockytest state]$ cat environment
...
NBDOMAIN=NS8TEST
REALM=AD.NS8TEST.COM
...

Check smb.conf:

podman unshare nano $(podman volume inspect config --format={{.Mountpoint}})/smb.conf

Check include.conf if you added custom config, see also ns8-samba/samba-dc at main · NethServer/ns8-samba · GitHub :

podman unshare nano $(podman volume inspect config --format={{.Mountpoint}})/include.conf

Check the samba lib directory:

[samba3@ns8rockytest state]$ podman exec samba-dc ls -l /var/lib/samba/
total 1380
-rw-------.  1 root root                   421888 Nov 30 18:03 account_policy.tdb
drwxr-x---.  2 root root                        6 Nov 30 18:02 bind-dns
drwxr-x---.  2 root _chrony                    20 Apr 20 21:56 ntp_signd
drwxr-xr-x. 10 root root                      114 Nov 18 11:36 printers
drwxr-xr-x.  6 root root                     4096 Apr 20 21:56 private
-rw-------.  1 root root                   528384 Apr  8 12:21 registry.tdb
-rw-------.  1 root root                   421888 Nov 30 18:03 share_info.tdb
drwxr-xr-x.  2 root root                        6 Nov 18 11:36 skel.d
drwxrwx---+  3 root BUILTIN\administrators     28 Nov 30 18:03 sysvol
drwxrwx--T.  2 root sambashare                  6 Nov 18 11:36 usershares
-rw-------.  1 root root                    32768 Apr 20 21:56 winbindd_cache.tdb
drwxr-x---.  2 root winbindd_priv              18 Apr 20 21:56 winbindd_privileged

Restart samba:

systemctl --user restart samba-dc

Exit the app environment:

exit

it.damapel · April 24, 2025, 7:24pm

HOSTNAME=nsdc-dama.ad.pdc.local
IMAGE_DIGEST=sha256:f8006087349a5b2a781cbb6551ebd429a09c43b09084284f0afa77225b0410d9
IMAGE_ID=5fa841de2060ddc0d25c8f0dae94d009c396a75b6e656bff81b0332d8f303517
IMAGE_REOPODIGEST=ghcr.io/nethserver/samba@sha256:f8006087349a5b2a781cbb6551ebd429a09c43b09084284f0afa77225b0410d9
IMAGE_URL=ghcr.io/nethserver/samba:2.5.0
IMPORT_IMAGE_URL=ghcr.io/nethserver/samba:2.4.1
IMPORT_TASK_ID=cc9bbc76-b7df-4fc7-970c-4034747afbee
IPADDRESS=192.168.3.40
MODULE_ID=samba1
MODULE_UUID=a9e0e7a5-9b21-42ab-a431-697ee5f2bac9
NBDOMAIN=PDC
NODE_ID=1
PREV_IMAGE_DIGEST=sha256:d7eecbb573c4187a367a528ea79b69f54ee86c90f91a785c9ff98cc701bfba1d
PREV_IMAGE_ID=19824862aad43826422c8b1bd0a22044b7541733a2b91c80860f3357ae48bde3
PREV_IMAGE_REOPODIGEST=ghcr.io/nethserver/samba@sha256:d7eecbb573c4187a367a528ea79b69f54ee86c90f91a785c9ff98cc701bfba1d
PREV_IMAGE_URL=ghcr.io/nethserver/samba:2.4.1
PREV_SAMBA_DC_IMAGE=ghcr.io/nethserver/samba-dc:2.4.1
PROVISION_TYPE=newdomain
REALM=AD.PDC.LOCAL
SAMBA_DC_IMAGE=ghcr.io/nethserver/samba-dc:2.5.0
SVCPASS=gzH3TUaAuq0yMutE
SVCUSER=ldapservice
TCP_PORT=20003
TCP_PORTS=20003

#
# Empty file, placeholder
# It is safe to manually edit this file. Changes are preserved.
#
[global]
    netbios aliases = dama

ldap server require strong auth = no

-rw-------  1 root root                      8192 Apr  5 09:04 account_policy.tdb
-rw-------  1 root root                       696 Apr  5 09:04 group_mapping.tdb
drwxr-x---  2 root _chrony                     28 Apr 23 10:48 ntp_signd
drwxr-xr-x  7 root root                      4096 Apr 23 10:48 private
-rw-------  1 root root                   1564672 Apr 11 13:50 registry.tdb
-rw-------  1 root root                      8192 Apr  5 09:04 share_info.tdb
drwxrwx---+ 3 root BUILTIN\administrators      34 Apr  5 09:04 sysvol
-rw-------  1 root root                     32768 Apr 23 10:48 winbindd_cache.tdb
drwxr-x---  2 root root                        26 Apr 23 10:48 winbindd_privileged
-rw-------  1 root root                     53248 Apr  5 09:04 wins.ldb

mrmarkuz · April 27, 2025, 9:16am

The domain name/settings seem to be good.

