[Samba] The security id structure is invalid
Ron García-Vidal
ron at riomargroup.com
Fri Oct 7 13:25:15 UTC 2016
On 10/7/16 8:51 AM, Ron García-Vidal via samba wrote:
> On 10/6/16 1:54 PM, Ron García-Vidal via samba wrote:
>> On 10/6/16 12:50 PM, lingpanda101--- via samba wrote:
>>> On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
>>>> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
>>>>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>>>>>> On Wed, 5 Oct 2016 10:37:51 -0400
>>>>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>>>>> In trying to sort through this myself, I seems to be missing
>>>>>> something. Can anyone shed light on why samba-tool dbcheck gives
>>>>>> me this message?
>>>>
>>>> ERROR: incorrect GUID component for member in object CN=Domain
>>>> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net -
>>>> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP
>>>> User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>>
>>>> The GUID that it's giving doesn't show up anywhere when I ldbedit
>>>> my sam.db. I'm trying to figure out how I can manually correct the
>>>> GUID component that it's screaming about, but I can't find anything
>>>> in the sam.db that mentions GUID other than objectGUID. Any hints?
>
> Resorting to a simple grep, I have found the entry that's causing the
> issue in the file
> /usr/local/samba/private/sam.ldb.d/DC=DC1,DC=MYDOMAIN,DC=NET.ldb
>
> How does this file relate to the sam.db file? Is it safe to edit this
> file directly to remove the offending GUID?
Looks like I have been barking up the wrong tree on this. I copied the
ldb mentioned above to a backup and manually removed the entries that
the testdb was complaining about. Testdb now comes back clean, but the
Invalid security ID structure error continues. The logs are showing
multiple instances of:
Unable to convert SID (S-1-5-11) at index 5 in user token to a GID.
Conversion was returned as type 0, full token:
I have a 74k log file that records me starting up the smbd and trying to
access a share. Is adding this as an attachment the best way to send it?
-Ron
More information about the samba
mailing list