[Samba] The security id structure is invalid

[Rowland Penny]

On Fri, 7 Oct 2016 08:51:42 -0400
Ron García-Vidal via samba <samba at lists.samba.org> wrote:

> On 10/6/16 1:54 PM, Ron García-Vidal via samba wrote:
> > On 10/6/16 12:50 PM, lingpanda101--- via samba wrote:
> >> On 10/6/2016 12:35 PM, Ron García-Vidal via samba wrote:
> >>> On 10/5/16 11:37 AM, Ron García-Vidal via samba wrote:
> >>>> On 10/5/16 11:17 AM, Rowland Penny via samba wrote:
> >>>>> On Wed, 5 Oct 2016 10:37:51 -0400
> >>>>> Ron García-Vidal via samba <samba at lists.samba.org> wrote:
> >>>>> In trying to sort through this myself, I seems to be missing 
> >>>>> something. Can anyone shed light on why samba-tool dbcheck
> >>>>> gives me this message?
> >>>
> >>> ERROR: incorrect GUID component for member in object CN=Domain 
> >>> Admins,CN=Users,DC=dc1,DC=mydomain,DC=net - 
> >>> <GUID=7ae0e1a8b8ca2242a02497d59084268b>;<RMD_ADDTIME=130335192420000000>;<RMD_CHANGETIME=130335196040000000>;<RMD_FLAGS=1>;<RMD_INVOCID=c60633bfc7bbc740b63f9b2c6f6ffe2a>;<RMD_LOCAL_USN=6216>;<RMD_ORIGINATING_USN=6216>;<RMD_VERSION=1>;<SID=0105000000000005150000008e2fac4e0f2df2afc89f5f9d5c040000>;CN=LDAP 
> >>> User,CN=Users,DC=dc1,DC=mydomain,DC=net
> >>>
> >>> The GUID that it's giving doesn't show up anywhere when I ldbedit
> >>> my sam.db. I'm trying to figure out how I can manually correct
> >>> the GUID component that it's screaming about, but I can't find
> >>> anything in the sam.db that mentions GUID other than objectGUID.
> >>> Any hints?
> 
> Resorting to a simple grep, I have found the entry that's causing the 
> issue in the file 
> /usr/local/samba/private/sam.ldb.d/DC=DC1,DC=MYDOMAIN,DC=NET.ldb
> 
> How does this file relate to the sam.db file? Is it safe to edit this 
> file directly to remove the offending GUID?
> 
> -Ron
> 

sam.ldb is the pathway into the files in sam.ldb.d and you shouldn't
directly modify the .ldb files in sam.ldb.d

Rowland