Did you add more customizations like this?

The usershares directory is missing, it seems something went wrong.
Maybe it helps to recreate the directory?

Enter samba-dc container:

runagent -m samba1 podman exec -ti samba-dc bash

Create missing dir:

mkdir /var/lib/samba/usershares

Set owner:

chown root:sambashare /var/lib/samba/usershares

Set permission:

chmod g+w /var/lib/samba/usershares

Exit container:

exit

it.damapel · April 28, 2025, 11:14am

I only have this customization

I followed the instructions given, but now I get the following error:

abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not find domain for pdc.local
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/smbd: load_usershare_service: directory /var/lib/samba/usershares is not owned by root or does not have the sticky bit 't' set or is writable by anyone.
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not find domain for pdc.local
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 28 08:09:40 nethserver8 samba-dc[302115]: /usr/sbin/smbd: load_usershare_service: directory /var/lib/samba/usershares is not owned by root or does not have the sticky bit 't' set or is writable by anyone.

samba1@nethserver8:~/.config/state$ podman exec samba-dc ls -l /var/lib/samba/
total 1640
-rw-------  1 root root                      8192 Apr  5 09:04 account_policy.tdb
-rw-------  1 root root                       696 Apr  5 09:04 group_mapping.tdb
drwxr-x---  2 root _chrony                     28 Apr 28 11:09 ntp_signd
drwxr-xr-x  7 root root                      4096 Apr 28 11:09 private
-rw-------  1 root root                   1564672 Apr 11 13:50 registry.tdb
-rw-------  1 root root                      8192 Apr  5 09:04 share_info.tdb
drwxrwx---+ 3 root BUILTIN\administrators      34 Apr  5 09:04 sysvol
drwxrwxr-x  2 root sambashare                   6 Apr 28 11:07 usershares
-rw-------  1 root root                     32768 Apr 28 11:09 winbindd_cache.tdb
drwxr-x---  2 root root                        26 Apr 28 11:09 winbindd_privileged
-rw-------  1 root root                     53248 Apr  5 09:04 wins.ldb

mrmarkuz · April 28, 2025, 12:04pm

Oh, I forgot the sticky bit. Please try to set permissions as follows:

chmod u=rwx,g=rwx,o=,+t /var/lib/samba/usershares

Permissions should be set like this:

root@dc3:/# ls -ld /var/lib/samba/usershares
drwxrwx--T. 2 root sambashare 6 Nov 18 11:36 /var/lib/samba/usershares

Just to clarify, does samba work? Can you connect to a share?

it.damapel · April 29, 2025, 2:52pm

Yes, it connects and everything works perfectly. I just can’t understand where this pdc.local information is coming from.

Logs after permission fix

abr 29 11:40:41 nethserver8 samba-dc[469116]: /usr/sbin/winbindd: Could not find domain for pdc.local
abr 29 11:40:41 nethserver8 samba-dc[469116]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 29 11:40:41 nethserver8 samba-dc[469116]: /usr/sbin/winbindd: Could not find domain for PDC.LOCAL
abr 29 11:40:41 nethserver8 samba-dc[469116]: /usr/sbin/winbindd: Could not convert sid S-0-0: NT_STATUS_NONE_MAPPED
abr 29 11:40:41 nethserver8 samba-dc[469116]: /usr/sbin/winbindd: Could not find domain for pdc.local

mrmarkuz · April 29, 2025, 6:52pm

I also noticed this message on one of my servers but I wasn’t able to find the cause yet, see also [Samba] Could not convert SID S-0-0, error is NT_STATUS_NONE_MAPPED

Could it be that there was an old domain PDC.LOCAL? Are there other domain controllers in the network?

Let’s check the set winbind options:

root@home:~# runagent -m samba1 podman exec -t samba-dc testparm -s | grep winbind
	winbindd:use external pipes = true

A possible workaround could be to filter those log entries, see also NS8 - /dev/mapper/vg_var-lv_var is at 86% - #5 by mrmarkuz