[Samba] Administrators SID is invalid.

mots nibutif at gmail.com
Sat Oct 18 04:04:52 MDT 2014

No, not while it was working. Though I did change the password today
while trying to figure out what still works.

Also, I can still get Kerberos tickets with the account. (using kinit
and klist)

Here's the output:
root at samba:~# ldbsearch -H /usr/local/samba/private/sam.ldb cn=Administrator
# record 1
dn: CN=Administrator,CN=Users,DC=cluster,DC=domain,DC=ch
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20140912070407.0Z
uSNCreated: 3545
name: Administrator
objectGUID: 9d41ebd9-7c5a-48d0-b953-85eab1e55429
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-4290789724-2746532821-3856153555-500
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: Administrator
sAMAccountType: 805306368
isCriticalSystemObject: TRUE
memberOf: CN=Administrators,CN=Builtin,DC=cluster,DC=domain,DC=ch
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=cluster,DC=domain,DC=ch
memberOf: CN=Enterprise Admins,CN=Users,DC=cluster,DC=domain,DC=ch
memberOf: CN=Schema Admins,CN=Users,DC=cluster,DC=domain,DC=ch
memberOf: CN=Domain Admins,CN=Users,DC=cluster,DC=domain,DC=ch
userAccountControl: 66048
msDS-SupportedEncryptionTypes: 0
pwdLastSet: 130580955130000000
whenChanged: 20141018084513.0Z
uSNChanged: 27862
distinguishedName: CN=Administrator,CN=Users,DC=cluster,DC=domain,DC=ch

# Referral
ref: ldap://cluster.domain.ch/CN=Configuration,DC=cluster,DC=domain,DC=ch

# Referral
ref: ldap://cluster.domain.ch/DC=DomainDnsZones,DC=cluster,DC=domain,DC=ch

# Referral
ref: ldap://cluster.domain.ch/DC=ForestDnsZones,DC=cluster,DC=domain,DC=ch

# returned 4 records
# 1 entries
# 3 referrals


Am 18.10.2014 um 11:50 schrieb Rowland Penny:
> On 18/10/14 10:20, mots wrote:
>> Hello,
>> I've got a samba 4.2 DC, which has worked well for about a month now. It
>> still works for all users except "Administrator".
>> If I login to a Windows box with the Administrator account, I can't
>> connect to any shares and clicking on a mapped drive returns the error
>> "The security ID structure is invalid".
>> Opening "Active Directory Users and Computers" on the Windows box
>> returns "The RPC server is unavailable".
>> Using "smbclient -L localhost -UAdministrator" on the GNU/Linux server
>> running samba I receife this error: "session setup failed:
>> Is there a way to fix this without restoring the database from backup?
>> Kind regards,
>> mots
> possibly, have you done anything to the Administrator account ?
> Also can you post the (sanitized) result of:
> ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator
> You may have to alter '/var/lib/samba/private/sam.ldb' with the path
> to your sam.ldb
> Rowland

More information about the samba mailing list