[Samba] The security id structure is invalid

Ron García-Vidal ron at riomargroup.com
Thu Oct 6 16:35:54 UTC 2016 

On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>> On Wed, 5 Oct 2016 10:37:51 -0400
>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>
>>> Here is some more information that could be helpful. This is the
>>> entry for LDAP User in ldbedit:
>>>
>>> # record 253
>>> dn: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>> objectClass: top
>>> objectClass: person
>>> objectClass: organizationalPerson
>>> objectClass: user
>>> cn: LDAP User
>>> sn: User
>>> givenName: LDAP
>>> instanceType: 4
>>> whenCreated: 20140106220805.0Z
>>> displayName: LDAP User
>>> uSNCreated: 6218
>>> name: LDAP User
>>> objectGUID: 6ac4027a-0250-4019-a2a8-12cc03497f7f
>>> badPwdCount: 0
>>> codePage: 0
>>> countryCode: 0
>>> badPasswordTime: 0
>>> lastLogoff: 0
>>> lastLogon: 0
>>> objectSid: S-1-5-21-1319907214-2951884047-2640289736-1117
>>> accountExpires: 9223372036854775807
>>> logonCount: 0
>>> sAMAccountName: LDAPUser
>>> sAMAccountType: 805306368
>>> userPrincipalName: LDAPUser at dc1.mydomain.net
>>> objectCategory:
>>> CN=Person,CN=Schema,CN=Configuration,DC=dc1,DC=mydomain,DC=net
>>> pwdLastSet: 130335199430000000
>>> lockoutTime: 0
>>> userAccountControl: 66048
>>> msDS-SupportedEncryptionTypes: 0
>>> primaryGroupID: 514
>>> whenChanged: 20140107003451.0Z
>>> uSNChanged: 6241
>>> distinguishedName: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>
>> I don't know if this is part of your problem, but why is the
>> primaryGroupID of LDAPUser 'Domain Guests' ??
>> Try changing it to 513 (Domain Users)
>>
> I get the following error from both ldbedit and from ldapadmin:
>
> failed to modify CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net - 
> error in module samldb: Unwilling to perform during LDB_MODIFY
>
In trying to sort through this myself, I seems to be missing something. 
Can anyone shed light on why samba-tool dbcheck gives me this message?

ERROR: incorrect GUID component for member in object CN=Domain 
Admins,CN=Users,DC=dc1,DC=mydomain,DC=net - 
<GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP 
User,CN=Users,DC=dc1,DC=mydomain,DC=net

The GUID that it's giving doesn't show up anywhere when I ldbedit my 
sam.db. I'm trying to figure out how I can manually correct the GUID 
component that it's screaming about, but I can't find anything in the 
sam.db that mentions GUID other than objectGUID. Any hints?

-Ron

More information about the samba mailing list