[Samba] Administrators SID is invalid.

Rowland Penny rowlandpenny at googlemail.com
Sat Oct 18 04:56:33 MDT 2014


On 18/10/14 11:45, mots wrote:
> Thanks, but that didn't work, I'm still getting the same error.
>
> Also weird: If the account was expired, then I shouldn't have been able
> to log in at all, right?
>
> Kind regards,
>
> mots
>
> Am 18.10.2014 um 11:50 schrieb Rowland Penny:
>> On 18/10/14 10:20, mots wrote:
>>> Hello,
>>>
>>> I've got a samba 4.2 DC, which has worked well for about a month now. It
>>> still works for all users except "Administrator".
>>>
>>> If I login to a Windows box with the Administrator account, I can't
>>> connect to any shares and clicking on a mapped drive returns the error
>>> "The security ID structure is invalid".
>>>
>>> Opening "Active Directory Users and Computers" on the Windows box
>>> returns "The RPC server is unavailable".
>>>
>>> Using "smbclient -L localhost -UAdministrator" on the GNU/Linux server
>>> running samba I receife this error: "session setup failed:
>>> NT_STATUS_INVALID_SID".
>>>
>>> Is there a way to fix this without restoring the database from backup?
>>>
>>> Kind regards,
>>>
>>> mots
>> possibly, have you done anything to the Administrator account ?
>>
>> Also can you post the (sanitized) result of:
>>
>> ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator
>>
>> You may have to alter '/var/lib/samba/private/sam.ldb' with the path
>> to your sam.ldb
>>
>> Rowland
>>
That was the only obvious problem, ok lets check if the Administrator 
has the correct SID:

ldbsearch -H /var/lib/samba/private/sam.ldb DC=cluster | grep objectSid

does the result match what you posted earlier ?

objectSid: S-1-5-21-4290789724-2746532821-3856153555-500

Note: ignore the -500, this is the Administrator's RID and is always '500'

Rowland



More information about the samba mailing list