jaclas Posted May 15 Share Posted May 15 I have noticed that the log occupancy is increasing rapidly. I looked into it and I see that every now and then this group of entries appears: May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388135, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 15 09:11:01 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (18629)]: request interface version (version = 32) May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388208, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 15 09:11:01 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (18631)]: request interface version (version = 32) May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388268, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 15 09:11:01 unraid winbindd[12981]: process_request_send: [nss_winbind (18629)] Handling async request: GETGROUPS May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388286, 3] ../../source3/winbindd/winbindd_getgroups.c:63(winbindd_getgroups_send) May 15 09:11:01 unraid winbindd[12981]: [nss_winbind (18629)] Winbind external command GETGROUPS start. May 15 09:11:01 unraid winbindd[12981]: Searching groups for username 'root'. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388358, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 15 09:11:01 unraid winbindd[12981]: process_request_send: [nss_winbind (18631)] Handling async request: GETGROUPS May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.388374, 3] ../../source3/winbindd/winbindd_getgroups.c:63(winbindd_getgroups_send) May 15 09:11:01 unraid winbindd[12981]: [nss_winbind (18631)] Winbind external command GETGROUPS start. May 15 09:11:01 unraid winbindd[12981]: Searching groups for username 'root'. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389076, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 15 09:11:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389103, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 15 09:11:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389120, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 15 09:11:01 unraid winbindd[12981]: process_request_done: [nss_winbind(18629):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389286, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 15 09:11:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389318, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 15 09:11:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 15 09:11:01 unraid winbindd[12981]: [2024/05/15 09:11:01.389334, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 15 09:11:01 unraid winbindd[12981]: process_request_done: [nss_winbind(18631):GETGROUPS]: NT_STATUS_NO_SUCH_USER This seems to apply to Samba. But what does it result from and how to solve it? unraid-diagnostics-20240515-0919.zip Quote Link to comment
itimpi Posted May 15 Share Posted May 15 Do you have a client trying to connect to you Unraid server using 'root' as the Username? For security reasons the 'root' user is not allowed to access shares via SMB. You should instead set up a new username at the Unraid level via the Users tab and use that instead. Quote Link to comment
jaclas Posted May 15 Author Share Posted May 15 13 minutes ago, itimpi said: Do you have a client trying to connect to you Unraid server using 'root' as the Username? For security reasons the 'root' user is not allowed to access shares via SMB. You should instead set up a new username at the Unraid level via the Users tab and use that instead. I am not aware of any root being used anywhere. I have two clients, my work computer with Linux and my wife's windows. I have an account set up for my wife in Unraid and her computer logged into that account. My computer (linux) has shares mounted using my own credentials like this: audiobooks -fstype=cifs,rw,gid=users,uid=jacek,credentials=/etc/smb_creds.txt ://192.168.1.100/audiobooks and in the smb_creds files is my account, not root. How to check what address is trying to log in? Quote Link to comment
itimpi Posted May 15 Share Posted May 15 1 hour ago, jaclas said: How to check what address is trying to log in? Not sure. Is your server by any chance exposed to the internet? Quote Link to comment
jaclas Posted May 15 Author Share Posted May 15 1 hour ago, itimpi said: Not sure. Is your server by any chance exposed to the internet? Absolutely not. Btw I meant the local addresses of devices in the LAN. Quote Link to comment
jaclas Posted May 17 Author Share Posted May 17 The next fragment of the log, you can see in it again the reference to 'root', but there is also a connection from my wife's computer (magda account), which as you can see works fine. It also appears twice "search UID" with some ID: 201 and 65532. What could this be? May 17 09:29:01 unraid winbindd[12981]: [nss_winbind (3916)] Winbind external command GETGROUPS start. May 17 09:29:01 unraid winbindd[12981]: Searching groups for username 'root'. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346893, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 17 09:29:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346922, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 17 09:29:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.346936, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:01 unraid winbindd[12981]: process_request_done: [nss_winbind(3909):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347035, 1] ../../source3/winbindd/wb_queryuser.c:402(wb_queryuser_got_gid) May 17 09:29:01 unraid winbindd[12981]: Returning NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: xid.type must be ID_TYPE_UID or ID_TYPE_BOTH. May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347058, 1] ../../source3/winbindd/winbindd_getgroups.c:259(winbindd_getgroups_recv) May 17 09:29:01 unraid winbindd[12981]: Could not convert sid S-1-5-21-1955737357-2222380031-4156432513-1000: NT_STATUS_NO_SUCH_USER May 