jaclas Posted May 15 Share Posted May 15 I have noticed that the log occupancy is increasing rapidly. I looked into it and I see that every now and then this group of entries appears: May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388135, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 15 09:11:01 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (18629)]: request interface version (version = 32) May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388208, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 15 09:11:01 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (18631)]: request interface version (version = 32) May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388268, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 15 09:11:01 unraid winbindd[12981]: process_request_send: [nss_winbind (18629)] Handling async request: GETGROUPS May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388286, 3] ../../source3/winbindd/winbindd_getgroups.c:63(winbindd_getgroups_send) May 15 09:11:01 unraid winbindd[12981]: [nss_winbind (18629)] Winbind external command GETGROUPS start. May 15 09:11:01 unraid winbindd[12981]: Searching groups for username 'root'. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388358, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 15 09:11:01 unraid winbindd[12981]: process_request_send: [nss_winbind (18631)] Handling async request: GETGROUPS May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388374, 3] ../../source3/winbindd/winbindd_getgroups.c:63(winbindd_getgroups_send) May 15 09:11:01 unraid winbindd[12981]: [nss_winbind (18631)] Winbind external command GETGROUPS start. May 15 09:11:01 unraid winbindd[12981]: Searching groups for username 'root'. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389076, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 15 09:11:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389103, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 15 09:11:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389120, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 15 09:11:01 unraid winbindd[12981]: process_request_done: [nss_winbind(18629):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389286, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 15 09:11:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389318, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 15 09:11:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389334, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 15 09:11:01 unraid winbindd[12981]: process_request_done: [nss_winbind(18631):GETGROUPS]: NT_STATUS_NO_SUCH_USER This seems to apply to Samba. But what does it result from and how to solve it? unraid-diagnostics-20240515-0919.zip Quote Link to comment
itimpi Posted May 15 Share Posted May 15 Do you have a client trying to connect to you Unraid server using 'root' as the Username? For security reasons the 'root' user is not allowed to access shares via SMB. You should instead set up a new username at the Unraid level via the Users tab and use that instead. Quote Link to comment
jaclas Posted May 15 Author Share Posted May 15 13 minutes ago, itimpi said: Do you have a client trying to connect to you Unraid server using 'root' as the Username? For security reasons the 'root' user is not allowed to access shares via SMB. You should instead set up a new username at the Unraid level via the Users tab and use that instead. I am not aware of any root being used anywhere. I have two clients, my work computer with Linux and my wife's windows. I have an account set up for my wife in Unraid and her computer logged into that account. My computer (linux) has shares mounted using my own credentials like this: audiobooks -fstype=cifs,rw,gid=users,uid=jacek,credentials=/etc/smb_creds.txt ://192.168.1.100/audiobooks and in the smb_creds files is my account, not root. How to check what address is trying to log in? Quote Link to comment
itimpi Posted May 15 Share Posted May 15 1 hour ago, jaclas said: How to check what address is trying to log in? Not sure. Is your server by any chance exposed to the internet? Quote Link to comment
jaclas Posted May 15 Author Share Posted May 15 1 hour ago, itimpi said: Not sure. Is your server by any chance exposed to the internet? Absolutely not. Btw I meant the local addresses of devices in the LAN. Quote Link to comment
jaclas Posted May 17 Author Share Posted May 17 The next fragment of the log, you can see in it again the reference to 'root', but there is also a connection from my wife's computer (magda account), which as you can see works fine. It also appears twice "search UID" with some ID: 201 and 65532. What could this be? May 17 09:29:01 unraid winbindd[12981]: [nss_winbind (3916)] Winbind external command GETGROUPS start. May 17 09:29:01 unraid winbindd[12981]: Searching groups for username 'root'. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346893, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 17 09:29:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346922, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 17 09:29:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346936, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:01 unraid winbindd[12981]: process_request_done: [nss_winbind(3909):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347035, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 17 09:29:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347058, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 17 09:29:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347070, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:01 unraid winbindd[12981]: process_request_done: [nss_winbind(3916):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624197, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 17 09:29:04 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (4783)]: request interface version (version = 32) May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624268, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 17 09:29:04 unraid winbindd[12981]: process_request_send: [nss_winbind (4783)] Handling async request: GETPWUID May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624290, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 17 09:29:04 unraid winbindd[12981]: [nss_winbind (4783)] Winbind external command GETPWUID start. May 17 09:29:04 unraid winbindd[12981]: Search UID 201. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624324, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 17 09:29:04 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624340, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:04 unraid winbindd[12981]: process_request_done: [nss_winbind(4783):GETPWUID]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624364, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 17 09:29:04 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628546, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 17 09:29:04 unraid winbindd[12981]: process_request_send: [nss_winbind (4783)] Handling async request: GETPWUID May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628569, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 17 09:29:04 unraid winbindd[12981]: [nss_winbind (4783)] Winbind external command GETPWUID start. May 17 09:29:04 unraid winbindd[12981]: Search UID 65532. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628757, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 17 09:29:04 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628775, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:04 unraid winbindd[12981]: process_request_done: [nss_winbind(4783):GETPWUID]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628794, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 17 09:29:04 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.631697, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-20240517T072833Z.dlist.zip (numopen=3) NT_STATUS_OK May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.633195, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-i0b5d33dd2e594ded87a9d39ac871914a.dindex.zip (numopen=2) NT_STATUS_OK May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.635631, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-b55c8abaee96d41e0910f7ffba45406c4.dblock.zip (numopen=1) NT_STATUS_OK I have disabled disk mapping via SMB on my computer. That leaves my wife's home computer and her work laptop, as she works remotely today. But this laptop does not use the resources of our network at all, it is connected by VPN to the company's servers. There are also a couple of dockers and a one virtual machine with Home Assistant. And phones. But none of them were configured to work with samba. And the log swells, and it annoys me a lot. Quote Link to comment
JonathanM Posted May 21 Share Posted May 21 Check if your router has a feature that tries to hack into devices on the network to expose weaknesses. Quote Link to comment
jaclas Posted Wednesday at 08:54 AM Author Share Posted Wednesday at 08:54 AM On 5/21/2024 at 3:46 AM, JonathanM said: Check if your router has a feature that tries to hack into devices on the network to expose weaknesses. I have a Synology RT2600ac router, it has various options related to samba, but rather as a server (can share usb media). In any case, I have it all disabled. And the log continues to grow: May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316774, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 29 10:53:23 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (20945)]: request interface version (version = 32) May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316876, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 29 10:53:23 unraid winbindd[12981]: process_request_send: [nss_winbind (20945)] Handling async request: GETPWUID May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316894, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 29 10:53:23 unraid winbindd[12981]: [nss_winbind (20945)] Winbind external command GETPWUID start. May 29 10:53:23 unraid winbindd[12981]: Search UID 201. May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317109, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 29 10:53:23 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317128, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 29 10:53:23 unraid winbindd[12981]: process_request_done: [nss_winbind(20945):GETPWUID]: NT_STATUS_NO_SUCH_USER May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317147, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 29 10:53:23 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. Quote Link to comment
JonathanM Posted Wednesday at 11:33 AM Share Posted Wednesday at 11:33 AM 2 hours ago, jaclas said: I have a Synology RT2600ac router, disable Threat Prevention Quote Link to comment
jaclas Posted 4 hours ago Author Share Posted 4 hours ago (edited) I haven't yet checked Jonathan's advice, excluding Threat Prevention (I'll check it soon, but I don't want to get rid of this feature!) But now I have a new observation. There was a new iotop-c app available in Apps: I installed and ran it. Fortunately, I noticed that the log suddenly started to grow even faster. It turns out that while iotop-c is running, there is a log entry like this every second: Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707946, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) Jun 3 11:43:20 unraid winbindd[12981]: process_request_send: [nss_winbind (16207)] Handling async request: GETPWUID Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707952, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) Jun 3 11:43:20 unraid winbindd[12981]: [nss_winbind (16207)] Winbind external command GETPWUID start. Jun 3 11:43:20 unraid winbindd[12981]: Search UID 201. Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707964, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) Jun 3 11:43:20 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707972, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) Jun 3 11:43:20 unraid winbindd[12981]: process_request_done: [nss_winbind(16207):GETPWUID]: NT_STATUS_NO_SUCH_USER Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707982, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) Jun 3 11:43:20 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. What does this application have to do with Samba? On 5/29/2024 at 1:33 PM, JonathanM said: disable Threat Prevention After checking, it turned out that Prevent in my router is not even installed (it is an additional module). Edited 3 hours ago by jaclas Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.