[Samba] The security id structure is invalid
Rowland Penny
rpenny at samba.org
Sat Oct 8 17:14:02 UTC 2016
See inline comments:
On Sat, 8 Oct 2016 13:00:22 -0400
Ron GarcĂa-Vidal via samba <samba at lists.samba.org> wrote:
> On 10/8/16 10:32 AM, Rowland Penny via samba wrote:
> > Please post your smb.conf from the DC, the 'samba' deamon should
> > start winbind, if you run 'ps ax | grep winbind', you should get
> > something like this:
> Sorry, Samba wasn't running when I tried that command. Here's the
> output:
>
> wbinfo --sid-to-gid=S-1-5-21-1319907214-2951884047-2640289736-512
> failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid S-1-5-21-1319907214-2951884047-2640289736-512
> to gid
>
> Here is my smb.conf:
>
> # Global parameters
> [global]
> workgroup = MYDOMAIN
> realm = DC1.MYDOMAIN.NET
> netbios name = SAMBASERVER
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind, ntp_signd, kcc, dnsupdate
> time server = yes
> ntp signd socket directory
> = /usr/local/samba/var/lib/ntp_signd/ idmap_ldb:use rfc2307 = yes
> # debug level = 9
>
You might as well remove the next 7 lines, they do nothing on a DC
> # Winbind settings
> idmap config * : backend = tdb
> idmap config * : range = 30000-40000
>
> idmap config MYDOMAIN : default = yes
> idmap config MYDOMAIN : backend = ad
> idmap config MYDOMAIN : schema_mode = rfc2307
> idmap config MYDOMAIN : range = 0-200000
>
> template shell = /bin/bash
Replace %ACCOUNTNAME% with %U
> template homedir = /home/%ACCOUNTNAME%
I would also remove the next block of lines, except possibly for the
'enum' ones
> winbind separator = +
> winbind use default domain = Yes
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind enum users = yes
> winbind enum groups = yes
> winbind nested groups = Yes
> winbind offline logon = Yes
>
>
>
> #======================= Share Definitions =======================
> [netlogon]
> path
> = /usr/local/samba/var/locks/sysvol/dc1.evilgenius.net/scripts read
> only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> ;[homes]
> ; comment = Home Directories
> ; browseable = no
>
>
Can I also suggest replacing 'winbind' in the 'server services' line
with 'winbindd'
Do any of your users log into the DC ?
Rowland
More information about the samba
mailing list