17 09:29:01 unraid winbindd[12981]: [2024/05/17 09:29:01.347070, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:01 unraid winbindd[12981]: process_request_done: [nss_winbind(3916):GETGROUPS]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624197, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 17 09:29:04 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (4783)]: request interface version (version = 32) May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624268, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 17 09:29:04 unraid winbindd[12981]: process_request_send: [nss_winbind (4783)] Handling async request: GETPWUID May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624290, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 17 09:29:04 unraid winbindd[12981]: [nss_winbind (4783)] Winbind external command GETPWUID start. May 17 09:29:04 unraid winbindd[12981]: Search UID 201. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624324, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 17 09:29:04 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624340, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:04 unraid winbindd[12981]: process_request_done: [nss_winbind(4783):GETPWUID]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.624364, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 17 09:29:04 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628546, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 17 09:29:04 unraid winbindd[12981]: process_request_send: [nss_winbind (4783)] Handling async request: GETPWUID May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628569, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 17 09:29:04 unraid winbindd[12981]: [nss_winbind (4783)] Winbind external command GETPWUID start. May 17 09:29:04 unraid winbindd[12981]: Search UID 65532. May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628757, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 17 09:29:04 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628775, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 17 09:29:04 unraid winbindd[12981]: process_request_done: [nss_winbind(4783):GETPWUID]: NT_STATUS_NO_SUCH_USER May 17 09:29:04 unraid winbindd[12981]: [2024/05/17 09:29:04.628794, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 17 09:29:04 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.631697, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-20240517T072833Z.dlist.zip (numopen=3) NT_STATUS_OK May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.633195, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-i0b5d33dd2e594ded87a9d39ac871914a.dindex.zip (numopen=2) NT_STATUS_OK May 17 09:29:11 unraid smbd[16492]: [2024/05/17 09:29:11.635631, 2] ../../source3/smbd/close.c:830(close_normal_file) May 17 09:29:11 unraid smbd[16492]: magda closed file magda/poczta/duplicati-b55c8abaee96d41e0910f7ffba45406c4.dblock.zip (numopen=1) NT_STATUS_OK I have disabled disk mapping via SMB on my computer. That leaves my wife's home computer and her work laptop, as she works remotely today. But this laptop does not use the resources of our network at all, it is connected by VPN to the company's servers. There are also a couple of dockers and a one virtual machine with Home Assistant. And phones. But none of them were configured to work with samba. And the log swells, and it annoys me a lot. Quote Link to comment
JonathanM Posted May 21 Share Posted May 21 Check if your router has a feature that tries to hack into devices on the network to expose weaknesses. Quote Link to comment
jaclas Posted May 29 Author Share Posted May 29 On 5/21/2024 at 3:46 AM, JonathanM said: Check if your router has a feature that tries to hack into devices on the network to expose weaknesses. I have a Synology RT2600ac router, it has various options related to samba, but rather as a server (can share usb media). In any case, I have it all disabled. And the log continues to grow: May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316774, 3] ../../source3/winbindd/winbindd_misc.c:355(winbindd_interface_version) May 29 10:53:23 unraid winbindd[12981]: winbindd_interface_version: [nss_winbind (20945)]: request interface version (version = 32) May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316876, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) May 29 10:53:23 unraid winbindd[12981]: process_request_send: [nss_winbind (20945)] Handling async request: GETPWUID May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.316894, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) May 29 10:53:23 unraid winbindd[12981]: [nss_winbind (20945)] Winbind external command GETPWUID start. May 29 10:53:23 unraid winbindd[12981]: Search UID 201. May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317109, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) May 29 10:53:23 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317128, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) May 29 10:53:23 unraid winbindd[12981]: process_request_done: [nss_winbind(20945):GETPWUID]: NT_STATUS_NO_SUCH_USER May 29 10:53:23 unraid winbindd[12981]: [2024/05/29 10:53:23.317147, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) May 29 10:53:23 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. Quote Link to comment
JonathanM Posted May 29 Share Posted May 29 2 hours ago, jaclas said: I have a Synology RT2600ac router, disable Threat Prevention Quote Link to comment
