[Samba] Administrators SID is invalid.

Rowland Penny rowlandpenny at googlemail.com
Sat Oct 18 05:18:56 MDT 2014


On 18/10/14 12:06, mots wrote:
> Yes, the output maches the one from before.
>
> objectSid: S-1-5-21-4290789724-2746532821-3856153555
>
> Am 18.10.2014 um 12:56 schrieb Rowland Penny:
OK, everything about the Administrator account seems correct (even the 
accountExpires attribute, concentrating on the expiry day & month, I 
totally missed that it wouldn't expire until the year 4253 LOL ) so I am 
at a bit of a loss now. Perhaps there is something in smb.conf that is 
causing this, so could you post your smb.conf.

Rowland

>> On 18/10/14 11:45, mots wrote:
>>> Thanks, but that didn't work, I'm still getting the same error.
>>>
>>> Also weird: If the account was expired, then I shouldn't have been able
>>> to log in at all, right?
>>>
>>> Kind regards,
>>>
>>> mots
>>>
>>> Am 18.10.2014 um 11:50 schrieb Rowland Penny:
>>>> On 18/10/14 10:20, mots wrote:
>>>>> Hello,
>>>>>
>>>>> I've got a samba 4.2 DC, which has worked well for about a month
>>>>> now. It
>>>>> still works for all users except "Administrator".
>>>>>
>>>>> If I login to a Windows box with the Administrator account, I can't
>>>>> connect to any shares and clicking on a mapped drive returns the error
>>>>> "The security ID structure is invalid".
>>>>>
>>>>> Opening "Active Directory Users and Computers" on the Windows box
>>>>> returns "The RPC server is unavailable".
>>>>>
>>>>> Using "smbclient -L localhost -UAdministrator" on the GNU/Linux server
>>>>> running samba I receife this error: "session setup failed:
>>>>> NT_STATUS_INVALID_SID".
>>>>>
>>>>> Is there a way to fix this without restoring the database from backup?
>>>>>
>>>>> Kind regards,
>>>>>
>>>>> mots
>>>> possibly, have you done anything to the Administrator account ?
>>>>
>>>> Also can you post the (sanitized) result of:
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator
>>>>
>>>> You may have to alter '/var/lib/samba/private/sam.ldb' with the path
>>>> to your sam.ldb
>>>>
>>>> Rowland
>>>>
>> That was the only obvious problem, ok lets check if the Administrator
>> has the correct SID:
>>
>> ldbsearch -H /var/lib/samba/private/sam.ldb DC=cluster | grep objectSid
>>
>> does the result match what you posted earlier ?
>>
>> objectSid: S-1-5-21-4290789724-2746532821-3856153555-500
>>
>> Note: ignore the -500, this is the Administrator's RID and is always
>> '500'
>>
>> Rowland
>>



More information about the samba mailing list