[Samba] The security id structure is invalid
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Thu Oct 6 16:50:18 UTC 2016
On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
>>> On Wed, 5 Oct 2016 10:37:51 -0400
>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
>>>
>>>> Here is some more information that could be helpful. This is the
>>>> entry for LDAP User in ldbedit:
>>>>
>>>> # record 253
>>>> dn: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>> objectClass: top
>>>> objectClass: person
>>>> objectClass: organizationalPerson
>>>> objectClass: user
>>>> cn: LDAP User
>>>> sn: User
>>>> givenName: LDAP
>>>> instanceType: 4
>>>> whenCreated: 20140106220805.0Z
>>>> displayName: LDAP User
>>>> uSNCreated: 6218
>>>> name: LDAP User
>>>> objectGUID: 6ac4027a-0250-4019-a2a8-12cc03497f7f
>>>> badPwdCount: 0
>>>> codePage: 0
>>>> countryCode: 0
>>>> badPasswordTime: 0
>>>> lastLogoff: 0
>>>> lastLogon: 0
>>>> objectSid: S-1-5-21-1319907214-2951884047-2640289736-1117
>>>> accountExpires: 9223372036854775807
>>>> logonCount: 0
>>>> sAMAccountName: LDAPUser
>>>> sAMAccountType: 805306368
>>>> userPrincipalName: LDAPUser at dc1.mydomain.net
>>>> objectCategory:
>>>> CN=Person,CN=Schema,CN=Configuration,DC=dc1,DC=mydomain,DC=net
>>>> pwdLastSet: 130335199430000000
>>>> lockoutTime: 0
>>>> userAccountControl: 66048
>>>> msDS-SupportedEncryptionTypes: 0
>>>> primaryGroupID: 514
>>>> whenChanged: 20140107003451.0Z
>>>> uSNChanged: 6241
>>>> distinguishedName: CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net
>>>>
>>> I don't know if this is part of your problem, but why is the
>>> primaryGroupID of LDAPUser 'Domain Guests' ??
>>> Try changing it to 513 (Domain Users)
>>>
>> I get the following error from both ldbedit and from ldapadmin:
>>
>> failed to modify CN=LDAP User,CN=Users,DC=dc1,DC=mydomain,DC=net -
>> error in module samldb: Unwilling to perform during LDB_MODIFY
>>
> In trying to sort through this myself, I seems to be missing
> something. Can anyone shed light on why samba-tool dbcheck gives me
> this message?
>
> ERROR: incorrect GUID component for member in object CN=Domain
> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net -
> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP
> User,CN=Users,DC=dc1,DC=mydomain,DC=net
>
> The GUID that it's giving doesn't show up anywhere when I ldbedit my
> sam.db. I'm trying to figure out how I can manually correct the GUID
> component that it's screaming about, but I can't find anything in the
> sam.db that mentions GUID other than objectGUID. Any hints?
>
> -Ron
>
Ron I haven't read through this whole thread but is user 'LDAP User' a
deleted object? if so it's harmless. A fix at some point will come to
remove these from 'dbcheck'. I had similar issues. See my thread
http://samba.2283325.n4.nabble.com/replPropertyMetaData-amp-KCC-issues-after-updating-to-Samba-4-5-0-td4707962.html#a4708208
--
-James
More information about the samba
mailing list