jaclas Posted June 3 Author Share Posted June 3 (edited) I haven't yet checked Jonathan's advice, excluding Threat Prevention (I'll check it soon, but I don't want to get rid of this feature!) But now I have a new observation. There was a new iotop-c app available in Apps: I installed and ran it. Fortunately, I noticed that the log suddenly started to grow even faster. It turns out that while iotop-c is running, there is a log entry like this every second: Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707946, 3] ../../source3/winbindd/winbindd.c:496(process_request_send) Jun 3 11:43:20 unraid winbindd[12981]: process_request_send: [nss_winbind (16207)] Handling async request: GETPWUID Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707952, 3] ../../source3/winbindd/winbindd_getpwuid.c:49(winbindd_getpwuid_send) Jun 3 11:43:20 unraid winbindd[12981]: [nss_winbind (16207)] Winbind external command GETPWUID start. Jun 3 11:43:20 unraid winbindd[12981]: Search UID 201. Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707964, 1] ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) Jun 3 11:43:20 unraid winbindd[12981]: Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707972, 3] ../../source3/winbindd/winbindd.c:563(process_request_done) Jun 3 11:43:20 unraid winbindd[12981]: process_request_done: [nss_winbind(16207):GETPWUID]: NT_STATUS_NO_SUCH_USER Jun 3 11:43:20 unraid winbindd[12981]: [2024/06/03 11:43:20.707982, 1] ../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) Jun 3 11:43:20 unraid winbindd[12981]: Failed with NT_STATUS_NO_SUCH_USER. What does this application have to do with Samba? On 5/29/2024 at 1:33 PM, JonathanM said: disable Threat Prevention After checking, it turned out that Threat Prevention in my router is not even installed (it is an additional module). Edited June 4 by jaclas Quote Link to comment
lemon4fun Posted September 5 Share Posted September 5 Hello, did you find the issue? I got the exact same problem, Quote Link to comment
BitPusher Posted September 8 Share Posted September 8 I too have this same issue, which I only found as I am trying to track down some SMB issues, and am seeing this spamming the log. Quote Link to comment
jaclas Posted September 11 Author Share Posted September 11 (edited) I'm back with new clues! Earlier I showed such entries (among others) in the samba log: May 17 09:29:04 unraid winbindd[12981]: Search UID 201. I now ran the lsof command and got a bunch of warnings:lsof: no pwd entry for UID 201 So I executed: root@unraid:/mnt# id -u -n 201 id: '201': no such user Then: root@unraid:/mnt# ps -u 201 PID TTY TIME CMD 7646 ? 00:00:25 netdata 8329 ? 00:00:00 spawn-plugins 9275 ? 00:00:01 bash And it looks like it's Netdata (in docker) that's messing something up. Just not sure why it has a user with a UID that doesn't exist on the system? And restarting the server doesn't change anything. Does anyone have an idea where the problem is? @BitPusher @lemon4fun Are you using a container with Netdata? Edited September 11 by jaclas Quote Link to comment
caplam Posted September 11 Share Posted September 11 I have netdata installed and have no such error in log. and i have the same result as yours : root@godzilla:~# ps -u 201 PID TTY TIME CMD 15487 ? 00:11:20 netdata 15831 ? 00:00:01 spawn-plugins 18087 ? 00:00:02 bash reading netdata template, you see that you need to fill in a pgid of docker group to have container names resolved. What pgid have you ? In the template help it's indicated that you can find the right one with grep docker /etc/group | cut -d try to investigate in /var/log/samba Also winbind is a samba service used to retrieve uid and gid informations from a windows server. I'm not familiar with that but i would investigate things around this subject such as: How is your workgroup set-up ? Do you have other servers on your network that are part of the workgroup? Is unraid your local master browser? Quote Link to comment
jaclas Posted September 11 Author Share Posted September 11 @caplam I have the PGID set correct, in my case 281. You showed what the ps command returns, but do you have that UID associated with the user account? What does it return: id -u -n 201 What do you mean when you write about Windows Server? I have an Unraid server and two client computers on my network. One with Kubuntu, the other with Windows 11. It's not a server version, it's a regular desktop Windows. My Samba settings: The workgroup was previously named WORKGROUP, but I changed it to see if it was the name that shows up in the error logs. Now that I have disabled Netdata in the logs, the search for an account with UID 201 does not appear, but there are still errors remaining: Quote Link to comment
caplam Posted September 11 Share Posted September 11 (edited) i have the same as you: "no such user" by servers i meant other computers. In your screenshot you can see "could not convert sid S-1-5-21......" I'm absolutely no expert but i think sid are typical from computers joined to a domain When you remove computer from domain sid is not removed and this can generate errors with samba. sid is also used for local accounts in windows. Do you still have errors if you shut down your windows computer ? edit: i guess your windows computer try to access a share on your server and identifies itself with sid instead of using your credentials. i have no windows right now to test. Edited September 11 by caplam Quote Link to comment
jaclas Posted September 12 Author Share Posted September 12 (edited) I'll be honest and say that I'm heavily confused. I've read up on these SIDs and this is the SID that represents a regular user account (starts with “S-1-5-21”) in Windows. Using the “wmic useraccount” command, I listed all the accounts on my wife's laptop and none have this SID. I also booted up an old Windows 10 laptop that is unused but plugged in, listed the accounts on it and none match either. In addition to these two Windows laptops, I only have my main computer running Kubuntu, two Android phones, a printer, a network player (CD, MP3, streaming) and a cleaning robot on the network. I have no idea which devices can use this SID and where they are connected. Screenshot from my router with the list of connected devices: and current end of the unraid log: Now is 16:52 Edited September 12 by jaclas Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.