[Samba] NT_STATUS_INVALID_SID in a SDC

Rowland penny rpenny at samba.org
Tue May 10 19:52:07 UTC 2016 

On 10/05/16 20:36, Kasandra Padisha wrote:
>
> Hi
>
> Thanks for you answer
>
> 1. Sorry It was a mistype:  The version is 
> samba_4.3.8+dfsg-1~bpo80+1.  I backported from stretch to jessie as I 
> want to keep my Debian environment clean.
> I do not fancy to compile it from source. I am a bit old fashion :-) 
> :-) :-)

OK, how about trying to backport 4.4.3 from SID ??, there are problems 
with 4.3.8
As for compiling Samba yourself, well it is easy and you get to be in 
control of when to update and can also run the latest stable version.

>
> 2. I use PDC and SDC as a legacy from previous versions. I Undestand 
> why it is outdated but actually, even in Samba4, It is kind of true: 
> DC2 knows who is DC1 all the time and there is a big trouble when DC1 
> is broken: DC2 get kind of orphaned.

You only get this problem with the internal DNS server.

>
> #> samba-tool fsmo show
>
> SchemaMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
>
> Nice topic ..but I does not help me.
>
>

That is just the FSMO role owners and you can transfer them.


> 2. Is there any other sugestions apart from Update ? I have already a 
> working installation on DC1 so I do not think upgrade may be a solution.

Go here and read the release notes for 4.3.9 : 
https://www.samba.org/samba/history/samba-4.3.9.html

>
>
> I appreciate a lead to follow in order to solve this little problem
>
> Cheers
>
>

More information about the samba mailing list