[Samba] NT_STATUS_INVALID_SID
Vinicius Bones Silva
vbs at e-trust.com.br
Tue Nov 1 12:52:27 UTC 2016
I'm not sure I understood the question. Uncommenting the lines or commenting them yelds
the same results, as long as "idmap_ldb:use rfc2307 = yes" is kept in place. Commenting
it as well changes the ids to the 3 million range. Cleaning the caches did not affect the
results.
Em 29/10/2016 07:31, Andrew Bartlett via samba escreveu:
> On Thu, 2016-10-27 at 17:23 -0200, Vinicius Bones Silva via samba
> wrote:
>> Hi Rowland,
>>
>> Just to let you know, we removed all the idmap entries we had on
>> the smb.conf of our
>> two DCs and the ids reported by getent passwd at the DCs were in the
>> 3.000.000 range, as
>> you said. We had to add back 'idmap_ldb:use rfc2307 = yes' to get the
>> user listing with
>> the original numbers on the DCs.
>>
>> Here's what we commented out on the configurationfiles.
>>
>> # Default idmap config used for BUILTIN and local
>> accounts/groups
>> #idmap config *:backend = ad
>> #idmap config *:range = 2000-9999
>>
>> # idmap config for domain E-TRUST
>> #idmap config E-TRUST:backend = ad
>> #idmap config E-TRUST:schema_mode = rfc2307
>> #idmap config E-TRUST:range = 10000-40000
>> #idmap cache time = 1
>> #idmap negative cache time = 1
>> #winbind cache time = 1
>> idmap_ldb:use rfc2307 = yes
>>
>> Regards,
>> Vinicius.
> Can you confirm that it still fails with that configuration?
>
> You may need to flush the caches. 'net cache flush'.
>
> I certainly can see how having those set would have broken things,
> because we now enforce the range if set whereas 4.4 just ignored them.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
--
Vinicius Silva
SOC
BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
vbs at e-trust.com.br
skype: vinicius.bones.silva
Smiley face
www.e-trust.com.br <http://www.e-trust.com.br/>
Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para suporte at e-trust.com.br. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.
This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
suporte at e-trust.com.br immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.
More information about the samba
mailing list