Kasandra Padisha kasandrapadisha at hotmail.com
Tue May 10 17:22:25 UTC 2016

Hi All

I have a running SAMBA PDC on Debian Jessie on a PowerPC. I have 
backported Samba 4.3.18 and is working well.

I have installed a SDC (if I may use that name) on a different network, 
the same version of Samba but on a Debian Jessie on AMD64. I followed 
every instruction in 
So every test worked fine.

But now when i try to login, to view a share or to join the domain I get 
NT_STATUS_INVALID_SID or " The security id structure is invalid".
Not only with the administrator but with any user.

    root at parmenides2:~# smbclient -L localhost -UAdministrator
    Enter Administrator's password:
    session setup failed: NT_STATUS_INVALID_SID

I am really out of arguments

What I have already done:

1. The mirror is OK

#> samba-tool drs showrepl


#> samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator 

I have ran this from both PDCs and get SUCCESS

2. I have read all similar messages

I have found some similar cases but none with a solution. And I have 
read ALL literally

3. My smb.conf

I have installed my main controller following 
and it was generated automatically. I added "idmap_ldb:use" and "log level"

# Global parameters
         workgroup = EXAMPLE-W10
         realm = EXAMPLE.COM
         netbios name = DC1
         server role = active directory domain controller
         dns forwarder =
         idmap_ldb:use rfc2307 = yes
         log level = 1

         path = /var/lib/samba/sysvol/example.com/scripts
         read only = No

         path = /var/lib/samba/sysvol
         read only = No

On DC2 changes the netbios name and dns forwarder .. but everything else 
is the same.

4.  ldbsearch -H /var/lib/samba/private/sam.ldb cn=Administrator

dn: CN=Administrator,CN=Users,DC=example,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Administrator
description: Built-in account for administering the computer/domain
instanceType: 4
whenCreated: 20160505021322.0Z
uSNCreated: 3223
name: Administrator
objectGUID: 8426ff4b-4bc4-43da-8de2-bc5808544933
codePage: 0
countryCode: 0
pwdLastSet: 131068880020000000
primaryGroupID: 513
objectSid: S-1-5-21-508106755-2976483754-4106360514-500
adminCount: 1
sAMAccountName: Administrator
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=example,DC=com
isCriticalSystemObject: TRUE
lastLogonTimestamp: 131068882546671530
memberOf: CN=Domain Admins,CN=Users,DC=example,DC=com
memberOf: CN=Administrators,CN=Builtin,DC=example,DC=com
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=example,DC=com
memberOf: CN=Enterprise Admins,CN=Users,DC=example,DC=com
memberOf: CN=Schema Admins,CN=Users,DC=example,DC=com
accountExpires: 0
whenChanged: 20160510132605.0Z
uSNChanged: 3721
userAccountControl: 66048
lastLogon: 131073689683266740
distinguishedName: CN=Administrator,CN=Users,DC=example,DC=com

5. ldbsearch -H /var/lib/samba/private/sam.ldb DC=example | grep objectSid

objectSid: S-1-5-21-508106755-2976483754-4106360514

I appreciate any help



More information about the samba mailing list