[Samba] force user and NT_STATUS_INVALID_SID

Tue Jan 27 02:46:58 MST 2015

Welcome everyone,

I have to bother you and pick up your brains as I struggle to configure
samba the way I want. It's the first time I deal with Samba4 as I'm trying
to migrate boxes running on Centos 5 with Samba3 to Centos 7 with Samba4.
The configuration I use works great on Samba 3 however when I use the same
config on Samba4 I manage to authenticate as the user but once I want to
browse to the share I'm getting rejection.

Windows box says "The security ID structure is invalid". Smbclient says
"Connection to \\localhost\share1 failed - NT_STATUS_INVALID_SID".

I store my user credentials in smbpasswd file. This is my smb.conf.

[global]
        server string = My server
        smb passwd file = /etc/samba/smbpasswd
        passdb backend = smbpasswd
        username map = /etc/samba/smbusers
        log file = /var/log/samba/%m.log
        max log size = 0
        name resolve order = hosts
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        local master = No
        dns proxy = No
        idmap config * : backend = tdb
        hosts allow = [$IPS]
        case sensitive = No

[share1]
        path = /home/share1
        valid users = administrator
        force user = root
        read only = No
        create mask = 0704
        force create mode = 0704
        force directory mode = 0701
        inherit acls = Yes
        inherit owner = Yes
        follow symlinks = No

# grep administrator /etc/passwd
administrator:x:201:201::/home/administrator:/bin/bash

# grep admin /etc/samba/smbpasswd
administrator:201:PASS:[U          ]:LCT-XXXXXXXXF:

As you see samba should run as a standalone server. There is no AD, very
simple config. I really got stuck and cannot find any help over the
internet.

I appreciate your response in advance.

Regards,
TH