[Samba] NT_STATUS_INVALID_SID in a SDC
Kasandra Padisha
kasandrapadisha at hotmail.com
Tue May 10 17:22:25 UTC 2016
Hi All
I have a running SAMBA PDC on Debian Jessie on a PowerPC. I have
backported Samba 4.3.18 and is working well.
I have installed a SDC (if I may use that name) on a different network,
the same version of Samba but on a Debian Jessie on AMD64. I followed
every instruction in
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory.
So every test worked fine.
But now when i try to login, to view a share or to join the domain I get
NT_STATUS_INVALID_SID or " The security id structure is invalid".
Not only with the administrator but with any user.
root at parmenides2:~# smbclient -L localhost -UAdministrator
Enter Administrator's password:
session setup failed: NT_STATUS_INVALID_SID
I am really out of arguments
What I have already done:
1. The mirror is OK
#> samba-tool drs showrepl
Is OK
#> samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator
--filter=whenChanged
I have ran this from both PDCs and get SUCCESS
2. I have read all similar messages
I have found some similar cases but none with a solution. And I have
read ALL literally
3. My smb.conf
I have installed my main controller following
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
and it was generated automatically. I added "idmap_ldb:use" and "log level"
# Global parameters
[global]
workgroup = EXAMPLE-W10
realm = EXAMPLE.COM
netbios name = DC1
server role = active directory domain controller
dns forwarder = 192.168.10.7
idmap_ldb:use rfc2307 = yes
log level = 1
[netlogon]
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
On DC2 changes the netbios name and dns forwarder .. but everything else
is the same.
4. ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator
dn: CN=Administrator,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20160505021322.0Z
uSNCreated: 3223
name: Administrator
objectGUID: 8426ff4b-4bc4-43da-8de2-bc5808544933
codePage: 0
countryCode: 0
pwdLastSet: 131068880020000000
primaryGroupID: 513
objectSid: S-1-5-21-508106755-2976483754-4106360514-500
adminCount: 1
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
isCriticalSystemObject: TRUE
lastLogonTimestamp: 131068882546671530
memberOf: CN=Domain Admins,CN=Users,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=example,DC=com
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=example,DC=com
accountExpires: 0
whenChanged: 20160510132605.0Z
uSNChanged: 3721
userAccountControl: 66048
lastLogon: 131073689683266740
distinguishedName: CN=Administrator,CN=Users,DC=example,DC=com
5. ldbsearch -H /var/lib/samba/private/sam.ldb DC=example | grep objectSid
objectSid: S-1-5-21-508106755-2976483754-4106360514
I appreciate any help
Cheers
Kasandra
More information about the samba
mailing list